Article Updated: 2018 Sep 07
IF you are a dedicated web developer and you care about your website statistics and analytics data, you are already using Google Analytics, Piwik Analytics, Open Web Analytics or other website visitors data collection and analysis platforms.
WHAT IS THIS REFERRAL SPAM PHENOMENA? WHAT IS THEIR AGENDA?
Simply put, they are advertising directly to YOU, my fellow webmaster! They are desperately trying to gain traffic to their junk websites via referral URLs and this is the most effective and relatively cheap way to do it. And here is why – take this screenshot from Google Analytics, for example:
As you can see, they are ranked at the top position of the referrer URL table inside Google Analytics dashboard and that was their ultimate goal – to make you wonder who they are and visit their website! Increasing their visibility, buzz-word and alike are added bonuses to their dirty campaign.
Also, from the above data, we can notice another distinct characteristics of referral spam bots behavior:
1) 100.00 % Bounce Rate – they usually visit your index page and immediately leave. This is highly unlikely scenario from human-like browsing (real visitors) where they either come to an index page and than go somewhere else, or use search engine to find particular page directly.
2) Excessive use of sub-domains (site01.example.com, site02.example.com, site03.example.com etc.). This is done in order to mask their obvious spamming activity and abuse service, and to increase their visibility rate. Additionally, this may require a bit more intelligent spam filtering, and it is another reason why they do it. Sub-domains do not cost anything, after all.
Same example from the Piwik Analytics platform – again, notice their high position in the Referrer Websites widget table:
ANALYZING TRAFFIC SOURCES FROM REFERRER SPAM URLs
Creating a simple view filter in PIWIK Visitors > Visitors Log > Add new segment section, we can display only those spam referrals and analyse the IP range and countries they are coming from:
As we can clearly see, at least in case of our website, the country from where this referral spam mostly originate is Brazil, however, there is no strict rule that you can simply apply to it – the IP range and countries are dynamic and changing on a daily basis:
Another possibility is that usual malware (viruses, trojans, spyware etc.) can be easily modified to simulate referral traffic from machines all across the globe, infecting as many victims as possible and doing all the spam work without any knowledge of the owners.
It seems that someone has invested a great deal of effort into this business to affect as much websites as possible. Is there a simple cure to this and how can you get rid of it ever showing up in your analytics platform dashboards?
HOW TO BLOCK REFERRER URL SPAM WITH APACHE .HTACCESS RULES
If you are on Apache server here are the .htaccess rules that we use to stop spam from ever showing up in our logs (put this code at the very top of your .htaccess file). You should be aware that they are changing their referring links from time to time, so the rules will need to be updated periodically.
# Referrer SPAM <IfModule mod_rewrite.c> # seo & spam RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*keywords-monitoring-success\.com [NC] RewriteRule (.*) http://www.keywords-monitoring-success.com [R=301,L] RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*keywords-monitoring-your-success\.com [NC] RewriteRule (.*) http://www.keywords-monitoring-your-success.com [R=301,L] RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*free-video-tool\.com [NC] RewriteRule (.*) http://www.free-video-tool.com [R=301,L] RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*fix-website-errors.com\.com [NC] RewriteRule (.*) http://www.fix-website-errors.com.com [R=301,L] # best-seo-solution RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*best-seo-solution\.com [NC] RewriteRule (.*) http://www.best-seo-solution.com [R=301,L] # best-seo-offer RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*best-seo-offer\.com [NC] RewriteRule (.*) http://www.best-seo-offer.com [R=301,L] # buttons-for-website RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*buttons-for-website\.com [NC] RewriteRule (.*) http://www.buttons-for-website.com [R=301,L] # simple-share-buttons RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*simple-share-buttons\.com [NC] RewriteRule (.*) http://www.simple-share-buttons.com [R=301,L] # buttons-for-your-website RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*buttons-for-your-website\.com [NC] RewriteRule (.*) http://www.buttons-for-your-website.com [R=301,L] # get-free-traffic-now RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*get-free-traffic-now\.com [NC] RewriteRule (.*) http://www.get-free-traffic-now.com [R=301,L] # sharebutton RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*sharebutton\.net [NC] RewriteRule (.*) http://sharebutton.net [R=301,L] # buy-cheap-online RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*buy-cheap-online\.info [NC] RewriteRule (.*) http://www.buy-cheap-online.info [R=301,L] # free-share-button RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*free-share-button\.com [NC] RewriteRule (.*) http://www.free-share-button.com [R=301,L] # free-share-buttons RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*free-share-buttons\.com [NC] RewriteRule (.*) http://www.free-share-buttons.com [R=301,L] # 100dollars-seo.com RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*100dollars-seo\.com [NC] RewriteRule (.*) http://www.100dollars-seo.com [R=301,L] # video--production.com RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*video--production\.com [NC] RewriteRule (.*) http://www.video--production.com [R=301,L] # videos-for-your-business.com RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*videos-for-your-business\.com [NC] RewriteRule (.*) http://www.videos-for-your-business.com [R=301,L] # success-seo RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*success-seo\.com [NC] RewriteRule (.*) http://www.success-seo.com [R=301,L] # floating-share-buttons RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*floating-share-buttons\.com [NC] RewriteRule (.*) http://www.floating-share-buttons.com [R=301,L] # get-free-social-traffic RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*get-free-social-traffic\.com [NC] RewriteRule (.*) http://www.get-free-social-traffic.com [R=301,L] # free-floating-buttons RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*free-floating-buttons\.com [NC] RewriteRule (.*) http://www.free-floating-buttons.com [R=301,L] # event-tracking RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*event-tracking\.com [NC] RewriteRule (.*) http://www.event-tracking.com [R=301,L] # chinese-amezon RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*chinese-amezon\.com [NC] RewriteRule (.*) http://www.chinese-amezon.com [R=301,L] # rankings-analytics.com RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*rankings-analytics\.com [NC] RewriteRule (.*) http://www.rankings-analytics.com [R=301,L] # 1-99seo.com RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*1-99seo\.com [NC] RewriteRule (.*) http://www.1-99seo.com [R=301,L] # auto seo service (all variants) RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*autoseoservice\.org[NC] RewriteRule (.*) http://www.autoseoservice.org [R=301,L] RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*autoseo-service\.org [NC] RewriteRule (.*) http://www.autoseo-service.org [R=301,L] RewriteCond %{HTTP_REFERER} ^http(s)?://([^.]+\.)*auto-seo-service\.org [NC] RewriteRule (.*) http://www.auto-seo-service.org [R=301,L] </IfModule>
Newer versions of Piwik / Matomo do filter those spammers keeping your mind at peace up to a certain level, however, they also need to release new version of the software and you need to continuously follow the upgrades in order to keep up with new rules. And you probably have some better things to do than constantly updating analytics software.
Another benefit of htaccess approach is that it will also filter referrer spam inside your Google Analytics dashboard, or any other analytics tool for that matter.
Over time you should add additional lines that follow above structure once you notice new URLs in your analytics dashboard.
GOOGLE ANALYTICS DASHBOARD – HOW TO CREATE A VIEW REFERRAL SPAM FILTER
IF following is true:
1) you do not want to use .htaccess rule for various reasons — for example: Rewrite Rules can interfere with other rules on many occasions, creating conflicts and non-proper website functioning or simply because you use another server (like nginx)
2) you do not use Piwik, but only Google Analytics platform
You can still filter out referrer spam by creating a View Filter in Administration > View > Filters – take a look at the following example:
Copy/Paste below regular expression code for Google Analytics Filter to filter out all known spam websites (this expression will be updated from time to time, so make sure you come back and check) :
IMPORTANT NOTES:
– keep it as a single line without breaks
– due to Google’s maximum 255 characters input form limitation for filter expressions, you need to split them into multiple separate filters
.*(buttons\-for\-website|buttons\-for\-your\-website|buttons\-for\-website|simple\-share\-buttons|best\-seo\-solution|best\-seo\-offer|get\-free\-traffic\-now|free\-share\-buttons|100dollars\-seo)\.com.*
.*(video\-\-production|videos\-for\-your\-business|success\-seo|floating\-share\-buttons|get\-free\-social\-traffic|free\-floating\-buttons|event\-tracking|chinese\-amezon|rankings\-analytics|1\-99seo)\.com.*
.*(auto\-seo\-service|autoseo-service|autoseoservice)\.org.*
However, the Google Analytics filtered view has some limitations you should be aware of:
- Filters require up to 24 hours before they are applied to your data
- Filters are effective from the moment you define them, they are not retro-actively applied
- Filters are destructive, if you use them for your main/default view, data will be permanently lost
This means that you will still see those links in your Referral Table for some time (default 30 days reporting interval)
GOOGLE ANALYTICS – REFERRAL EXCLUSION LIST
Another convenient way to exclude referral traffic from set of domains that you can manually define in Administration > Property > Referral Exclusion List following these screenshots:
Define main domain of the website you wish to exclude:
And finally save – the list should appear as following:
GOOGLE ANALYTICS – BOT FILTERING – EXCLUDE HITS FROM BOTS AND SPIDERS
And final tool that may help you combat Referrer SPAM within Google Analytics platform is to activate Bot Filtering, which will try to exclude hits from known bots and spiders from your View. However, same applies as for Custom Filters above, the setting will take time to be applied and become effective.
Administration > View > All Web Site Data > View Settings > Bot Filtering
tags: stop analytics referrer spam, block ga spam, stop piwik referrer spam
7 Comments
Add Your CommentThanks for this info, however I already have some lines in my htaccess. They look like this:
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule .* – [E=noabort:1]
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
Where do I put yours. Leave mine alone and add it to the bottom before # END WordPress? Or put it above this like you said, right at the top above the #Begin WordPress? Thanks.
April 12th, 2015Hi, simply place the code above the WordPress one and it should work fine, for example:
line 01 ... # Referrer SPAM code here
line 10 ... # BEGIN WordPress
line 20 ... # END WordPress
Empty lines will not harm .htaccess file in any way, they are ignored and commentary lines begin with # hash-tag symbol.
April 12th, 2015In-depth article + video tutorial of excellent SPAM protection tool for WordPress and other CMS systems:
May 4th, 2015http://tehnoblog.org/wordpress-security-pro-tips-zb-block-installation-tutorial/
This was VERY helpful. I used the Google Analytics code and it seemed to work. Thank you!
September 10th, 2015@ Stacy
September 10th, 2015Thanks :)
Thanks for sharing your experience; however, just wondering… With some sites transitioning to “https:” have you had to go back and add a line for each one to block the https protocol or have you had any trouble with this?
JE
May 9th, 2017Hi Julia, thanks for commenting. You can simply modify rewrite rules to check both http and https conditions.
May 9th, 2017Replace ^http with ^http(s)? or ^https?
Regards