Analytics Referral Traffic Spam

By July 6, 2015 Hosting, SEO

Update 06/08/2015:

After much testing and research I can conclude that although ht access,IP blocking etc is a method to prevent some referral spam, it is not an absolute solution.

Most referral spam comes from manipulating your Google analytics ID to simulate a website referral. In most cases, there is no hit or referral from the actual referral site but a clever bit of code simply telling your analytics GA ID that it has received a referral. – no one is actually referred to your site, your analytics code is just manipulated to think so.

This in essence means that blocking out this traffic from your server, won’t work in all cases as there is no real hit in the first place.

The best way to prevent this spam clogging up your analytics is to add a filter to your analytics account for each spammy referral site and then forget about it.

I’m sure it won’t be long before Google gets round to a solution for this, however I’ve seen an article where someone posted the same “Google will sort it soon” 10 months ago.

My advice also is to make sure you analytics tracking code is up to date as a fix is mostly likely to come in the form of a tracking code update/patch.

Recently we’ve seen a spike in referral traffic for many of the Google Analytics accounts that we manage. Our initial thoughts were of excitement:

Lots of additional traffic from newly-formed inbound links! Woo!

But really, this was not the case. As we dug deeper into the Analytics data, we noticed very bad statistics from this new referral data: small amount of time spent on site, high bounce rate, etc. On further inspection we also noticed that the sources of the traffic were from places like Russia or Eastern Europe.

By checking the actual referral locations, we found stats that looked a bit like this:

SourceSessions% New SessionsNew UsersBounce RatePages / SessionAvg. Session DurationGoal Conversion RateGoal CompletionsGoal Value
site5.floating-share-buttons.com72100.00%72100.00%100:00:000.00%0$0.00
site2.floating-share-buttons.com70100.00%70100.00%100:00:000.00%0$0.00
site1.floating-share-buttons.com43100.00%430.00%200:00:440.00%0$0.00
site3.floating-share-buttons.com36100.00%360.00%200:00:480.00%0$0.00
www.event-tracking.com27100.00%270.00%000:00:000.00%0$0.00
www4.free-social-buttons.com19100.00%1989.47%1.1100:00:470.00%0$0.00
100dollars-seo.com18100.00%18100.00%100:00:000.00%0$0.00
www3.free-social-buttons.com14100.00%14100.00%100:00:000.00%0$0.00
www1.free-social-buttons.com13100.00%13100.00%100:00:000.00%0$0.00

This is referral spam data.

What is Analytics Referral Traffic Spam?

Basically Analytics Referral Traffic Spam comes from bots that crawl thousands of sites sending out http requests to the websites with fake referral data. By sending fake data they then avoid being detected as bots. It’s usually associated with black hat SEO tactics, or spammers/hackers in general.

A referrer is a name that is passed along when a browser goes from one page to another page (through an HTTP header), and is usually used to indicate where the user is coming from. Now, this referrer can be changed for anything, and some people will set it to be a page they want to promote. Then they will make repeated requests (probably with an automated script) with the intention of showing in the reports and logs of this WebSite, this is called Referrer Spam. – Matt Cutts

Why Do They Do It?

There is some evidence to suggest that increasing traffic to your website, and therefore referrals, can help improve your SEO rankings. However, in reality, search engines like Google are far too clever for this, and this fake spam data will only hurt your potential SEO rankings.

This tactic can also be used maliciously, to attack a website. Well, we say ‘attack’, but it’s more like ‘annoy’. They can do this by pushing spammy data, that could result in a slap from Google as a penalty, although this is very unlikely. The other obvious malicious intent would be the intent to screw up your Google Analytics data, which, to be fair, is annoying, but can be overcome relatively simply.

I suppose there is also strain on the server as well, like a type of DDOS attack. However you’d need a lot of referrals to take down a half decent server.

The third and most obvious reason for doing this is the same reason people spam emails all day: to advertise their service/product. They are spamming these referrals out all day, and as a result, many people will visit these referral sites to see where the referrals are coming from, which results in free traffic for them, albeit traffic from (most likely annoyed) Google Analytics checkers.

The website/services are targeted at people who will be checking Google Analytics. Things like:

  • SEO malt – a SEO checking tool
  • Social sharing buttons
  • Free Traffic – I mean, really, come on!
  • SEO Services
  • Make Money online

You get the picture.

Why Block It?

Well, if being really annoyed by these spammers is not enough, then you should block it because:

  • It corrupts your Google Analytics data. Diving through that spam data to get to legit traffic is not going to be too easy.
  • Server load and security. At high levels it can slow and put a strain on your server. It’s likely if you’re targeted by this spam data, other more harmful bots looking for website vulnerabilities may follow.

How to Block It

I’ll list the two easiest ways.

1. Htaccess

Use Apache’s htaccess to block them from accessing your website, assuming you’re on an Apache server. This, we feel, is the best way, as it stops the bots from accessing your website altogether.

You’ll want to add something like the following to your htaccess file in your root directory:
## SITE REFERRER BANNING
RewriteCond %{HTTP_REFERER} semalt.com [NC] RewriteCond %{HTTP_REFERER} buttons-for-website.com [NC] RewriteCond %{HTTP_REFERER} seoanalyses.com [NC] RewriteCond %{HTTP_REFERER} floating-share-buttons.com [NC] RewriteCond %{HTTP_REFERER} site1.floating-share-buttons.com [NC] RewriteCond %{HTTP_REFERER} site2.floating-share-buttons.com [NC] RewriteCond %{HTTP_REFERER} site3.floating-share-buttons.com [NC] RewriteCond %{HTTP_REFERER} site4.floating-share-buttons.com [NC] RewriteCond %{HTTP_REFERER} site5.floating-share-buttons.com [NC] RewriteCond %{HTTP_REFERER} event-tracking.com [NC] RewriteCond %{HTTP_REFERER} success-seo.com [NC] RewriteCond %{HTTP_REFERER} Get-Free-Traffic-Now.com [NC] RewriteCond %{HTTP_REFERER} free-social-buttons.com [NC] RewriteCond %{HTTP_REFERER} videos-for-your-business.com [NC] RewriteCond %{HTTP_REFERER} free-social-buttons.com [NC] RewriteRule .* - [F]

2. Analytics filters

You can use Google Analytics to filter out the traffic. This is also helpful as it applies to past historical data.

You’ll want to use a regular expression such as:

.*(semalt(media)?|buttons-for-website).com.*

as a filter in your Google Analytics property.

I would recommend selecting the “Bot Filtering” check box that is found in “View Settings” within the “Admin” tab. It’s likely that Google in the future may decide to block these refers out altogether.

 

Conclusion

Following the above suggestions should help you block out these annoying spammers.

However, if Creative Brand Design handles your website, hosting or SEO, you can rest assured that this has already been actioned by us, for you.

 

Chris

Founder and Managing Director of Creative Brand Design.