A few months back, my agency started seeing a referral traffic spike in our Google Analytics account. At first, I got excited. Someone is linking to us and people are clicking. Hooray!
Wrong! How very, very wrong. As I dug deeper, I saw that most of this referral traffic was sent from spammers, and mostly from one spammer named Vitaly Popov (or, as I like to call him, “the most recent pain in my ass”).
The domains he owns have been giving our company’s site and most of our clients’ sites a few hundred sessions per month, enough to throw off the analytics data in many cases.
His sites aren’t the only ones I’ll cover in this how-to, but his spam network has been the biggest nuisance lately. If you’re getting spam referrers in your analytics, you should be able to follow the same steps to stop these data-skewing nimcompoops from spoiling your data, too.
Why do I need to worry about blocking and filtering these sites?
There are two main reasons I’m motivated to block these on all sites that I work with. First: corrupt analytics data. A few hundred hits a month on a site like Moz.com isn’t going to move the needle when compared to the sheer volume of sessions they have daily. However, on a small site for a local plumber, 30 sessions per day is likely going to be 70% spam referral traffic, suffocating the remaining legitimate traffic and making marketing analysis a frustrating endeavor.
Second: server load and security. I didn’t ask them to crawl or visit my site. Their visits are using my server resources for something that I don’t want or need. An overloaded server means slower load times, which translate to higher bounce rates and lower rankings. On top of that, who knows what else they’re doing on my site while they’re there. They could easily be looking for WordPress, plugin and server vulnerabilities.
Popular referral spam domains
Using WHOIS.net, I found that Mr. Popov’s spam network includes these domains:
- darodar.com (and various subdomains)
- econom.co
- ilovevitaly.co (and other TLD variations)
Other spammers plaguing the web include:
- semalt.com (and various subdomains)
- buttons-for-website.com
- see-your-website-here.com
Many other sites have come and gone. These are just the sites that have been active lately.
Why are they hitting my site?
Why are people going through so much effort to crawl the web without blocking themselves from analytics? Spam! So much spam, it still blows me away. I looked into a few of the sites listed above. Three of the most prolific ones are doing it for very different reasons.
See-your-website-here.com
This site takes the cake for being the most frustrating. This site is using referrer spam as a form of lead generation. What is their product you ask? Web spam. You can pay see-your-website-here.com to perform web spam for your company as a form of lead generation. The owner of this domain was kind enough to make his WHOIS information public. His name is Ben Sykes and he’s from London.
Semalt.com
Semalt.com and I have had a tumultuous relationship at best. Semalt is an SEO product that’s designed to give on- and off-page analysis such as keyword usage and link metrics. Their products seem to be somewhat legit. However, their business practices are not. Semalt uses a bot to crawl the web and index webpage data, but they don’t disable analytics tracking like most respectable bots do. They have a form to remove your site from being crawled at https://semalt.com/project_crawler.php, which is ever so nice of them. Of course, I tried this months ago and they still crawled our site. I ended up talking with a representative from Semalt.com via Twitter after I wrote this article: How to Stop Semalt.com from Plaguing Your Google Analytics Data. I've documented our interactions and the outcome of that project in the article.
Darodar.com, econom.co, and ilovevitaly.com
This network appears to exist for the purpose of directing affiliate traffic to shopping sites such as AliExpress.com and eBay.com. I am guessing that the site won't pay out to the affiliate unless the traffic results in a purchase, which seems unlikely. The sub-domain shopping.ilovevitaly.com used to redirect to aliexpress.com directly, but now it goes to a landing page that links to a variety of online retailers.
How to stop spam bots
Block via .htaccess
The best way to block referrers from accessing your site at all is to block them in your .htaccess file in the root directory of your domain. You can copy and paste the following code into your .htaccess file, assuming you’re on an Apache server. I like this method better than just blocking the domain in analytics because it prevents spam bots from hitting your server altogether. If you want to get creative, you can redirect the traffic back to their site.
# Block Russian Referrer Spam
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https://.*ilovevitaly\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*ilovevitaly.\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*ilovevitaly\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*ilovevitaly\.info/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*iloveitaly\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*econom\.co/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*savetubevideo\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*kambasoft\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*buttons\-for\-website\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*semalt\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*darodar\.com/ [NC]
RewriteRule ^(.*)$ – [F,L]
Warning: .htaccess is a very powerful file that dictates how your server behaves. If you upload an .htaccess file with one character out of place, you will likely take down the whole site. Before you make any changes to the file, I would suggest making a backup. If you don't feel comfortable making these edits, see the WordPress plug-in option below.
Analytics filters
By itself, .htaccess won’t solve all of your problems. It will only protect you from future sessions, and it won’t affect the sessions that have already happened. I like to set up filters by country in analytics to remove the historical data, as well as to help filter out any other bots we might find from select countries in the future. Of course this wouldn’t be a good idea if you expect to get legitimate traffic from countries like Russia, Brazil, or Indonesia, but many U.S.-based companies can safely block these countries without losing potential customers. Follow the steps below to set up the filters.
First, click on the "Admin" tab at the top of the page. On the view column you will want to create a "new" view so that you still have an unadulterated report of all traffic in Google Analytics. I named my mine "Filter Bots." After you have your new view selected, click in to the "Filters" section then select the "+New Filter Button."
Setting up filters is pretty simple if you know what setting to use. I like to filter out all traffic from Russia, Brazil, and Indonesia. These are just the countries that have been giving us issues lately. You can add more filters as you need them.
The filter name is just an arbitrary label. I usually just type “block [insert country here].” Next, choose the filter type “custom.” Choose “country” from the “Filter Field” drop down. The “Filter Pattern Field” is where you actually define what countries you are filtering, so make sure you spell them correctly. You can double check your filters by using the “Verify This Filter” button. A graph will pop-up and show you how many sessions will be removed from the last seven days.
I would recommend selecting the “Bot Filtering” check box that is found in “View Settings” within the “Admin” tab. I haven’t seen a change in my data using this feature yet, but it doesn’t hurt to set it up since it’s really easy and maybe Google will decide to block some of these spammers.
Using WordPress? Don’t want to edit your .htaccess file?
I’ve used the plugin Wp-Ban before, and it makes it easy to block unwanted visitors. Wp-ban gives you the ability to ban users by IP, IP range, host name, user agent and referrer URL from visiting your WordPress blog all from within the WordPress admin panel. This a great option for people who don’t want to edit their .htaccess file or don’t feel comfortable doing so.
Additional resources
There are a few other great posts you can refer to if you're looking for more info on dealing with referrer spam:
- https://www.optimizesmart.com/geek-guide-removing-referrer-spam-google-analytics/
- https://megalytic.com/blog/how-to-filter-out-fake-referrals-and-other-google-analytics-spam
- https://blog.raventools.com/stop-referrer-spam/
- https://www.analyticsedge.com/2014/12/removing-referral-spam-google-analytics/
Conclusion
I hope this helps you block all the pesky spammers out there. There are definitely different ways you can solve this problem, and these are just the ones that have helped me protect analytics data. I’d love to hear how you have dealt with spam bots. Share your stories with me on Twitter or in the comments below.
Jared,
I appreciate your contribution and I think you're 100% correct when it comes to analytic filters. The .htaccess thing is where you're a little off for darodar and some other referrer spam networks.
See, what a lot of these networks do, is target auto-generated Google Analytic ID's and use a script to show the referrer in GA. htaccess only works on low level bots, and would work for all referrer spam if they went to your server but they never hit your server at all. It's a problem the analytics team is aware of but it doesn't seem that they know how to fix it besides adding it to the known bot collection.
One quick fix that I've noticed is that they don't auto-generate ID's that end in 2. So instead of UA-555555-1 you would add it as a second property and it would end in -2. It's inconvenient but right now the referrer spam networks do not target those GA properties.
This is good info Nathan!
Hopefully GA comes up with a solution. In the mean time I'll give your recommendation a try.
I really hope Google will be able to come up with a fix to these spammers.
@April, @Jared - I was hoping for the same, but several months later I had to give up waiting for Google. Since I have to manage 100s of properties automation was the only solution. That's how https://www.analytics-toolkit.com/auto-spam-filters/ came to be. It's a 1-click, set-and-forget solution that you might to check out.
Hi Jared,
Did the 'Nathan Thomas' solution above work for you? i.e. the suggestion to have a GA code ending in -2 ?
Thanks Nathan to differentiate closely the .htaccess file and Analytic Filter. Also, jared , i have added the filter in the Admin section of the website in Google Analytics, let see what changes will done in Traffic in coming days. Brazil is the biggest Spamm generating Country and I have blocked this.
What I find kind of strange: why isn't Google doing anything about this themselve? It's "hurting" their product too.
Right, I realize that is sort of a never ending battle, but i would think they could easily identify them and at least slow t down a little.
Hi Nathan
I tried same for one of my blogs and it worked, but for my another website which GA code is UA-XXXXXX-26 received about 35 visits from smelt.com last month, So i think it could be trick but not a solution.
And Jared
I noticed that most of such spam traffic not limited to specific countries so what should we do if this traffic is coming from my targeting countries.
One more thing I would like to know what if we exclude referral traffic from filter instead of filter entire country by putting following query in Filter pattern
smelt.com | darodar.com |econom.co | ilovevitaly.co |
and You can update this list just by adding new sources.
Unfortunately, I've also got Semalt spam on GA ID's that end in numbers higher than 1!
