I had the same exact problem when I built the URL shortener Cligs, and back then there was no way to implement a JS-based solution: the HTTP 301 redirect gave instructions to the browser before it would even get to executing any JS.
So I built a very simple bot detector based on IP adresses and user agents. With your volume of traffic you can do this too. Be sure to keep updating it (automatically!) and apply the detection retroactively.
The bot detector cut well over 90% of the hits reported in the real time analytics. Users complained that suddenly they were not as popular on twitter as they thought they were but accepted that the new numbers are more accurate. That's the key benefit you need to explain to your users: accuracy. They care about it a lot more than the vocal minority suggests.
So I built a very simple bot detector based on IP adresses and user agents. With your volume of traffic you can do this too. Be sure to keep updating it (automatically!) and apply the detection retroactively.
The bot detector cut well over 90% of the hits reported in the real time analytics. Users complained that suddenly they were not as popular on twitter as they thought they were but accepted that the new numbers are more accurate. That's the key benefit you need to explain to your users: accuracy. They care about it a lot more than the vocal minority suggests.