What's the recommended way of blocking bot spam (from a single source)?
Our website is getting hammered with bot spam. It all originates from Boardman, Oregon with the hostname "amazon" -- so it's clearly from Amazon's data center at that location. Thankfully, the bots aren't signing up or checking out, but their direct visits now comprise 50+% (!!!) of our daily traffic. This volume has destroyed the usefulness of our Shopify dashboard/metrics... thankfully, we can filter it out in Google Analytics.
What we're looking for is a way to block this bot spam. What is Shopify's official, recommended means of blocking bot spam, since we don't have access to server files (such as .htaccess) to do so ourselves? Are apps like TrafficGuard or Visitor Blocker the recommended method? We're hoping for a comprehensive answer that can help the community as well as ourselves.
I've seen a few threads asking similar questions, and haven't been impressed by the responses. Please note that we're not looking for advice on how to filter out this traffic in GA, nor are we gathering others' opinions on the harmfulness of bot spam on SEO or SERP rankings. "Just don't worry about it" is not a fix. We're looking for a real solution; if a teenager can fix it in five minutes with .htaccess, then a $16B-market-cap company and its intelligent community can also find a solution.