Semalt is an actual bot that crawls your site. The GA trick won't work because there is an actual visit. The GA trick works on "Ghost" spam, where they are just hitting random GA accounts without ever visiting the site. You'll notice that in analytics there is usually either no hostname, or one that doesn't match your website properties. You can also use filters to in analytics to block by hostname,.
unfortunately they are going to number 1,2 and 3 now on GA ID
Hey Jared - from my experience many of these spam bots aren't actually visiting the server. Instead, they are simply firing the GA code remotely creating "ghost referrers." And since they aren't actually visiting the server, the .htaccess file isn't resolving the issue.
I've had some success in GA filtering via hostname - have you looked into that solution?
Nate,
I have had success with SEMalt for sure with the .htacess since they are crawling the site for the purpose of being an SEO tool. Makes sense with the other refers though. I have tried the host name filter and after a few months I was still seeing the data, as well as the verification test was not showing any change in data, perhaps I was setting them up wrong, but they seemed pretty hard to mess up.
Thanks for the article. I just recently was digging around for similar info and discovered what Nate mentioned. The best article I found was by Analytics Edge, search for semalt darodar ghost referral and it'll come up. I've had success using the host name inclusion filter. As for semalt, et.al, htaccess is the way to go.
I agree with you Nate. I was not convinced that they were actually hitting the website and they were in fact ghosting my analytics code. I have to say that I have not looked into this deeply enough to be sure because, as you also mention, I managed to filter using the GA filtering.
I may look into this a bit more now.
If you're using a CDN like Cloudflare, they will log the IPs/Networks that contributed to your bandwidth - so you can see whether these referrers are just triggering the GA code or are in fact hitting the site.
As someone who has used many other Analytics solutions (Adobe, IgnitionOne etc) you very rarely see these referrers pop up, which suggest it is a GA "ghosting trigger" rather than an actual visit.
I enjoyed the article. I would have sent a friend who wanted information about this and has also pleased him :)
Great points on corrupted Google Analytics data. I have often seen semalt.com as a high traffic source on smaller websites and it is definitely annoying and makes data based decisions much harder.
One other thing that is in the area of corrupted Google Analytics data, is data gathering from other sites on your GA profile!
I have seen this a couple of times and essentially it means that your public Google Analytics code could be copied, placed on couple spammy sites, and the traffic would be recorded on your analytics profile.
This could mean higher bouncerates, lower engagement and of course high negative traffic (the good traffic does not belong to your site).
I would urge everyone to have a look at filtering this out by using the Google Analytics filter option which Jared also mentioned, but by making a filter that only allows traffic to your hostname that starts with your domain. E.g. starting with moz.com (everything after will be included).
I have tried this with my site and the data is going through fine. However, I would recommend that you make a couple of views for test purposes. I use a Main View for data viewing, a Backup View for backup in case I mess something up with filters, and a Test View for trying out different things.
Always leave a untouched RAW version so you have all of your data!
Well, I hope that this is useful and thanks Jared for putting a focus on this and a well written article!
Finally, I can now see my real statistics, but what is the reason that these sites refer spam? What benefit obtained these spammers sites?
Alberto,
Sadly, in a roundabout sort of way, we are doing exactly what they want us to do. Talking about them is helping them gain exposure and possibly traffic to their site. Awareness is the first step though.
Thanks for reading and commenting.
Thank you Jared.
Do you know if simple-share-buttons.com make refer spam too?
Definitely
Thanks for the post. I was usualy getting bot from semalt.com and was not happy about it.
i will clean up all the mess and let them go..
Thanks
I hate Semalt! The funny thing is that they don't thin they are spammers.
Right? I've tweeted with them multiple times they act like they are upstanding citizens of the internet.
P.S. Greetings fellow Utahn
Fantastic post! I haven`t encountered this problem, yet, but looks like it could be a real, as you say, PITA specially for small businesses. I think i would choose the plugin option, because messing around with the Htaccess file makes me nervous lol.
Great post Jared,
As you were facing Referral Spam Traffic and you shared a Great Tip how to avoid that.
Coming to the point, from past 3Months my website is getting Direct Spam Traffic once in a month I don’t know who is using this tool but when I first saw this huge spike in my traffic my feelings were exactly the same as you described but as soon I found out that someone is sending direct spam traffic on my website (on each and every page) causing 90, 95% bounce rate
Is there any way I can deal with this?
Hi Jared,
In fact those are the worst ways to avoid these ghosts referrals. First, as mentioned before by Nathan Thomas .htaccess wont help at all, you can't stop it because its generated with your tracking code ID. Once the spammer has obtained (or guessed) the property ID, he can generate page views in Google Analytics without sending requests to the actual Web site. This implies that there is no way to prevent this type of spam by implementing changes to the site (e.g. to the JavaScript in the Web pages or the .htaccess file). The second way with filters would be okay, only if you assume there wont raise others spammers domains. Even though, this approach is ineffective because the referrals used by the spammers will change over time and you would have to update your filters on a regular basis. If you check the darodar's reverse domains you will notice as today another 87 domains hosted in the same server. Tomorrow there will be even more or changed. So the best way I found to avoid those spammers is another approach that relies on the simple observation that all referrer spam is reported for the home page of the site (i.e. with request URI /). On the other hand, as explained in the Google Analytics documentation, it is possible to override the reported page URI in the JavaScript snippet:
ga('send', 'pageview', '/my-overridden-page?id=1');The idea is to modify the home page such that instead of reporting / as request URI, it uses /index.html (or /index.php or whatever the name of your index page is):
ga('send', 'pageview', '/index.html');With that change, you can safely eliminate referrer spam by creating a filter that excludes all page views with request URI /, because that URI will no longer be reported in legitimate page views. This solution comes from this guy.
Right Alan,
Nate informed us of the ghost referrals and suggests some work arounds to at least try and avoid them. Like I said about SEMalt, .htacess still keeps them from crawling your content for SEO tool indexing. Thanks for the advice and other suggestions to avoid the "ghost referrals" that is great info!
Hi Jared, this is my first comment on moz ;)
Concerning ghost referrals, I think the only and truly effective solution (as far as i'm concerned) to get rid of fake sessions is to use GA filters and filtering by hostnames.
If you go to the Acquisition/source traffic report, add a secondary dimension of hostname. You'll see that ghost referalls have fake hostname like apple.com. On the other hand, your genuine referral traffic will have the hostname of your website or others websites that you expect to generate traffic (ex: webcache.googleusercontent.com, etc...).
The solution is to take a relatively long period of data (say one year) to check hostnames of all your sources of traffic (source/medium). Yes because the spammer can put what he wants as sources (even google!).
Then when you've identified the genuine hostname (can be tricky), go to admin, create a new view and then implement a filter that will ignore every hostnames you didn't include in the REGEX. You can find complete articles talking about this if you google "hostname ghost referral filter".
Hope that'll help.
Greetings from france
wrong post...
For some strange reason, bots have become closer friends on my blog rather than humans.
But, this was just turning up to be too unwelcome.
If you are using Wordpress, an effective way to block these bots is through the free Wordfence security plugin. You can specify the referers you want to block similar to WP Ban.
Very good article, Jared, and especially useful for those one who have suffered this kind of nightmare. Like you say there is just a little step between a smile (new visitors / links / prospects...) and the cruel reality (just spammers!!!). Just one question: What do you prefer for a Wordpress site, the plugin you talked about or to change the .htaccess file? Maybe the htaccess solution could be better for speeding up wordpress even if it takes more time to develope this solution? Thank you in advance.
Abel,
Can't the internet just be a fun place for all?
I prefer the .htacess file myself, this has a lot to do with the fact that I have to edit it for client sites anyways to enable compression, browser caching, and deal with rewrite rules and redirects. So I typically just copy the lines of code that I already have written into the file while I'm in there.
WordFence has some settings to block these. I'm going to implement this today and see how it goes . . .
This is really nice to know, but is there a way to scale this up to hundreds of sites? My company, Modern Interface, hosts lot's of sites, and keeping up with an ever changing list of spam bots for all the sites seems tedious at best. What would be nice is the equivalent of Adblock that I could set up on the server and it would auto update the list of banned domains.
Michael
[Link Removed]
Michael,
Thanks for the comment!
I'm not a server expert but, I'm pretty sure you can block the same list of refers in the httpd.conf
file at the server level, learn more here, then every site on that server would be safe from the pesky bots! You have to make sure that its at the root level of the server, each site on the server would have a virtual server httpd.conf file.
Micahel your right, the httpd.conf file would be the way to go. Changing the .htaccess file of a site just allows for "local overrides" of the httpd.conf file, so you could do this configuration "server wide" in httpd.conf.
I did have a question for you as well though, have you compiled any kind of "master list" of referring spam domains? If you had that maybe we could do a little trade and I could write up the code to utilize the list server wide in httpd.conf.
No worries if you don't have a master list, I appreciated the article.
Spam bots are seriously irritating and I'm glad that you mentioned semalt - they are the ones that I see most often on both my own analytics and on that of clients! It is really strange how a seemingly legit company would use such back hand techniques but I suppose each to their own. Either way, thanks for the information on how to block them, hopefully I can make sure that semalt and others are no longer affecting my analytics data!
Cheers Jared
This is a great topic to highlight, and some great information that you have shared with us Jared. Some of these aspects i have not come across before so is much to learn from it. Kind of you too share it with us! Thanks Jared.
Yay thank you so much Jared! I have to try this out, have been facing issues with those site for ages!
great article Jared, and just in time as we saw another spammer hit our clients GA huamorights.org. It only launched on 4 March and has already plagued our reports
Great post. Thanks. I have been seeing a lot of spam traffic from www1.semalt.com, www2.semalt.com, 324422.semalt.com, etc. How do you filter out all of the sub-domain variations of a domain? What would the regular expression look like? I’m assuming there would be some sort of wildcard used? Thanks a lot.
My sites used to have tons of spam traffic from semalt in a diverse pattern of domains. I used the filter \.semalt\. to exclude them, and I haven't seen it anymore. Hope it helps you.
Here is the exact filter I use in GA.
Filter type: Custom
Exclude
Filter field: Referral
Filter Patter: .*semalt\.com|.*makemoneyonline\.com|.*darodar\.com|.*ilovevitaly\.[co|com]|.*priceg\.com|.*buttons-for-website\.com|.*hulfingtonpost\.com|.*bestwebsitesawards\.com
I check my referring traffic from Russia every few weeks to see if any new domains popped up.
This thread prompted me to check my referral traffic again. I found a couple new offenders and added them:
.*semalt\.com|.*aliexpress\.com|.*wellnessnvision\.com|.*o-o-6-o-o\.com|.*humanorightswatch\.org|.*makemoneyonline\.com|.*darodar\.com|.*ilovevitaly\.[co|com]|.*priceg\.com|.*buttons-for-website\.com|.*hulfingtonpost\.com|.*bestwebsitesawards\.com
Great job Nathan, thank you for sharing
Will this format completely block referrers containing darodar.com, example; 23876384.darodar.com etc.? Or will this just block darodar.com specifically?
Very useful and informative post Jared Gardner. I am using WordPress with Wp-Ban. But now learned new things about how to block spam visitor by .htaccess and anlytics filtering. Thanks for your nice content. (y)
Since four days ago, i start to have referral traffic from buttons-for-website.com. It was annoying since thoses visits were decreasing my bounce rate considerably :-)
This is exactly what i was looking for!! I appreciate it really :-)
My Website has been visited by This site as well its annoying i agree! Stupid Spam Bots Why do they have to bother us! Ugh!!!
I think the problem should be solved at the root, Analytics dont show accuracy with our data , there is little distance to filter this type of SPAM that also includes advertisements now.
I was not convinced that they were actually hitting the website and they were in fact ghosting my analytics code. And also, my opinion is the same like Alberto!!!
Hi Jared, thank you for such an amazing post and btw congratulation on being promoted to the main blog.
I have been able to detect those ghost visitors on a brand new website that has not been launched yet. The website is blocked by the robots file and I soon realised about these "ghost referrals" coming from Russia through different sources such as forum.topic59010277.darodar.com, humanorightswatch.org, o-o-6-o-o.com and s.click.aliexpress.com. Most recently I have noticed another source simple-share-buttons.com coming from different countries like USA, China, Finland, Singapore and Argentina. They distort metrics like bounce rate and session duration, as you had mentioned, and also notably new users acquisition and page per visit.
The best solution for me so far is filtering the views, is worth checking out your website log just in case.
Over the years we have blocked many spammers from our website and our client's sites. Semalt became a huge problem for us, we were aware of them from the start, but didn't do anything for about 3 months because we thought they were a legitimate company and the visits would calm down. It just got worse, thankfully they are now block - YAY.
I can't image it is going to do their business any good if they don't change their ways.
Semalt has an opt-out form on their website. So far they have respected my choice.
I find a easy and simply plugin for avoid the refferal spam of my wordpress website, the name is "Block Referer Spam" by codestic. And work fine, during the last month 0% of refferal spam.
Thank you, I found this article very interesting because my website is being attacked by spam bots, site navigation is constantly in a very small time
I haven't came across such issue as for now and was unaware of this. Thing like this could also happen, i will keep it in my mind. Anyway as i used to read all the article of moz for knowledge, this was also good one.
I've gone down a slightly different route with this, rather than using RegEx to block the spammers I've implemented a simple cookie in GTM which returns true when users hit our sites, a GA filter then only shows users with this cookie installed on their system. Whilst this can stop users reporting in GA who opt out of having cookies installed on their systems, a comparison of our analytic data (using a segment containing the RegEx against the results of the cookie route) shows no real dip in lost traffic outside of the referral spam.
I have noticed another issue though, looking at our Adwords data there seems to be an inconsistency in the our conversion rates namely the unfiltered view shows almost double the conversion rate value that our referral filtered view shows. I'm trying to figure out if the spam referral issue also has an impact on Adwords campaigns and wondered if anyone else has experienced or noticed this aswell?
Does anyone know if these spam referrals contribute to 'real' bounce rate? Could Google be marking me down in the rankings because of a high bounce rate caused by these pesky spam bots?
Hi,
Thank you for this great article!
I correctly block that spam referral via .htaccess file.
By the way, there's a bunch more of spam sites that are still affecting my analytics:
site38.simple-share-buttons.com
editors.choice59049484.hulfingtonpost.com
site32.social-buttons.com
social-buttons.com
I'm going to add a block for them in my .htaccess file.
Hope this would be useful to someone else!
Not all sites will be blocked with the .htacess. You will have to set up GA filters for ghost referrals. See comments above.
Congratulatios!! It is one of the best post I have never read! Thanks for sharing!
One of the most useful articles i have read. We also had a problem with semalt and was very frustrating
Excellent tips on how to deal with referral spam. Our corporate site is not (yet) being hit with high volumes of traffic, but we have been visited by darodar.com and several "fake" search sites (presumably where visitors pc's have been infected and their default search modified). Analysing our traffic is important, so any advice (like this) on how to improve the results is really useful.
This spam is recently a real plague. As you said - it is especially annoying in very small websites. Sometimes you look at Analytics data and think "wow my SEO work is just amazing" then you look at traffic sources and the mood is gone ;)
Great advice Jared :) I'll implement them in my projects.
Is it just me, or are we now seeing a lot of spam showing up as Direct traffic? I've got a couple small sites I just mess around with showing 500-1,000 visits in the last 30 days from direct, with about 250-500 garbage referral visits, and about 25 from organic...
Our GA just got hit by Direct Traffic spam this week. It is terrible and ruins GA data because there are no 100% clean cut cases (identifiers) like Referral spam to block these traffic.
Check out this discussion in Google Group https://productforums.google.com/forum/#!topic/analytics/sTinRFgimIU
I saw same kind of SPAM traffic coming to my website. There was a site which was sending the spammy referral traffic to my site. I analyzed lot on it and finally found that, i can restrict such bots by adding them in my htaccess file.
Excellent Points Jared,
I have seen such cases in which , webmaster never added the tracking code to his website, even though referral visits shows in GA.
Question is how they got the web property?
How it is possible? I mean how they got the web property code ? I think Developers at Google Analytics should look into this.
Hey, Jared. Thanks for writing a great post. I had a bunch of visitors from semalt. I put it down to a competitor performing research. Could still be the case. Love the idea of redirecting it back to them. Thanks again
You may have done study hard on facts. I think google analytic setting will help you but its not advisable to use the .ht access.
1 question : If they are counted as direct traffic then why should you worry about that. They are not going to down your ranking etc.
I appreciate your effort to provide helpful article.
All the above methods are not working. I have used all of these and they are not working. Kindly provide us some more which can actually work
Completely agree!!
I still see all these spam in my GA account.
No havn´t find a solution jet!
The idea is track the traffic only with our hostname. If we select Hostname as 2nd dimension per each report, shows different hostname (amazon, apple, mozilla, google, (not set) and more...) Well, all of them are spambot or ghost referral.
Generally, the traffic "visit" or should visit our main domain (aka hostname). To include only "our domain", all spambot referral will not be tracked. Quickly and simple.
In past report we can include only our hostname as filter like as(www\.yourdomain\.ext|yourdoamin\.ext) (ext with our real extension).
And yes, works fine but considering some conditions.
1) If user want translate our website through translator (like google), google.usercontent.com will be the "positive" hostname, and it's not fake
2) If we managed google adwords accounts that advertise differentes geoTLD in same time in different countries with same geoIP, (example germany, switzerland and austria have many contiguous cities), so maybe, hostname will be one of theme geoTLD. Solution will be change the filter pattern like as (www\.yourdomain\.(de|at|ch))|(yourdomain\.(de|at|ch))...
3) Important to active a intelligence alert for AnalyticsView, and to select traffic aren't our hostname for to detect new spam referral
4) Semalt & others spamBot, for example, many time use our hostname, and that will not be removed with personalized filter. So, to apply report filter only for some referral/medium
.htaccess is the sure fire thing for me. make sure you have a backup and install it at a slow traffic time of the day for your site. You will know very quickly if it didn't work, you will return a server error when you load the any page. hurry and swap it back and then dissect the code your working on.
Hi Jared, I'm using your method for .htaccess but it simply doesn't work? I'm still seeing a ton a horrilbe refferal traffic from teh same old sites. I'm on a run of the mill apache setup, nothing out of ordinary. Any clues/thoughts?
i think many of us facing the same problem. you have nicely explained and help to prevent spam. thank you.
Hi Jared,
I believe the HTACCESS rule will not stop the spam, because you can simply use Measurement Protocol to spam Analytics, without making any connection to your server.
You can try to decrease the spam, but since the Measure Protocol is open and unprotected, you cannot get rid of this entirely.
Brilliant article Jared, I was literally looking at spammy referral data this morning and wondering what to do about it!
Easy steps referral spam fix : https://www.celilcan.com/semalt-benzeri-saldirilari-engellemek/
This post saves my ass, the spam referral is becoming more and more heavy, thank you!
Google MUST do something on this issue, this is not the bill we should pay!
Great article Jared. I added to your list a few domains that bothered me and I shortened the list and made it more future proof by using the .* even for the TLDs. It looks like it's working.
# block spam visits
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https://.*semalt\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*4webmasters\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*trafficmonetize\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*guardlink\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*free\-social\-buttons\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*event\-tracking\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*Get\-Free\-Traffic\-Now\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*ilovevitaly\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*econom\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*savetubevideo\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*kambasoft\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*buttons\-for\-website\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*semalt\..* [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*darodar\..* [NC]
RewriteRule ^(.*)$ – [F,L]
another one to add too your list rank-checker.online
Hi Jared!
So far I've been lucky enough to not run into this problem, but if that I have a partner who has had to fight this. And it is very tedious to remove.Bots are a serious problem for our business, apart from being desperate. The problem is that when you install a plugin to detect and eliminate them, they are not foolproof.I have not tried what your comment in the block post via .htaccess. So say if not used properly can be a bit dangerous to our website, if not done right. Luckily we have our backups, which has saved us more than once :)I only use Akismet. By now it works fine.
Arrgh on the spam referrals, now they are getting into my events and campaigns. I wish I had setup filters a year ago! I did some research, on 77 sites and found that the average site got 210 visits from spammers in June 2015 according to my list anyways... see the research at https://www.blizzardpress.com/referral-spam-benchmark-data/ -- hopefully it will be more than 77 sites soon too.
I am new to Moz.com and also to Analytics. But I came across this article when looking at some of the spam referrers on my GA page. I had just implemented a solution that is dynamically blocking these referrers. It blocks them at the iptables level so you can only use it if you have root access. After reading this article I thought it would be a good idea to add to the conversation. I use fail2ban to monitor various activities on my website. Once detected the offenders get dropped at the network interface. The offender never even makes it to .htaccess. This solves all the work of manually hunting them down. I am only about half way through my plan but you can find this part at:
( I removed the link just in case it is a breach of courtesy, You can probably find it if you search. Or if MOZ has Private Message I'll check it.)
My next step is an automated entry into my .htaccess or perhaps the Drupal blocked IP's table. Also, it should be a little easier to create a filter with a log of known bad actors.
Very Helpful article for getting rid of unwanted traffic. Thanks for sharing.
Can we also use
RewriteCond %{HTTP_REFERER} ^https://.*ilovevitaly.* [NC,OR]
instead of all these
RewriteCond %{HTTP_REFERER} ^https://.*ilovevitaly\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*ilovevitaly.\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*ilovevitaly\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*ilovevitaly\.info/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*iloveitaly\.ru/ [NC,OR]
Hi!
Just for WordPress users!
I just made a WordPress plugin that uses a community maintained list of referrer spammers with more than 270 sites!
Here the link https://wordpress.org/plugins/wp-block-referrer-spam/
Check that out, and let me know your thoughts!
Thanks!
I really hope Google do something to resolve this soon. It is a massive pain to ban bots and add Google Analytics filters. The amount of referral spam has exploded for me over the last few weeks and every time I ban a robot another two or three appear. It's almost enought to make we want to remove Google Analytics altogether!
Great article, thanks. I've had a big issue with floating buttons and traffic from Russia/China on my food blog. So much so the high bounce rates started to impact my rankings. Now I've put the filters in place the situation is improving. However, I'm not brave enough to edit my htaccess file yet!
Another way to filter them out is a custom filter excluding the filter field "campaign source" and entering the url or expression. I also believe that this activity does negatively affect your rankings. I compared the graph for referral acquisitions in analytics with average position in webmasters tools for a client and there was a direct correlation between a big spam day and the average ranking taking a big dip immediately after in several instances.
Hi Jared Gardner,
Even I too receiving too many spam visitors, this will affect keywords position? Please answer.
Just thought I would add an updated list of spammers to block:
# Block Referrer Spam
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https://.*ilovevitaly\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*ilovevitaly.\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*ilovevitaly\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*ilovevitaly\.info/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*iloveitaly\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*econom\.co/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*savetubevideo\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*kambasoft\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*buttons\-for\-website\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*semalt\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*darodar\.com/ [NC]
RewriteCond %{HTTP_REFERER} ^https://.*guardlink\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*free\-share\-buttons\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*free\-social\-buttons\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*Get\-Free\-Traffic\-Now\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*buy\-cheap\-online\.info/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*4webmasters\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*event\-tracking\.com/ [NC,OR]
RewriteRule ^(.*)$ – [F,L]
Thank you for writing this Jared. I am keen to get some accurate results so have tried the country filters. I agree I wish Google would do something to stop the spamming sites.
Thanks for a great article, but please add images in higher resolution.
I can't see whats on the images.
I tried the htaccess method, but it doesn't seem to be working. I'm still seeing referrals from the sites I thought I blocked. Here's my code, if it helps. What am I doing wrong?
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^https://.*best-seo-offer\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*buttons-for-your-website\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*best-seo-solution\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*buttons-for-website\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*4webmasters\.org [NC]
RewriteRule ^(.*)$ – [F,L]
@Jared- It is really helpful information for me. Finally i got a permanent solution of this issue.
I tried all this but no one is perfect. these bots changes their name regularly, so blocking them via filters or htaccess is not a permanent solution (and by the way htaccess is only available for Apache server then what about IIS or other servers), For a perfect solution you can use Idea suggest by Himanshu Sharma by adding a security token in your analytics code.
Here is in detail https://www.optimizesmart.com/what-i-learned-from-trying-to-fix-the-ghost-referrer-spam-in-google-analytics/
thanks! very good information
I talked about that to a friend of mine- he chose a nice way, he is redirecting these bots backt to sender. a german bot smilar the semalt-bot caused a lot of traffic, it increased for one of his sites to 1400 visits per day (i saw it in analytics)! so he decided to use that "back to sender" way.
Thanks a lot for your article on how to block referrers. Unfortunately some of the referrer spam now don’t even bother to actually view your site. I recently tried to tackle the issue and ended up deciding on using a programmatic approach.
Creating filters to exclude the referrers in Google Analytics was the solution for me. As it was for most people. But as I needed a way to update thousands of sites at once, I used the API to do it. A full write up can be found here, https://blog.slowb.ro/beat-google-analytics-referrer-spam-programmatically/
Also the tickbox “Exclude all hits from known Bots & Spiders” will never do anything for referrer spam because they are not bots or spiders unfortunately. Bots are defined “Googlebot/2.1″ and “YahooBot” which will never run any javascript on your page, and thus never show up in your analytics.
Hi Jared,
Good summary, I pray every night that there is a solution to this plague.
First time I came across one of Vitaly's referrals I clicked through to see what it was. I got redirected to AliExpress. Bought 5 pair of underwear. Now I know, but since then there are a variety of different ghost referrals in addition to Semalt. I did register all my client's domains with Semalt to not track them - and it seems to work.
This Vitaly character has posted somewhere in the comments of a post about GR spam that what he is doing is not illegal in Russia and he doesn't care about all the extra work he is causing for webmasters etc as he is making money.
Because the ghost referrers producing random GA ID's show up as referrals from particular domains - why can't Google pre-filter these and add to the list as new ones come up? Otherwise, for small websites at least, Google Analytics are rendered unusable without spending an extra hour or so setting up filters - multiply that by the number of sites affected - likely many millions - and you have a serious amount of time wasted.
Google are not short of the expertise.
I am considering changing to another free analytics provider, even though GA integrates with Adwords and the various helpful extensions in Chrome browser such as do not show in Analytics, etc.
I'm thinking of setting up my own ghost referrer, and using the domain "IhateVitaly. No doubt that domain is already sold but it might bring some comedy to a pretty crappy situation...
Thanks for your article, and the links to the others.
Wow Great Article! Really had some meat to it! Great description of many of the spam bots. Great walk through on setting up GA filters and great list to start with for blocking the bots via .htaccess. Not to mention the additional helpful links and and plug-in suggestions. Thank You!
Vitaly Popov!! I really hate that guy. I think I could list his domains one by one. Thank you, Jared. Great article!! Now I am following all your advices one by one.
I am so thanks for the article, its matter allot to me when I am trying to fix referral traffic to my client websites, but the thing is i found allot of source, but it the worthy . But as per current GA, I found some of the features are updated, it would be great if you can article it would be great.
Thanks.
How we stop Spam Bot from site who can`t acces the htaccess file like Blogger or wordpress ?
Lot of my readers asking thats question, and i cannot answer that, i only say maybe you cant use robot.txt
Sorry for my bad Grammar
Regards Mugianto
Excellent tutorial!
Before I used to block unwanted traffic from spammy websites using only the Google Analytics filters. Having come across your post I could now block access using the .htaccess too. It really works and I appreciate time for sharing your this tip.
Thank You, very help full data. I am also getting Views from Spam Bots in Analytics in my PostStupid website
I Follow these steps.
Thanks good post. I find adding a segment to exclude the spam data is the best first approach. Then adding filters at admin level once you understand what works and are sure you are excluding the spam effectively. https://www.global-river.co.uk/google-analytics-spam/
Thank you sharing this but is there any other best way so all ghost spammer are not coming on my website.
It's not possible to prevent ghost spammer to come to your website. But if your main problem is the SPAM in Google Analytics, then DIGMATO.com is your solution. ;-)
It's almost 100% automated. Just once you select Google Analytics View(s) you want to keep clean and we'll keep your data safe from as much SPAM as possible. You don't need to maintain any spammers list or even update Google Analytics filters. We do it all for you.
How many domains are you filtering and how many other filters are you adding? This tool contains 550+ domains: https://www.adwordsrobot.com/en/tools/ga-referrer-spam-killer
The ghost spammers aren't actually coming to your site at all, just messing with your analytics reporting, that's the challenge. Analytics Edge (who are trying to maintain a definitive guide on this topic) created a custom sessions so you don't see the ghost sessions. You can import it at: https://www.google.com/analytics/gallery/#posts/search/%3F_.term%3Dspam%26_.start%3D0%26_.count%3D250%26_.viewId%3DeA5T2yD9TeOkCdY1zzFm0A/
This segment is very outdated!
Being Creative sounds fun but a heck of a lot of work. haha
Hi, I've very recently found google.com coming up as a referral and from the 100% new session and bounce rate stats is looking like it is spam. Any ideas on how spammers are managing to do this and how to get rid of it from the analytics data without blocking data from Google?
Thanks for the read, Jared.
I'd also add a few bot domains here (from what I've found on the web and in my GA)
As you can see - many of them come from Russia.
I'd also like to hear your opinion on the topic of fingerprinting. It's now widely advertised by various tech startups (like fraudhunt.net, forensiq (ex- cpa detective), and data home as one of the prime bot-combatting solutions. The problem is that I couldn't find any decent studies that reveal fingerprinting actually works. Although I do feel excited about it, as I'm pretty tired of filtering bots in GA all day every day. Have also tried heat maps and video session recording tools - they seem fun, but only work on smaller scales.
Finally Fixed Spam Traffic!
P.S - Thanks For Sharing
I think this referrer spam issue could and *should* be better managed by Google itself.
Isn't it crazy that thousands of thousands people need to configure Analytics filters inserting exactly the same settings? wouldn't it be easier for a single centralized engine to detect a referral pattern on millions of accounts? And, if not, they could add a "Mark as Spam" button in Analytics referrers view to aid the task with the help of users!
Plus, a system to better verify hits against real server data *should* be designed and developed. The Google Analytics tracking system is so simple that anybody can fake Analytics data by simply using a script or by placing a UA-### account id onto another site. This protocol is far too simple to fake up, fake data is getting more and more frequent indeed!
Personally I started to look again at the good old server-side Awstats/Webalizer for my sites, in order to assess real data, and I don't trust Analytics very much... I really hope Google decides to tackle the issue soon, because tweaking Analytics filters every day, to me, looks like a temporary measure and actually just waste or time, not a real solution.
Fighting this kind of traffic and getting it to stop is one area I wish more martech vendors would focus on. To many seem to focus on other areas that though they do provide nice revneu stream. There are also 100 other companies that do exactly the same thing more or less.
Jared,
I tried to fix this with .htaccess, Here is what I used to fix referral spam:
## REFERRAL SPAM ##
<IfModule mod_rewrite.c>
RewriteEngine On
#Have removed many other sites from this code
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*motherboard\.vice\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*lifehacĸer\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*bukleteg\.xyz.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*38945217\-1\.compliance\-andrew\.xyz.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*38945217\-1\.compliance\-elena\.xyz.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*38945217\-1\.compliance\-ivan\.xyz.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*38945217\-1\.compliance\-alex\.xyz.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*boltalko\.xyz.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*biteg\.xyz.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*buketeg\.xyz.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*begalka\.xyz.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*arendovalka\.xyz.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*bezlimitko\.xyz.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*brateg\.xyz.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*abcdefh\.xyz.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*alfabot\.xyz.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*budilneg\.xyz.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*advokateg\.xyz.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?.*zverokruh\-shop\.cz.*$ [NC]
RewriteRule ^(.*)$ – [F,L]
</IfModule>
Note: .*$ for all variants
But could not fix it
Any help is much appreciated.
I am receiving such traffic from abc dot com and thenextweb dot com sites. when i have search the pages on google is see the secret google dot com on the result. I have used analytical filter for each site where i am receiving these type of spam traffic. Now i am receiving traffic from other sites that's are new for me. It is very difficult to add the sites in analytical filter, i have also noticed that these traffic mostly referring from Russia. I have also two other blogs in blogger and wordpress, but these blogs are safe from these referers, but my new site is one month old and i have started through hosting server. My hosted site is effect by these spammer? Can we say that hosted sites are not safe from these spammers? If yes, then its mean that, sites using blogger and wordpress platform are safe other than hosted sites?
Hi there Hussain! Because this blog post is quite old, your question isn't likely to get answered here. I'd recommend asking it in the Q&A forum, where it will receive greater visibility and experts in the community can crowdsource an answer for you. Hope that helps and best of luck!
Thank you Crawford. I will publish the same question on Q&A section.
Hi there!
I have a very simple question - I am running a Google - PPC campaign will I get charged by any chance if I get click on my campaign by Russian sites (spammers) like you have mentioned above? The campaign is meant for UK and US location only. Thanks :)
No, you won't be charged. Spam is only placed in Analytics. It's not a real visit/click in most cases.
Thanks a lot Dennis. Appreciate your help. Cheers! :)
Here is a nice open source list of almost 550 spam domains: https://github.com/ddofborg/analytics-ghost-spam-list
I had same problem. how to report spam & never show in the internet?. verry annoying.
Here is a free tool that will use your analytics referrers and build an htaccess file for you, remeber to back up first https://refererspamtool.boyddigital.co.uk/
Don't be surprised if the .htaccess solution don't work properly. I have a Google Analytics account that is not implemented on ANY website and it still has traffic from bots... Some of them just send directly data to Google Analytics and don't even need to visit your site.
That's why I've made a tool that blocks the bots inside Google Analytics. ;-)
https://digmato.com/google-analytics/referral-spam-filter-buy
There are 2 ways is which the trigger your UA code, either by landing on the page, now these guys can be blocked the other is they just request the GA UA code and dont visit the site, so far there's nothing that can be done, on several tests the htaccess block has stopped about 80% of the referrer spam, more importantly the bounce rate drops and on site time increases and sites siting on the second page of Google hjave started to work their way back to the first page
I know, how GA tracking works ;-)
Filters in GA are able to remove up to 100% of known spammers and they fix the metrics too.
However, IF Google used these data for rankings, it would be very easy to fake the data and create any desired Bounce rate and time on site.
blocking the bots in analytics does stop the google algo from dropping a site to the second page for poor user interaction, referrer spam can also be competitors trying to push sites down the listings
Use Spam Killer to automagically add filters which exclude 400+ domains.
Use this Analytics segment which removes 'old spam' Has a list of 400+ domains.
Hi Jarad,
Fantastic information!
I hope you don't mind but I added more information to your article and created a video to help people with the 'referrer spam' issue and how to solve. Hopefully, it will help a few people with this very irritating flaw in Google analytics?
https://seo-company-bristol.com/how-to-remove-google-analytics-spam
I must appreciate your post. The code for placing in .htacess is good. But day by day these kind of spam referral websites are increasing. Thanks for your valuable info and particularly for the spam blocking code.
If anyone finds it annoying to keep updating the SPAM list and filters, feel free to check my tool that does it for you. https://digmato.com/google-analytics/referral-spam-filter-buy
Nice and very useful post. But adding long list of spam links on .htacces makes the server slow on loading?
One of the best tutorials I've read on referral spam, I wrote an article on referral spam too for blocking hostnames, htaccess and the good bots. https://jonnyjordan.com/blog/how-to-stop-referral-spam-in-google-analytics/
Regards,
Jonny
This was a VERY helpful blog post. Thank you!
I am trying to implement some of these filter solutions for a lot of spam traffic my client is getting, but when I click on the 'verify filter' it tells me the filter would not have changed my data and might be invalid. I have copied the expressions some people have noted exactly, but replacing them with the names of what I'm trying to filter, for example, I have set up a custom filter to exlcude the following pattern from referral traffic. I have also tried it for the request URI and campaign source but none seem to verify?
.*semalt\.com|.*copyrightclaims\.org|.*ranksonic\.net|
Why is this not working for me?
Thank you for the tips.. your article was very helpful and helped answer a lot of questions.
Thank you very much. This has been very frustrated to deal with. I'm testing out the .htaccess method since this will be the easiest way to tackle client projects moving forward.
With regards to the filter - I simply do that retrospectively instead of preemptively. Shocks and surprises me that Google haven't taken a more pro-active role in this.
If you're using WordPress, instead of using Htaccess you should use this plugin I created: https://wordpress.org/plugins/bot-block-stop-spam-...
It blocks the bots from reaching your site just like the Htaccess file, however it's powered by a central database so when a new spam referrer pops up it's blocked automatically. This coupled with the hostname filter is blocking 100% of the spam to my sites...
Hi Jared and everybody,
These referrals are the bane of my (webmaster) life. I can see that none of you have any love for them either. Here's how we might be able to take some initiative to fix this. Ourselves.
I have tried filters and .htaccess solutions and plugins, but with only limited success. My metrics are getting ruined. For example, even if I'm not worried about my ghost/bot website hits coming from spammers and inflating my 'visits' metrics, I am certainly concerned when their visits dis-proportionally affect my other more critical info... like time spent on site, bounce rates etc. Because all the spammers hits are typically showing as ZERO time on my site, it can make the site look terrible in terms of metrics.
Enough of that... here's what I'm thinking: could some kind soul set up (for example) an ODESK or Elance or Guru job and ask how much it would cost to deep dive the problem and write some code to address it once and for all? We will all be old and grey if we're to wait for Google to fix it for us. We could all chip in a few bucks to pay whoever's doing it.
Hell, we could even sell on the progam and and all make a few bucks ourselves!! (or alternatively just open-source it of course!
Any thoughts?
Excellent post Jared
Referral spam is only getting worse and in my opinion the spammers believe they are somehow justified in their actions.
A conversation with the founder of small is not very reassuring that they're going to stop a twitter conversation with Nataliya Semalt makes me believe that they think they're honestly doing the right thing is twisted that there defense is to compare themselves to Google bot.
https://twitter.com/Nataliya_Semalt/status/567254210665017344
Getting them to stop is the most important part of both out of Google analytics with and using the blocking methods described above in conjunction keeping them off of your server using a high quality hosting company which blocks referral spam like Pagely or FireHost helps a lot because you tell them to block it and it's done.
Getting them by blocking by IP is simply almost impossible
“Semalt spam bots are originating from over 290,000 different IPs around the globe in a 30 days.”
Reference from
https://www.incapsula.com/blog/semalt-botnet-spam.html
If you are using something else and would like to simply block referral spam so it will not eat up your server resources
are all awesome at blocking referrals and pretty much anything you don't want hitting your server.
You must block both your server and Google analytics as well but you should do both.
Another interesting thing I've found to be true is Google analytics UA #’s ending in 2 or 3 are not affected as much as the ones that end in the number 1
Using Google tag manager and Luna metrics is another quick and easy way to block the analytics from this disaster that they have unleashed on us.
I incorporate everything I've talked about above and it works before that I was getting ridiculous numbers of direct traffic and referral spam.
Great article and if you do not currently believe you're getting referral spam have a look and take action immediately.
All the best,
Tom
Semalt doesn't hit your server. They hit Analytics directly using your ID.
They unfortunately hit both in this case my web application firewall picked up Semalt
https://d.pr/i/19kZm
In addition buttons-for-website(dot)com another referral spam was blocked through my web application firewall
https://d.pr/i/11uEI
Like I said it is important to protect both your server and your analytics.
Sincerely,
Tom
Correct Thomas,
Semalt does hit your servers, other bots do not but semalt crawls your site to be an "SEO tool"
Thanks for your input the firewall info was great!
what is the advantages of spam links?
the other sites is aliexpress.com have to mention here.
its bot sites are like
https://activities.aliexpress.com/
https://www.aliexpress.com/
s.click.aliexpress.com
daily get visits from these sites. think its a spam.
Yep those are definitely spam, Probably an affiliate link network
Hi Arpin Gajjar, Me Too Affected by these spam sites
site36.simple-share-buttons.com
simple-share-buttons.com
site30.simple-share-buttons.com
s.click.aliexpress.com
site27.simple-share-buttons.com
site21.simple-share-buttons.com
Did you see any rank drops for your websites? because I m facing ranking drops after affected by this site. but i am sure these spam are the reason for my ranking drop
Not Sure about ranking drop due to this websites but sure about this that its slow down your server and might be down your websites.
From last 2-3 days new sites added in Referral Spam
It is addons.mozilla.org
is mozilla also started sending spam traffic?? Strange Data in GA.
Yes. I was wondering if Mozilla could be a spam. But if it hitting other sites, than it is.
Thank you Jared for an amazing post about blocking spam bots, I have noticed quite a bit of referral from Darodar and semalt and I was quite disturbed by those irrelevant referrals. I have one more question is there any other way to block these spam bots from accessing my website except that .htaccess method?
Being that the referral bots NEVER hits your website, your .htaccess trick won't work! Complete waste of time.
Semalt spoofs Google Analytic tokens rather than sending traffic to your site.
Hey, you told us about blocking the crappy crawler domains but then showed us how to block entire countries instead! I went through and figured out how to block the domains from showing up in GA myself, pretty simple.
Hey Joseph,
That works just fine, the only issue is if they change the host name often, it just creates more work is all. They are still hosted out of the same country. Of course it depends on the type of site you are working on, whether or not that traffic is legitimate, for most of my clients, local based business in the US, Russian traffic isn't relevant and likely spammy.
Thanks, Jared!
I was already thinking what to do with these spambots, but i dont think, that using htacces blocking would help, because they are hitting on google analytics. I use Clicky analytics alongside with google product and i can not see any darodar or something like that over there.
And I don't think that Google Analytics data affects seo anyhow, because i haven't noticed any decrease in visits. If those would be actual clicks in serch you could start to worry.
But on the other hand filtering these out from analytics data is good idea, because everybody wants to see real visits and not bots.
Hugo,
Great to hear about the clicky data. That confirms our hypothesis that dandor is just hitting the JS
Yeah, and I must say if you are not so much about split testing and ecomerce Clicky is a way to go to understand your visitors needs better, because it allows to follow every visitor step.So you have more free time to work on offsite SEO and quality.
It's internet, there's high competition. For example, I want to know all about my competitors on the web. Don't you? I don't understand, why there is so much panic. If you block all bots, internet dies.
By the way, Semalt promotes my website and I must tell you that it works. I don't care about bots.
It's not about competition or bots.
Semalt et al generate meaningless data in analytics. It obfuscates good data and makes it hard to make meaningful decisions based on human behavior on your website. To protect my meaningful data I have to spend time finding and blocking meaningless sources of data.
It wastes my time.
Why do you think it works? How has Semalt created new business for your company?
Linda... I'll tell you why, with real data: brand new website (1 week old). Just checked it's GA, it shows: Direct sessions: 10; Organic sessions: 8; Refferal sessions: 224... 220 of them are coming from social-buttons.com and 7 different subdomains of the same website. The result: 99.55% Bounce Rate; <00:00:01 time on site. Well, tell me, how informative is such a report?
Jared thanks for putting this all together! I actually came across the article you referenced when I was initially looking to stop SEMALT for destroying my analytics for a couple clients! Keep fighting the good fight my friend!
Terrific article Jared. Just found semalt.com throwing off a client's sessions. Good thing I ran across your article a couple days back and could revisit! Having our developer block them with .htaccess now, and I'll filter them from Google Analytics. Thanks for the great resource!
Added the htaccess fix and also noticed the site social-buttons.com, so I added that as well. Hasn't stopped for this latest nuisance. Frustrating.
Excellent article, thank you very much.
I've made the changes you indicate in the post, hopefully down at least a little in the statistics.
I share a couple of other sites that are also spambots:
I also share the ".htaccess" code for nginx:
# nginx configuration
location * {
if ($http_referer ~* "^https://.*buttons-for-your-website\.com/"){
return 403;
}
if ($http_referer ~* "^https://.*best-seo-offer\.com/"){
return 403;
}
if ($http_referer ~* "^https://.*4webmasters\.org/"){
return 403;
}
if ($http_referer ~* "^https://.*ilovevitaly\.com/"){
return 403;
}
if ($http_referer ~* "^https://.*ilovevitaly.\.ru/"){
return 403;
}
if ($http_referer ~* "^https://.*ilovevitaly\.org/"){
return 403;
}
if ($http_referer ~* "^https://.*ilovevitaly\.info/"){
return 403;
}
if ($http_referer ~* "^https://.*iloveitaly\.ru/"){
return 403;
}
if ($http_referer ~* "^https://.*econom\.co/"){
return 403;
}
if ($http_referer ~* "^https://.*savetubevideo\.com/"){
return 403;
}
if ($http_referer ~* "^https://.*kambasoft\.com/"){
return 403;
}
if ($http_referer ~* "^https://.*buttons\-for\-website\.com/"){
return 403;
}
if ($http_referer ~* "^https://.*semalt\.com/"){
return 403;
}
if ($http_referer ~* "^https://.*darodar\.com/"){
return 403;
}
}
Bye.
How does Referral Spam compare to what a DDOS attack looks like in analytics?
DDoS attacks typically won't show anything in Analytics as the bots that are used for it don't parse JavaScript so can't trigger analytics tracking.
I'm having the same problem in my personal blog with darodar.com, iloveitaly.co, aliexpress.com and simple-share-buttons.com.
The thing is in Blogger there is no access to the htaccess :S
This is fantastic information - thank you! One question regarding the filters - you said "I like to set up filters by country in analytics to remove the historical data ." Don't filters only work moving forward? To block this traffic historically I use custom segments, but would love to hear other suggestions. Thanks again!
That is correct Jenifer. What I meant was the verify filter tests to see if the filter would work on based on historical data, it wont actually remove it.
Hi Jared ,
i have notice for quite a some time that you are pretty sever on illegal traffic!! Dont mind it but could i know the reason behind it...??? Coz thats not gonna do any harm to our Website!!
Jared, thank you for your well thought out article, it was incredibly informative, and helpful.
I like your mischievous idea of setting up a redirect in the .htaccess back to their own websites. Thank you for your disclaimer, I can't tell you how many times I've edited a .htaccess file, and unintentionally took down the website, but in each occasion, fortunately I had a back up.
I was going to ask, have you noticed any significance of enabling the bot filtering under view settings. I understand the principle, but I just don't seem to see any result.
That's really awesome that there a plugin for WordPress. I had no idea. I will definitely use it in the future!
Once again, thanks for your article!
Thanks Nate!
I haven't seen any result, for the bot filter enabling. It would be an easy solution, I wish it worked.
i am also noticing some referral spam traffic in my Analytics...but what can i do, if didn't have access to hosting panel as well as FTP.
Regards
Tony
If your site is on WP i would use a plug in. If not, removing them from your Analytics data would be the last option.
Jared Gargner
My site is on WP. can you please suggest me good plugin for this purpose....?
Getting rid of bots is like trying to rid the world of pests. You know the name of the bandit, and obviously his IP address or agent string, yes? Can you launch a counter attack? Or, could Google target this individual specifically? That might be wishful thinking but it’s like letting criminals run the streets free. Also, your solution is to address the .htaccess file, assuming a person is on an Apache server. What are your recommendations for blocking spam on other servers?
Matt,
Yes, I've used similar methods in the web.config for Azure servers, the syntax is different though. I haven't tried it on any other servers. I would like to see a submission form where you can alert Google of known bots for them to review.
Are there any steps to take to avoid getting hit by the bots in the first place? My site's been hit, and every time one is added to the .htaccess file, it seems a new one comes up.
Not that I know of, they are constantly crawling the web looking for sites to hit, many of them are using GA as their lead gen source, so the more sites they hit the better.
I'd settle for Google recognizing Bots as Bots and actually blocking them like I've told my GA account to... But since they don't do that very well, thanks for the share. I'll give it a shot.
Yeah, I would have assumed that GA would have been better about filtering them as well. I'm guessing these bots are hitting about 50% of the sites in the US. They hit almost every site I have worked with in the last 6 months.
Lol.
There are things Google is REALLY bad at... Like telling the difference between English and Spanish queries in Adwords. And I suppose we can add recognizing bots to that list as well.
Question: why didn't you use a predefined filter to exclude traffic from the ISP domain or a custom filter to exclude traffic from Referral source? Wouldn't that allow you to exclude something like semalt without excluding all traffic from that country?
see Nate Shivar's question about the same and the response
I've modified .htaccess file- with code provided in this post.
After one week: "semalt" not coming, but "buttons for website" still appears.
I have to admit, I use wordpress for our blogging solution, but it's hosted on a Windows server. What we did was just apply protection to the header. This should restrict access to all of these bots which skew your analytics.
Hello Jared Gadner,
You share a good information but I observe that In last 2 months I get many hits from russia by different domains like: humanorightswatch.org, s.click.aliexpress.com, and o-o-6-o-o.com etc. and when I block one domain, hits start from other spam domain. By .htaccss or by using google analytics filter, we remove them from counting of total visit but for blocking them it's necessity that you know the name of those spam domain, who hits your website.
I want to know about any method by that you automatically predict the spam domain list and block them before them hit our website.
Mohit,
I've gotten some emails and twitter messages about an automatic method for blocking such sites. If i find a good resource form it ill update the community about it.
Thank you for commenting!
Thanks for this post Jared, it's extremely helpful and timely. I'm Head of User Acquisition for a small startup project in the UK and have noticed low level amounts of traffic from spam bots for the last 4 or 5 months, but not enough to cause concern or massively skew the data. More recently, however, I've seen a significant spike in spam traffic as we've grown our user base to the point where it can account for up to 15-20% of referral traffic.
I'd be interested to know if somebody out there is curating a list of domains creating spam referral traffic - it seems like new ones are popping up all the time.
Yes, I've noticed that the more inbound links that you have to your site the more spammers are finding it. I'e gotten a few emails and tweets this morning about the issue of automating a list or curating one. If I discover something good from it i'll update this post.
Thank you for the read!
automated methods are
I hope that helps,
Tom
Hey Jared,
It's a very informative post and certainly deserves to be on main blog. Congratulations!
I've been seeing traffic from Semalt.com to one of my site and didn't know it can cause me that trouble. I like to know have you tried to blocked the crawlers by IP? Will this be an appropriate method?
Umar,
Yes blocking them by ip is a pretty good way of doing it. I use that method with the Wordpress plugin WPban. the nice thing is that you can use an ip range so you can revome traffic from a whole server farm.
Thanks Jared for your feedback! Now I should have a look at WPban asap :)
Actually, blocking by IP address is pretty much hopeless. Because of the method many of these spammers are using, the bots can be coming from literally hundreds of thousands of different IP addresses. It a game of whack-a-mole that simply can't be won that way.
These are three more spam sites from where I am getting traffics sharebutton.org, site39.simple-share-buttons.com, simple-share-buttons.com
Ive seen sharebutton.org lately, the process cna be repeated to filter them out with GA filters.
Thanks for the read!
Referrer spam bots seem to be a growing problem, or maybe I am just noticing it more lately on my new site, and in articles written about how to fix the problem. I installed the SpamReferrerBlock plugin on my WordPress blog on Feb 24, 2015, but I'm not seeing any decrease in spam traffic. Will try WP-Ban.
Most of those spam visits target GA ID, so setting htaccess won't help. If you check the hostname of all your visits in GA, you will see that real visits come from your hostname (like: www.moz.com). Adding filter as INCLUDE hostname www.\moz.\com will solve this problem.
Hi Jared,
Thanks for the reference to my Definitive Guide article (https://www.analyticsedge.com/2014/12/removing-refe...).
One thing that most people don't seem to realize is that there are TWO types of spam referrals, and the techniques to remove them are DIFFERENT.
Semalt and some others are crawlers that actually hit your website. Block them with .htaccess or a WP plugin if you can. Specific filter in GA if you can't. These are tedious to set up and maintain for spammers, so they tend to change slowly.
Darodar and social-buttons are ghost referrals that do not hit your website. They inject directly into GA's tracking servers and cannot be blocked; they must be filtered. For these, a hostname filter is the way to go -- one filter catches all of them, and since they change very quickly, I highly recommend it.
We did manually create filter for quite some time for our customers, but then we got tired of doing it manually. This is why we have built an automated solution for this problem. You can use it at https://referrer-spam.help
It will automatically add filters for known referrer spam hosts. Further we correlate referrer hosts from all participating users and this allows us to detect and filter new spam hosts automatically, before the spammers hit a lot of users.
Snazzy presentation Web page referrer-spam-help. Tell me, what is the cost of your service? I couldn't find pricing on your page. And why must I give you access to my Google Analytics account just to get started? Also, maybe put a link to your FAQs on the main navigation. I visited the page 3 times before I saw those and almost added a couple of those questions here. Finally, do you have, or know of, a Wordpress plugin to help with this issue?
Thanks for the feedback.
There is no cost for this service so far. We try to provide this service for free as long we can afford it. We will likely add a donation functionality soon for those who want to support us.
At first we request read-only access to the account, so that you can chose for which views (profiles) you want to enable the protection. Then we request write-access after you decide to setup the protection. But the access is only granted for a limited time (15 - 60 minutes)
After the initial setup, you can enable updates to get future filters, but this is optional. When you enable it, it requires that you grant offline access permissions so that we can add filter even when you're not on the website anymore.
Wordpress plugins can actually only prevent crawlers / bot (non-ghost referrer spam). Most of the referrer spam we experience is actually ghost referrer spam, so the spammers never access your website, they just try out all tracking ids and send fake visits directly to Google Analytics. For this ghost spam the only solution is filtering it in Google Analyitcs, this is why we built that tool, there is no real alternative to filters.
Thanks. I decided to give referrer-spam-help a try. It was very easy to set-up. But when does the filter kick in? I'm still seeing the spam. Does in only filter these referrals from the time of set-up?
Yes, filters only have an effect for future data, already existing data is not filtered out. If you want to do this, you would have to setup a segment to filter it out.
You can verify that our filters are active when you go to the Google Analyitcs admin section, select your View and check if the filter section shows the 4 referrer-spam.help filters
Thanks for the clarification. I checked and the 4 filters are there. Thanks for your help.
Elliot, I'd love to hear how you've liked this filtering service, once you've been using it for a while.
I've liked the filtering service very much so far. It was extremely easy to set-up. Now I'm seeing cleaner stats without the spam entries, which in my case were displaying as the biggest referrers and showing an extremely high bounce rate which was worrying me. Now the stats are getting back down to pre-spam levels.
What I'm unclear about though - and maybe referrer-spam-help can advise - is whether the Google algorithm itself sees these spam visits and resulting high bounce rates for ranking a website? Or because the spam bots don't actually hit the website, they would not be counted anyway?
Hi referrer-spam-help. How do I add a new spam bot to the system? I'm seeing a lot of referrals from trafficmonetize.org - can you add this?
I also tried this service with the site of a client. I added it to the testing view. After 2 months I found it reduced the referrer spam by about 80%. There are still some getting through, but hopefully I can keep up better now. I'll test with other sites, but it seems very promising.
I have tried to add a new filter for semalt.com and social-buttons.com using filter field: referral. But it won't accept this, saying: "This filter would not have changed your data. Either the filter configuration is incorrect, or the set of sampled data is too small." However social-buttons.com accounts for more than 50% of my traffic right now. Should I be using a different filter field?
Hi, last 2 month ago, during analytics course that I teached, I've solved partially the problem through hostname advanced filter.
The idea is track the traffic only with our hostname. If we select Hostname as 2nd dimension per each report, shows different hostname (amazon, apple, mozilla, google, (not set) and more...) Well, all of them are spambot or ghost referral.
Generally, the traffic "visit" or should visit our main domain (aka hostname). To include only "our domain", all spambot referral will not be tracked. Quickly and simple.
In past report we can include only our hostname as filter like as (www\.yourdomain\.ext|yourdoamin\.ext) (ext with our real extension).
And yes, works fine but considering some conditions.
1) If user want translate our website through translator (like google), google.usercontent.com will be the "positive" hostname, and it's not fake
2) If we managed google adwords accounts that advertise differentes geoTLD in same time in different countries with same geoIP, (example germany, switzerland and austria have many contiguous cities), so maybe, hostname will be one of theme geoTLD. Solution will be change the filter pattern like as (www\.yourdomain\.(de|at|ch))|(yourdomain\.(de|at|ch))...
3) Important to active a intelligence alert for AnalyticsView, and to select traffic aren't our hostname for to detect new spam referral
4) Semalt & others spamBot, for example, many time use our hostname, and that will not be removed with personalized filter. So, to apply report filter only for some referral/medium
Conclusion:
and test and test again, because every day spam referral will be a big problem for the analyst.
Check out the Referral Spam MEME
This article has been a real help for a newbie like myself. Thank you Jared.
These spam bots are the biggest headache. I have so many sites that have the spam bots crawling the sites.
Hi, I created this filter for both China and Russia but there is no data at all in the view. Any ideas?
Hi all! I read through everything here and I do not see this question: How do these spam bots impact rankings? Currently, one of my websites has a 99% bounce rate all because of this spam. My organic search stats are 40% bounce. So, is Google dropping rankings because the overall bounce is 99%? This particular website was #1 for several vanity terms and now is bottom page 2. I am trying to figure out what happened because I have done NOTHING to the website in months. The only change is the bounce due to the spam. Any ideas?
Love the idea to filter out according to country for the ghost referrers. It's so beautifully simple. I wonder why more people haven't thought of that. Would it be even easier to set a filter to only include traffic from United States if your site is for a small, local business?
I believe and follow the hostname theory.
If I include in another view only our hostname (yourhostname in the graph), the data is more accurate.
Language Hostname session da-dk yourdomain.com 329 da yourdomain.com 229 (not set) (not set) 139 en-us yourdomain.com 112 ru google.com 33 ru theguardian.com 31 de yourdomain.com 25 ru advocacy.mozilla.org 14 en-us (not set) 10 en-gb yourdomain.com 9 ru google.ru 8 es yourdomain.com 7 es-es yourdomain.com 7 de-de yourdomain.com 5 pl yourdomain.com 3 fr-fr yourdomain.com 2 nl-nl yourdomain.com 2 pl-pl yourdomain.com 2 pt-pt yourdomain.com 2 ru yourdomain.com 2 ru-ru yourdomain.com 2 sv-se yourdomain.com 2 en www.cbnfee.org 1 en www.eaafp.com 1 en www.fulfvvt.ru 1 en www.lpapakjdq.eu 1 en www.lsqlubuk.br 1 en www.nioktfrvgutz.it 1 en www.nomkyj.ru 1 en www.okbrkq.ru 1 en www.rpdvu.ru 1 en www.rxnujqshnhp.eu 1 en www.snpmzodo.org 1 en www.ssdysujhuxj.cn 1 en www.vkzxw.net 1 en-ca yourdomain.com 1 fr yourdomain.com 1 it-it yourdomain.com 1 nb yourdomain.com 1 nl yourdomain.com 1 ru firefox.com 1 ru forum.topic39782683.darodar.com 1 tr yourdomain.com 1
Thanks for this helpful article, Jared.
What I wonder about is, does this referrer spam influence a website's performance on Google - the Google ranking - since there are such high bounce rates? Does someone know more about how Google handles this?
Really nice post!
I was mad about the way of stopping these spam.
I am actually running a plug in in my wp site call SpamReferrerBlock, but some spam still appears... :(
Great info Jared!
This spam traffic is killing our analytic data. How about restricting them through robots.txt file?
I have used .htaccess code also use wpban traffic is increasing. you have any alternative way to stop this spam traffic please advice me. spam referral traffic will harm for website ranking and good adsense please advice me. i am very worry about this.
Not all sites will be blocked with the .htacess. You will have to set up GA filters for ghost referrals. See comments above.
Thanks Jared! Great article! All I have is a "Coming Soon" page and those spam bots are hitting Google Analytics! This will definitely help. I used the WP plugin you mentioned.
I'm making a spreadsheet of them. If anyone wants to add their list to it let me know.
https://docs.google.com/spreadsheets/d/1Q1AbQBu6gz-ANcrBFaFi8iiSY6sBTFGztO1X80idIYY/edit?usp=sharing
A quick note about GA filters I ran into while taking care of these spam bots: GA filters won't retroactively remove this referral traffic. The traffic will be filtered out post-filter, but won't filter out historical data. Not sure if you imply retroactive filtering in this post, but I wanted to clarify for any readers.
Jared
Is there any official statement from Google on this subject? It has been going on for months and these filters will lose their value over time. It's getting worse and it makes me want to switch to a different (paid) analytics solution. Surely this problem must be a real pain in the ass for Google.
Hey nice explanation and solution thanks.
I want to suggest that it might be good if we check referrer url using contains caluse in htacces. Because these sites change their domain very often with subdomain names or totally new domain names, in those cases list keeps on growing. here is how i have done it -
RewriteCond %{HTTP_REFERER} (priceg) [NC,OR]
RewriteCond %{HTTP_REFERER} (darodar) [NC,OR]
RewriteCond %{HTTP_REFERER} (hulfingtonpost) [NC,OR]
it is explained here - How to stop spam referrals and filter them from google analytics using htaccess
Thanks for the article. For my website, I set up Cloudflare and it stops all the bad bots. Useful.
forgive my ignorance, but what why would "Mr. Popov" would do this? I don't understand the point?
Hi Jared, It's a great post. I have also seen referrer spam traffic from semalt.com and many other domains that you have not mentioned here. But what I could not understand is that why people send referral traffic, What they get by doing this? and what are risks for us except wastage of server resources?
This is nice Wordpress plugin but not working properly. i have used this wordpress plugin. i got more referral traffic from buy-target-traffic.com, social-button.com etc. please suggest me how to ban referral traffic from buy-target-traffic.com
Thanks this was a good post . I had faced the same on my site go4hosting.com, few months back and we opted similar methods. You confirmed it.
Thank you, I found this article very interesting because my website is being attacked by spam bots, site navigation is constantly in a very small time
I notice less traffic from every source, even from organic traffic (Google, Yahoo & Bing) after applying the hostname filter. I saw this after comparing both both analytics view (with filter & without filters).
Spam bots Spam bots go away go away , thanks for this useful blog
Thanks for helping... There are many article found on internet, but all of these are not guided well. I got a spam refferal traffic from Rassia. Again , thanks for helping me.
Here is my developed code with more blocked websites:
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https://.*ilovevitaly\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*ilovevitaly.\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*ilovevitaly\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*ilovevitaly\.info/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*iloveitaly\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*econom\.co/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*savetubevideo\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*kambasoft\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*buttons\-for\-website\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*semalt\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*iskalko\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*cenoval\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*cenokos\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*priceg\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*gobongo\.info/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*seoexperimenty\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*vodkoved\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*adcash\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*websocial\.me/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*cityadspix\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*luxup\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*ykecwqlixx\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*superiends\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*slftsdybbg\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*edakgfvwql\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*socialseet\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*screentoolkit\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*econom\.co/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*savetubevideo\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*7makemoneyonline\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*hulfingtonpost\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*12masterov\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*bestwebsitesawards\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*ghazel\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*dipstar\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*blackhatworth\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https://.*darodar\.com/ [NC]
RewriteRule ^(.*)$ – [F,L]
Nice www.ispjogja.com
josss
help full information and discussion.
Jared, Nice tutorial, I think you forgot to add using referral exclusion feature in Google Analytics, I tried it and traffic from these source now not showing up.
Using referral exclusion is not a solution because when it 'excluded'... it will calculate as Direct Traffic... so yes.. your analytics data still bias
Viktor, are you sure? According to the GA article on referral exclusion that Sachin included..."When you exclude a referral source, traffic that arrives to your site from the excluded domain doesn’t trigger a new session." So if it isn't triggering a new session at all why would it get counted as traffic? Direct or otherwise?
what the hell 3 days back i put a issue here from 2 day its showing Mr. Roger is looking into it and today the question has deleted, If you unable to provide solution its doesn't mean you delete it. hmmmmmmmm
now this guy is really pushing it. look at the keywords of google analytics...
https://gyazo.com/2032536caadefbdf942cf0cd5e1ab255
I want to use this opportunity to thank the Great [DR Fadeyi] for helping in getting my husband back to me, i have been in great pains until the day i contacted [DR Fadeyi] he coasted a love spell for me and told me to wait for just 12 hours that my husband will call me and i did according to the instructions given to me by him and surprisingly, in 12 hours, my husband really called me and started apologizing for all he had caused me. I am the happiest Woman on earth today because [DR Fadeyi] has done a wonderful deeds in my life and i will continue to share this testimony, if you would love to contact [DR Fadeyi] and if you know you are encountering same situation, visit him today by contacting him via this email address: [[email protected] or [email protected]] or his hot line:+2348112252378
I want to use this opportunity to thank the Great [DR Fadeyi] for helping in getting my husband back to me, i have been in great pains until the day i contacted [DR Fadeyi] he coasted a love spell for me and told me to wait for just 12 hours that my husband will call me and i did according to the instructions given to me by him and surprisingly, in 12 hours, my husband really called me and started apologizing for all he had caused me. I am the happiest Woman on earth today because [DR Fadeyi] has done a wonderful deeds in my life and i will continue to share this testimony, if you would love to contact [DR Fadeyi] and if you know you are encountering same situation, visit him today by contacting him via this email address: [[email protected] or [email protected]] or his hot line:+2348112252378...
Thank you sharing, for your nice information,Thank you so much
https://alexxblog.com/supervpn-for-all-block-site-unlock-free-download/
https://alexxblog.com/
Thank You
very help full data on your site
https://alexxblog.com/hotspot-shield-unblock-all-block-website-free-download/