How to Stop China & Singapore Direct Traffic in GA4 (SPAM)

Ever wondered how your life would be if you became a superstar in China? Yeah, me neither, but the 2025 China & Singapore direct traffic bot hits in GA4 analytics sure make my life a bit more difficult than it should be. Let’s see why that happens and how to deal with it.

Later update: Well, as expected, the below “fixes” aren’t enough no more. I guess they have new ASNs now, and so far I can’t see the exact ASN numbers exactly since GA4 doesn’t disclose that. It does seem though, to only hit GA4 directly as mentioned below, because of this, I can’t accurately see their exact pattern in the server log. Infuriating to say the least. Resolution of 1280×1200 is their most popular one (as well as 3840×2160) which their bot is using, and apparently Windows 7, which, for user-agent, should be Windows NT 6.1 if this helps you filter it down even further either in GA4 or serverwide. I’ll add new info to this post if I figure something else.

1. “Why am I suddenly popular in Lanzhou?”

Since September 2025 thousands of GA4 users have seen traffic explode from China and Singapore. At first it looks like you finally cracked the global market; dig deeper and you find:

Pretty similar to the Leadsgo.io spam traffic, your GA4 analytics is probably being pinged directly from data-center IPs. Nobody is actually loading your pages; the bots just stuff fake hits into Analytics. Google knows about this and admits that it’s a “known issue” but hasn’t rolled out a global fix yet. They’re probably busy cooking up a deadly SEO update yet again, so they can’t be bothered with this.

2. Why you must clean this up

Look, you don’t really have to do anything, but… it would be better if you do. Messy analytics and reports aren’t 100% harmless, they can influence a couple of things about your website / business:

1. Skewed KPIs – Your bounce rate spikes, average session duration tanks, and conversion rate plummets.
2. Bad decisions – You might rewrite content, change themes, or pause ad spend for the wrong reasons.
3. Algorithm confusion – Ad platforms that import GA4 goals (Google Ads, Meta, TikTok) start optimizing for junk traffic.

Clean data = confident decisions = more money (or at least fewer headaches).

Ok, ok, but how do you actually get rid of this junk traffic and how to stop them hammering your server/GA4? There are a couple of stuff that I already tried and implemented and so far so good (they will always adapt though):

3. Block the junk at the edge (Cloudflare or server firewall)

3.1 Cloudflare Free Plan: Custom Rules

1. Log into your Cloudflare dashboard.
2. Navigate to Security > Security Rules > Custom Rules.
3. Create a new custom firewall rule for bot blocking.
4. Construct a rule expression using OR conditions to block ASN numbers and countries together.
5. Example rule logic:
   (ASN eq 113220) OR (ASN eq 113203) OR (ASN eq 45899) OR (Country eq "CN") OR (Country eq "SG")
6. These ASNs (113220, 113203, 45899) have been tested by users (and myself) to be sources of this bot traffic and are associated with Chinese cloud providers. Including country blocks for China (CN) and Singapore (SG) helps reinforce the block if you are sure you do not expect legitimate traffic from those countries.
7. Set the Action to Block.
8. Save and activate the rule.

Optional but recommended Cloudflare settings:

• Turn on Bot Fight Mode (Security → Bots).
• Add a Rate-Limiting rule (e.g., block IPs hitting the home page >30× per minute).

3.2 Not on Cloudflare? Use your server firewall

If you have root access, iptables + ipset is fast and free:

# Create an ipset called tencent
ipset create tencent hash:net

# Add the worst /16 ranges (sample)
ipset add tencent 49.51.0.0/16
ipset add tencent 8.134.0.0/16
ipset add tencent 120.53.0.0/16

# Drop traffic before it reaches Nginx / Apache
iptables -I INPUT -m set --match-set tencent src -j DROP

• Keep the list fresh: a weekly cron job can pull the latest ranges from Spamhaus DROP or FireHOL and repopulate the set.
• On shared hosting? Ask support to block those CIDRs at the network level.

3.3 CMS-level options (no server access)

• Install Wordfence Plugin (WordPress): Firewall → Blocking → Country blocking (CN & SG) + Live Traffic to block repeated offenders.
• Paid WAFs: Sucuri, Imperva, StackPath all let you combine geo, ASN and bot-score filters.

4. Filters & segments: scrubbing GA4 reports

Even with edge blocking, some “ghost” hits might still be sent straight to GA4. Here’s how to keep your dashboards usable:

4.1 Admin-level data filters

1. Admin → Data settings → Data filters.
2. Built-in Internal traffic filter → mark your office IPs so you can ignore yourself.
3. Custom include filter: hostname matches yourdomain.com|www.yourdomain.com.
   – Blocks hits sent with fake hostnames like blog.random.cn.

4.2 Quick exploration segment

1. Reports → Explore → Blank.
2. Create a session segment:
   • country is not China, Singapore
   • engaged session is true
   • bounce rate < 100 %
3. Apply segment to historical reports until Google pushes an official solution.

4.3 BigQuery clean-up (optional)

Export GA4 to BigQuery, then use SQL:

SELECT *
FROM  `project.dataset.events_*`
WHERE geo.country NOT IN ('China','Singapore')
  AND event_bundle_sequence_id IS NOT NULL;

5. Ongoing maintenance checklist

6. Key takeaways

1. Edge first, analytics second. Blocking requests before they hit your server saves bandwidth and keeps GA4 clean.
2. Dirty data costs real money. Ad algorithms and business decisions ride on those numbers—don’t let bots drive.
3. It’s a moving target. The ASN and IP ranges will change. Treat this as a standing maintenance task, not a one-and-done.

Need more hands-on help?

Subscribe to the NetHustler newsletter for actionable growth hacks. Oh, speaking of growth… check out 300+ Internet Marketing Growth Secrets.

Share: