Mobile app version of vmapp.org
Login or Join
Pierce454

: How to fight off Google Analytics referrer spammers? Last months I have lots of referrer spammers in my GA statistics. Their count is ~10x higher than count of legit visitors (my site is not

@Pierce454

Posted in: #GoogleAnalytics #GoogleAnalyticsSpam #Referrer #Spam

Last months I have lots of referrer spammers in my GA statistics. Their count is ~10x higher than count of legit visitors (my site is not very popular yet). I've turned on an option to hide known spammers in GA settings, but it didn't help at all. It seems these spammers are using scripts to spam directly to GA (i.e. they are not logged in my IIS).

Is there anything I can do to stop these spammers?

UPD 10 months later, and they started spamming using fake target page names... and Google is still doing nothing about it.

10.07% popularity Vote Up Vote Down


Login to follow query

More posts by @Pierce454

7 Comments

Sorted by latest first Latest Oldest Best

 

@Merenda212

Early last year, I was tasked with finding the best possible solution to Google Analytics spam. Like everyone else, I tried the recommended approaches but nothing seemed to work all that well. So, next I turned to Google Tag Manager but that didn't seem to help much, either. Frustrated and vexed, I decided to rebuild the Google Analytics tracking script, incorporating countermeasures against the most common and annoying forms of spam.

While not perfect, after ~1.5 years of steadily building, testing, debugging and refactoring, I now have a fairly reliable Google Analytics tracking script that works well out of the box and is easily customizable. For those who want fulfilling metrics, this works like a charm.
github.com/nickolasburr/intelligent-ga-tracking

10% popularity Vote Up Vote Down


 

@Shakeerah822

To answer your title question directly "How to fight off referrer spammers" the simplest answer is to drop Google Analytics and switch to Piwik, which automatically blocks all referrer spam by default.

I realise you are probably used to Google Analytics and wish to keep using it, but if you look at the bigger picture you do have another option which works very well. Piwik can also be configured to log visitor IP addresses if you like, and it does not leak visitor data to third-party advertising companies which may appeal to some users.

10% popularity Vote Up Vote Down


 

@Ravi8258870

In case you are still searching for a solution, and can't understand the references made, here's the Definitive Guide to Removing Referral Spam, now on it's 133rd revision since Dec 28th, 2014: www.analyticsedge.com/2014/12/removing-referral-spam-google-analytics/
TL;DR:


a valid hostname filter will remove all of the ghost referrals (Include hostname mydomain.com)
a specific exclude filter (or website blocking) will remove the much shorter list of spam crawlers (semalt.com|kambasoft.com|7makemoneyonline.com|best-seo-offer.com|best-seo-solution.com|buttons-for-website.com|buttons-for-your-website.com|-musicas*-gratis|anticrawler.org|savetubevideo.com|ranksonic)
an Advanced Segment can be used to remove them from your historical reports.


The Advanced Segment can be imported from the Google Analytics Solutions Gallery: www.google.com/analytics/gallery/#posts/search/%3F_.sort%3DDATE%26_.start%3D0%26_.type%3DADVANCED_SEGMENT%26_.viewId%3DGjpPQhFgS9aVzniXH4MTIg/

10% popularity Vote Up Vote Down


 

@Bryan171

The Spam is getting out of control. The list it's growing and it's time-consuming and not even efficient to add a filter for each of the spammers since most of them shows up for a few days and then disappear and a new one comes.

There is a lot of misinformation, the most common mistake is recommending to use the .htaccess, this file blocks the access to the Website, although there are a few crawlers(5 or 6) than can be block, the vast majority of the spam never access your site is Ghost Spam.

The best way to stop this type of spam (Ghosts) is by creating a valid hostname filter, the ghost spam use either a fake or not set hostname, so with this filter you don't have to add endless filters, one filter will take care of the old and new spam.. Been using this solution successfully for 3 months

More information about this method here:
stackoverflow.com/a/28354319/3197362

10% popularity Vote Up Vote Down


 

@YK1175434

Here's a rule that works on IIS:

<rewrite>
<rules>
<rule name="abort referer spam requests" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_REFERER}" pattern="(semalt.com)|(buttons-for-website.com)" />
</conditions>
<action type="AbortRequest" />
</rule>
<!--The rest of your rules, if you have any-->
</rules>
</rewrite>

10% popularity Vote Up Vote Down


 

@Jamie184

Okay. Without knowing the sites in question, I will try and explain a bit of what is going on and I will provide just a few links.

From: www.cradlecloud.com/ban-block-blackhatworth-com-spam-referrals/
I get the following domain names associated with the new method of referrer spam that people are seeing of late.


BlackHatWorth.com
Iskalko.ru
Lomb.co
Lombia.co
Econom.co
Darodar.com
ILoveVitaly.Com
Priceg.com
Hulfingtonpost.com (New- added Jan 16 2015)
Bestwebsitesawards.com (New- added Feb 3 2015)
Ranksonic.info (New- added Feb 3 2015)
Cenoval.ru (New- added Feb 6 2015)
o-o-6-o-o.com (New- added Feb 25 2015)
Humanorightswatch.org (New- added Mar 4 2015)
S.click.aliexpress.com (New- added Mar 17 2015 - Suspected)
www1.social-buttons.com (New- added Mar 23 2015 - Suspected)
4webmasters.org (New- added Mar 26 2015 - Suspected)
Googlsucks.com (New- added Apr 07 2015)
Addons.mozilla.org (New- added Apr 07 2015 - Suspected)
Smallseotools.com (New- added Apr 13 2015 - Suspected)
Theguardlan.com (New- added Apr 14 2015)
Buy-cheap-online.info (New- added Apr 16 2015 - Suspected)
Site1.free-share-buttons.com (New- added Apr 29 2015 - Suspected)
Sanjosestartups.com (New- added May 25 2015)
Trafficmonetize.org (New- added June 03 2015 - Suspected)
Howtostopreferralspam.eu (New- added June 09 2015 - Suspected)
Www10.free-social-buttons.com (New- added June 16 2015 - Suspected)
Getitfree.us (New - added June 18 2015 Ownership cannot be determined. Thank You - Trey Copeland)
Www6.free-social-buttons.com (New- added June 18 2015 - Suspected)
Erot.co (New- added June 26 2015 - Suspected)
3g2upl4pq6kufc4m.onion (New- added July 04 2015 - Suspected)
Traffic2money.com (New- added July 28 2015 - Suspected)


Note: Suspected items- do appear to follow the same pattern of ownership, and may not be tied to the same offender.

A rather exhaustive list of spam referrers maintained by Piwik can be found here: github.com/piwik/referrer-spam-blacklist/blob/master/spammers.txt (Thank You - user2428118)

To Quote:


BlackHatWorth.com is a relatively new domain created only on January
7th, 2015 which is now being used for referrer spam. As a matter of
fact, this referral spam website is being hidden behind the name of
shopping search engine and beautiful scenery images.

...the IP address of BlackHatWorth.com which is 78.110.60.230 is the
same one associated with other referral spam websites...

In fact, the domain BlackHatWorth.com is owned by the same Russian who
owns the other referral spam domains such as ILoveVitaly.com,
Econom.co, and Darodar.com. The domain owner’s name is supposedly
Vitaly A Popov of Samara (city), Samaraskaya Oblast (state), Russia.


You cannot block this!

From: www.blackmoreops.com/2014/12/19/darodar-com-referrer-spam/
To Quote:


Here’s a quick primer on how Google Analytics works.

So, you get setup on GA and get a code from them. The code looks like
UA-number-1 or some such thing. That number is your “account number”
on GA. Now, this code and a bit of javascript go onto your webpage.
Now, somebody visits your page, and their browser runs that javascript
code.

That javascript code is what “records” their visit. It makes their
browser talk to Google Analytics. Specifically, it makes certain types
of HTTP requests that Google records information about, and then GA
displays summaries of that information to you.

Pretty basic, right? Still with me? Okay, now, if all it is is this
Javascript sending the “visit” to them, then anybody can fake that.
Anybody at all. All I have to do to make your GA show false
information is to send my fake information directly to GA.

I don’t need to visit your site at all. I don’t need to run javascript
at all. I just need to reproduce those HTTP requests, which are public
and so anybody can see them and how they work. They’re even fairly
well documented, publicly, by Google themselves.

So, now, let’s say I’m a spammer jerk. I want to get people to see my
spammy site. So, what do I do? I write a small bit of code to send
thousands upon thousands of these fake requests to GA, and I simply
cycle through all the UA numbers, in order, at random, whatever. I
send a fake visit, with a fake referrer, and my spammy domain name.
And guess what? It shows up in your Google Analytics screens.

You see this spam like any other normal visit. Because as far as GA is
concerned, it was a normal visit. All they’re recording are those HTTP
requests, which normally come from the GA javascript code. But a
request is a request, and making a fake one is very, very easy.

That is what is going on. All I need is your UA number and with only a
minor bit of effort I can fake a visit to your site without ever
actually connecting to your site at all. That fake visit can have any
domain name and any referrer in it that I choose.

This is an attack on Google Analytics, to promote whatever site is
showing up. You cannot block it on your server, because your server is
not involved at all.


You can do two things: one, set-up a filter as John Conde suggests; and two, see if there is a way to inform Google. For that I do not have an answer, but I have an idea.

[Update]

This is beginning to reach outrageous proportions from hundreds of spam hits a day to full out advertising such as this one:

10% popularity Vote Up Vote Down


 

@Kristi941

You can exclude them by creating a filter. You need to find something specific enough so you don't accidentally block good visitors and it is tedious as you have to manually add each spammer but this will do the trick.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme