I had some interesting traffic showing up in my Google Analytics today. So far I’ve seen 21 referral traffic from forum.topic44122300.darodar.com to my home page http://www.blackmoreops.com/.
Readers, I highly recommend reading comments section for more views and details.
Making comments doesn’t require registration in this site, so you can leave your views anonymously.
[button color=”red” size=”medium” link=”http://www.blackmoreops.com/2015/05/06/effective-solutions-for-google-analytics-referral-spam/” icon=”” target=”true”]Click here to read three effective solutions for Google Analytics Referral spam[/button]
Date: 18 Dec 2014-18 Dec 2014
- Referral Traffic » Source: forum.topic12345678.darodar.com
- Referral Path » / : http://www.blackmoreops.com/
- Referral Sessions » 21
- Avg. Session Duration » 00:13:22
This is an uncommon Domain and URL, so obviously I was suspicious given that my site serves contents specific to security and pentesting. I didn’t wanted to just click on that link and see what’s going on.
Table of Contents
Use curl to browse to darodar.com
So I used a Linux session instead and tried to trace what’s going on.
root@kali:~# curl -vvv forum.topic12345678.darodar.com * About to connect() to forum.topic12345678.darodar.com port 80 (#0) * Trying 78.110.60.230... * connected * Connected to forum.topic12345678.darodar.com (78.110.60.230) port 80 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.26.0 > Host: forum.topic12345678.darodar.com > Accept: */* > * additional stuff not fine transfer.c:1037: 0 0 * HTTP 1.1 or later with persistent connection, pipelining supported < HTTP/1.1 404 Not Found < Server: nginx/0.8.53 < Date: Thu, 18 Dec 2014 03:45:41 DST < Content-Type: text/html < Connection: keep-alive < X-Powered-By: PHP/5.2.11 < Vary: Accept-Encoding < Content-Length: 100 < * Connection #0 to host forum.topic12345678.darodar.com left intact <html><head><meta http-equiv="refresh" content="0;url=http://shopping.ilovevitaly.ru"></head></html>* Closing connection #0 root@kali:~#
So that’s what it is, it’s pointing to http://shopping.ilovevitaly.ru.
Weird!! Why would they do it and why would it appear in my Google Analytics? What’s the benefit here?
I went looking around and found there are other people who are having similar darodar.com referrals showing up in their Google Analytics. Should we be worried?
There are several discussions going on about it right now and the following is the most informative.
A non existent page is showing up on my analytics. (109 posts)
There is also few posts that explains how to block this Referral Spam … and NO, they dont work for this particular case.
Block Darodar.com (.htaccess Method)
Code to add in .htaccess file:
SetEnvIfNoCase Referer darodar.com spambot=yesOrder allow,denyAllow from allDeny from env=spambot
Absolutely bugger all useless. And NO, BPS wont work as well for this darodar.com referrer spam.
Crunching logs
My next step is obviously checking logs for
- Darodar Referral
- IP Address
- or similar
First I checked my Apache logs assuming I might see something.
root@someserver [/logs]# grep -r -H darodar *
I got nothing.
Similarly, lets check their IP address in logs
root@someserver [/logs]# grep -r -H 78.110.60.230 *
Still nothing
Next, check my WordPress logs
root@someserver [/wordpress/access-logs]# grep darodar wordpress-logs.log
Still nothing.
Let’s just check with their IP (by this point I know fully I wont see anything – cause Apache Access log would’ve showed it anyway). But I did it anyway.
root@someserver [/wordpress/access-logs]# grep 78.110.60.230 wordpress-logs.log
Well?? Nothing of course.
I also got ModSec running and I got separate logs for that. I checked and still nothing.
So, what does it all mean? It just means that no one ever visited my website from darodar.com Referral but interestingly Google Analytics is still reporting it as legit traffic.
Explanation of darodar.com referrer spam
The following explains it well and I couldn’t have done better:
Samuel Wood (Otto)
Posted 14 hours ago #
You sure about that
Pretty sure, yes.
This isn’t a WordPress specific thing. This isn’t even specific to individual WordPress plugins. Like you said, your “personal website is CodeIgniter” and you can see it there.
Here’s a quick primer on how Google Analytics works.
So, you get setup on GA and get a code from them. The code looks like UA-number-1 or some such thing. That number is your “account number” on GA. Now, this code and a bit of javascript go onto your webpage. Now, somebody visits your page, and their browser runs that javascript code.
That javascript code is what “records” their visit. It makes their browser talk to Google Analytics. Specifically, it makes certain types of HTTP requests that Google records information about, and then GA displays summaries of that information to you.
Pretty basic, right? Still with me? Okay, now, if all it is is this Javascript sending the “visit” to them, then anybody can fake that. Anybody at all. All I have to do to make your GA show false information is to send my fake information directly to GA.
I don’t need to visit your site at all. I don’t need to run javascript at all. I just need to reproduce those HTTP requests, which are public and so anybody can see them and how they work. They’re even fairly well documented, publicly, by Google themselves.
So, now, let’s say I’m a spammer jerk. I want to get people to see my spammy site. So, what do I do? I write a small bit of code to send thousands upon thousands of these fake requests to GA, and I simply cycle through all the UA numbers, in order, at random, whatever. I send a fake visit, with a fake referrer, and my spammy domain name. And guess what? It shows up in your Google Analytics screens.
You see this spam like any other normal visit. Because as far as GA is concerned, it was a normal visit. All they’re recording are those HTTP requests, which normally come from the GA javascript code. But a request is a request, and making a fake one is very, very easy.
That is what is going on. All I need is your UA number and with only a minor bit of effort I can fake a visit to your site without ever actually connecting to your site at all. That fake visit can have any domain name and any referrer in it that I choose.
This is an attack on Google Analytics, to promote whatever site is showing up. You cannot block it on your server, because your server is not involved at all.
I agree with Samuel Wood (Otto) a.k.a Tech Ninja. Why?
Because I found no evidence of anyone from darodar or similar sites ever accessing my website, my vps, my entire server. The website in question darodar.com redirect to some shopping website and if you read the LONG discussion here then you will see many people had similar experience but no one could prove that anyone ever visited your website.
Who owns darodar.com?
Easy to find as it seems the person was either careless or used someone elses name.
root@omeserver [~]# dig darodar.com SOA ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> darodar.com SOA ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5978 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;darodar.com. IN SOA ;; ANSWER SECTION: darodar.com. 21599 IN SOA ns1.nameself.com. support.regtime.net. 1385014908 10800 900 604800 10800 ;; Query time: 152 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Fri Dec 19 01:54:36 2014 ;; MSG SIZE rcvd: 97
We can find his name, address, phone number using who.is
% Regtime Ltd. WHOIS server Domain name: darodar.com Name servers: ns2.ht-systems.ru ns1.ht-systems.ru Registrar: Regtime Ltd. Creation date: 2007-11-15 Expiration date: 2010-12-05 Status: active Registrant: Vitaly A Popov Email: [email protected] Organization: Private person Address: Aurory str. 70-141 City: Samara State: Samara ZIP: 443070 Country: RU Phone: +7.8462791590
SOA Record – darodar.com Name Server ns1.nameself.com Email Email Masking [email protected] Serial Number 1385014908 Refresh 3 hours Retry 15 minutes Expiry 7 days Minimum 3 hours
Does this person really owns this domain? We don’t know and this can easily be faked. The domain details were changed on December 17, 2014.
See details in the link above.
Why am I seeing darodar.com in GA?
If you haven’t read the informative post by Samuel I copy/pasted already, here’s the summary
- darodar.com is using your Google Analytics Code to recreate fake information and sending that directly to Google Analytics.
- They are not visiting your website.
- In this case, they are possibly using a script to randomly create Google Analytics code UA-xXxXxXxX-1. Some would work, some wont.
Why use this referral spam?
Not sure it benefits them. Yes, it redirects to a shopping website (and previously it used to redirect to Amazon Affiliate page) but Google and Amazon will demote those links very soon. Those website will never show up in Google search or any search engines… This is possibly just a testing tool for something bigger to come …
Is my server, website, wordpress, VPS hacked?
No, as far the discussion goes,there was no hacking, it’s just referrar spam. Read more here. This spam is exploiting how Google Analytics works, possibly to promote some website (duh! Google will find it and demote it … ).
Can I block darodar.com and their IP?
Knock yourself out. You can block their IP in .htaccess or in your Firewall. Add the following to your .htaccess in the root of webdocs or wordpress or site folder.
Order Deny,Allow Deny from 78.110.60.230
Will it work? Well it will definitely block all access from 78.110.60.230, but it takes few seconds to change IP. So no, it wont work. But again, they are not visiting you and this Referral domain only appears in Google Analytics.
Can I block darodar.com as a referrer?
Mate, you’re reading the post, but not really paying attention. They never visited you. But if it makes you feel any better, the following code would work nicely to block any referrer spam:
## SITE REFERRER BANNING
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} badsite\.com [NC,OR]
RewriteCond %{HTTP_REFERER} badsite\. [NC,OR]
RewriteCond %{HTTP_REFERER} sub\.badsite\.com [NC]
RewriteRule .* - [F]
I found this nice website .HTACCESS Banning Generator. You can generate a nice and proper .htaccess block using their online tool.
Again, in this case, it wont work because the referrar was done directly using Google Analytics code and completely bypassed your website. You cannot block sopmething on your server, where your server was not involved at all.
Can I hide or filter darodar.com in Google Analytics?
Of course you can. Use the instructions Google Analytics’s G+ page
Google Analytics: Introducing Bot and Spider Filtering
https://plus.google.com/111224383669619377607/posts/2tJ79CkfnZk
I’ve done it this way
Analytics
|
—–> Admin
|
—–> Account
|
—–> Property
|
—–> Tracking Info
|
—–> Referral Exclusion List.
Then just added each domains with like this
*.darodar.com
*.iliovevitaly.com
etc.
Related contents and links
Some other useful URL’s regarding Google Analytics posted by Alin Marcu in here
- Processing data and applying your configuration settings:
https://analyticsacademy.withgoogle.com/course02/assets/html/GoogleAnalyticsAcademy-PlatformPrinciples-Lesson3.1-TextLesson.html - Transforming & Aggregating Google Analytics Data
https://analyticsacademy.withgoogle.com/course02/assets/html/GoogleAnalyticsAcademy-PlatformPrinciples-Lesson3.4-TextLesson.html
More useful links
- Remove spammers from GA stats:
https://productforums.google.com/d/msg/analytics/IgeiXxnQR3o/FGHQe551_cMJ - Exclude referrers in GA report
https://support.google.com/analytics/answer/1034842?hl=en - More of Excluding referrers in GA report
https://support.google.com/analytics/answer/2795830?hl=en - On-going discussion on Wordpress.Org
A non existent page is showing up on my analytics. (109 posts)
What is more scary?
You know what? I am not worried about this darodar.com referral spam / referrer spam. The worst that can happen is you see some funny links in your Google Analytics. Just don’t browse to those sites.
But the part that’s more disturbing is that anyone with some programming skill can actually create a tool to randomize Google Analytics code and send Fake visiting info back to Google. Followings are the implications:
- You can target a legit website and spam others using them as referrer. The result? Google demotes a perfetly good website because someone else spammed forged their GA code to spam others.
- You can target a website and spam using their GA code. The result? That website appears in millions of GA users and if even 5% of them visit that website, it might just overload their server and create a DDoS situation for them. I tested a tool named GoldenEye which was able to create 100’s of legit connections from same IP and GA thought they were real users. There’s obviously some more fine tuning required on Google’s behalf.
- Someone exploits your GA code and Google can just BAN your GA account, no explanations will be given. Your AdSense account can be exploited and banned in similar ways.
What do you do in the meantime?
Few options, some are just to make you sleep well!
- You can block their IP – pointless, IP’s are dime a dozen.
- You can block them as a referrer – maybe good for your GA. See links above for the guides.
- You can filter them in your GA Account – Possibly a good idea.
Just wait a few days and Google will take care of it in Google Analytics. It will not hurt your Analytics account or your website standings in anyway. Lastly, if it makes you happier and you’re a WordPress user who enabled JetPack, just check JetPack statistics. JetPack didn’t see this referrer.
You know what? Someone is having a lot of fun and laughing at us all!!!
Update 20141219:1340: I just saw make-money-online.7makemoneyonline.com popping up in my referrers list. Use Google Analytics Filter to remove them from your reports. You can also apply the filter above to ban them if you feel like.
111 comments
1) You rock for this. (2) I would like GA to add something where when you’re looking at your referral links, there’s an option to exclude that source.
So my MozRank and MozTrust have taken a massive hit in the last month. I can’t think of any other reason than this referrer spam issue.
I have multiple sites on the same Analytics account, and it is only the site with the UA account number -01 that is affected, -02, -03, -04 etc. are all fine.
Surely Google should be aware that “traffic” from these sites are not the fault of the site, but really a fault in their own analytics code being so easy to exploit?
Removing the “traffic” from appearing in Analytics surely won’t fix the fact the hits are being registered by Analytics, it is just hidden from our view? Therefore Google will still count this as spammy traffic and adjust (downwards) your rankings accordingly?
Google Analytics data is NOT used in Google Search ranking in any way: https://www.youtube.com/watch?v=CgBw9tbAQhU
MozRank and MozTrust? Do they use Google Analytics data from their customers as a signal in their ranking schemes? You need to ask them.
@Mike Sullivan
January 29, 2015 at 10:00 pm
Google Analytics data is NOT used in Google Search ranking in any way: https://www.youtube.com/watch?v=CgBw9tbAQhU
—
I respectfully disagree Mike. The video/statement by Matt Cutts that you put forward as proof is over four years old.
Pre-Latent Semantic Indexing, pre-Panda, pre-Penguin, pre-numerous cautions about content quality, site speed, position of on-page advertising… if Matt’s statement were true then, it may well NOT be operative now.
My belief is that bounce rate, time-on-site, goal conversion ratios and similar metrics do indeed factor into Google’s algorithms for organic rankings. This would be consistent with their evaluation of landing pages (Quality Scores) which determine CPC rates for individual advertisers.
Even if GOOG are not, strictly speaking, reading GA results to inform their ranking decisions, those responsible for lead generation, conversion optimization, and successful e-commerce results (as I am) – would do well to BEHAVE AS IF THEY DID.
After all, Google’s oft expressed goal is the best possible answer to their searcher’s queries. What better user satisfaction metrics can you find than bounce rate, time-on-site, goal conversions, and so forth?
Dennis
Here is the latest update of my .htaccess file as I promised. It is currently reducing Semalt-related referer spam to zero on my sites and in my GA reports.
The latest changes were the additions of “lumb” and “cenoval” domains. Note also that to exclude “darodar” fully requires a second, slightly different form of the Rewrite Condition:
RewriteCond %{HTTP_REFERER} .*topicXXXXXXXX\.darodar.*$ [OR]
where XXXXXXXX is your unique Google Analytics UA number, and,
the “full stop” between topicXXXXXXXX and darodar is preceeded by a backward slash “\”.
## BEGIN DETER SEMALT ##
RewriteEngine on
RewriteCond %{HTTP_REFERER} .*2020eyesite.*$ [OR]
RewriteCond %{HTTP_REFERER} .*7makemoneyonline.*$ [OR]
RewriteCond %{HTTP_REFERER} .*adviceforum.*$ [OR]
RewriteCond %{HTTP_REFERER} .*alsaat.*$ [OR]
RewriteCond %{HTTP_REFERER} .*anticrawler.*$ [OR]
RewriteCond %{HTTP_REFERER} .*backgroundpictures.*$ [OR]
RewriteCond %{HTTP_REFERER} .*baixar-musicas-gratis.*$ [OR]
RewriteCond %{HTTP_REFERER} .*blackhatworth.com.*$ [OR]
RewriteCond %{HTTP_REFERER} .*buttons-for-website.*$ [OR]
RewriteCond %{HTTP_REFERER} .*buttonsspace.*$ [OR]
RewriteCond %{HTTP_REFERER} .*buyerpricer.*$ [OR]
RewriteCond %{HTTP_REFERER} .*cenoval.*$ [OR]
RewriteCond %{HTTP_REFERER} .*colorcuboid.*$ [OR]
RewriteCond %{HTTP_REFERER} .*createandcraft.*$ [OR]
RewriteCond %{HTTP_REFERER} .*dariovignali.*$ [OR]
RewriteCond %{HTTP_REFERER} .*darodar.*$ [OR]
RewriteCond %{HTTP_REFERER} .*topicYOURGAUA\.darodar.*$ [OR]
RewriteCond %{HTTP_REFERER} .*descargar-musica-gratis.*$ [OR]
RewriteCond %{HTTP_REFERER} .*econom.*$ [OR]
RewriteCond %{HTTP_REFERER} .*embedle.*$ [OR]
RewriteCond %{HTTP_REFERER} .*extener.*$ [OR]
RewriteCond %{HTTP_REFERER} .*fbdownloader.*$ [OR]
RewriteCond %{HTTP_REFERER} .*fbfreegifts.*$ [OR]
RewriteCond %{HTTP_REFERER} .*feedouble.*$ [OR]
RewriteCond %{HTTP_REFERER} .*gomtv.*$ [OR]
RewriteCond %{HTTP_REFERER} .*hulfingtonpost.*$ [OR]
RewriteCond %{HTTP_REFERER} .*ilovevitaly.*$ [OR]
RewriteCond %{HTTP_REFERER} .*iskalko.*$ [OR]
RewriteCond %{HTTP_REFERER} .*joinandplay.*$ [OR]
RewriteCond %{HTTP_REFERER} .*joingames.*$ [OR]
RewriteCond %{HTTP_REFERER} .*kambasoft.*$ [OR]
RewriteCond %{HTTP_REFERER} .*kurtyildiz.*$ [OR]
RewriteCond %{HTTP_REFERER} .*likevitaly.*$ [OR]
RewriteCond %{HTTP_REFERER} .*livefixer.*$ [OR]
RewriteCond %{HTTP_REFERER} .*love4lifechat.*$ [OR]
RewriteCond %{HTTP_REFERER} .*lumb.*$ [OR]
RewriteCond %{HTTP_REFERER} .*marlinmaniac.*$ [OR]
RewriteCond %{HTTP_REFERER} .*matrixsynth.*$ [OR]
RewriteCond %{HTTP_REFERER} .*musicprojectfoundation.*$ [OR]
RewriteCond %{HTTP_REFERER} .*myprintscreen.*$ [OR]
RewriteCond %{HTTP_REFERER} .*nogreatercause.*$ [OR]
RewriteCond %{HTTP_REFERER} .*noticiasmb.*$ [OR]
RewriteCond %{HTTP_REFERER} .*o-o-0-o-o.*$ [OR]
RewriteCond %{HTTP_REFERER} .*openfrost.*$ [OR]
RewriteCond %{HTTP_REFERER} .*openmediasoft.*$ [OR]
RewriteCond %{HTTP_REFERER} .*pageg.*$ [OR]
RewriteCond %{HTTP_REFERER} .*porn9.*$ [OR]
RewriteCond %{HTTP_REFERER} .*priceg.*$ [OR]
RewriteCond %{HTTP_REFERER} .*recruitmentform.*$ [OR]
RewriteCond %{HTTP_REFERER} .*richmenferomon.*$ [OR]
RewriteCond %{HTTP_REFERER} .*savetubevideo.*$ [OR]
RewriteCond %{HTTP_REFERER} .*semalt.*$ [OR]
RewriteCond %{HTTP_REFERER} .*sharebutton.*$ [OR]
RewriteCond %{HTTP_REFERER} .*softomix.*$ [OR]
RewriteCond %{HTTP_REFERER} .*soundfrost.*$ [OR]
RewriteCond %{HTTP_REFERER} .*spectrumpropertiesofmaine.*$ [OR]
RewriteCond %{HTTP_REFERER} .*tech-spot.*$ [OR]
RewriteCond %{HTTP_REFERER} .*the-vault.*$ [OR]
RewriteCond %{HTTP_REFERER} .*vapmedia.*$ [OR]
RewriteCond %{HTTP_REFERER} .*videofrost.*$ [OR]
RewriteCond %{HTTP_REFERER} .*videotiki.*$ [OR]
RewriteCond %{HTTP_REFERER} .*wmasterlead.*$ [OR]
RewriteCond %{HTTP_REFERER} .*wrztalk.*$ [OR]
RewriteCond %{HTTP_REFERER} .*xxxbs.*$ [OR]
RewriteCond %{HTTP_REFERER} .*yarisanalizi.*$ [OR]
RewriteCond %{HTTP_REFERER} .*youtubedownload.*$ [OR]
RewriteCond %{HTTP_REFERER} .*zazagames.*$
RewriteRule ^(.*)$ http://activities.aliexpress.com/computers_channel.php [L]
## END DETER SEMALT
Add to that list: https://addons.mozilla.org/en-US/firefox/addon/ilovevitaly/
Apparently they have created several browser add-on and are using it for redirects. I noticed it come up on GA a few days ago. Seems they all are attached to http://iskalko.ru/ –some kind of faux search engine.
Actually it’s a legit and pretty good search Engine. But against Google, Bing and Yandex they just couldn’t make it far enough. They should’ve just gone like DuckDuckGo rather than just concentrating on making profit. I tested their search engine and it’s fair. But just too much bogus results trying to promote product sales … I guess working on search engines gave them the idea and hopefully when it’s all done, we will have more secured search engines.
In general, I agree with you, but in context, with respect to “traffic” that does not exist and only appears in Google Analytics data (darodar), it will have absolutely no impact on search since it will not be picked up as signals for the search algorithms. There is no such referral and there never was a visit. The Google Search people (Webmaster Tools) would not know it exists.
Arron asked why his Moz rankings took a hit. Does Moz (or others) use their access to customer’s GA data to assist with their ranking? That, I do no know. Something to ask the Moz community.
I think it is likely you are correct about darodar. As I have not looked specifically at the site logs regarding that domain, I don’t have the facts at hand. I will say this however, some of the visits from these semalt-related domains are, in fact, real; they do appear as entries in my raw logs.
What spurred me to research Vitaly’s server-related-domains was a drop in Google organic rank at a client site. This young site was on Google’s first page in a very expensive and competitive keyword market. Semalt and darodar spam “visits” ( as indicated in GA ) EXCEEDED real traffic to the site.
The site was previously attracting organic search traffic equivalent to $7,000 (seven thousand dollars) per month on PPC. It was converting surfers to phone calls and form fills at over 10 percent of traffic. Having it drop a few positions was therefore noticeable and PAINFUL as Google organic search was the client’s primary marketing thrust.
Less than a week after substantially deterring Semalt the site’s ranking moved back up to their previous mid-page positions.
Is this one instance of organic-rank-drop-and-recovery-after-semalt-deterrance absolute proof that Google uses GA as a ranking signal?
Certainly not!
But I don’t need absolute proof to justify the small effort needed to eliminate semalt’s potentially negative effects on my clients results.
Best regards,
Denis
I used your article to make a post for my blog :) very nice article.
http://idojo.co/blog/handling-referrer-spam-bots/
Thanks for posting such a thorough insight into those spamf*ckers and how they screw up your GA. I guess it wouldn’t matter so much except that my baby sites only have a few visitors, so it wonks the results enormously.
Thanks for your detailed analysis and solutions…It had worried me for days.
Plus, Ronald and I noticed that XxxxXxxx in forum.topicXxxxXxxx.darodar.com is the exact GA account number. And he worried that maybe someone is using this to collect effective GA account numbers…
Another thing is that the report showed he was using Firefox 33.0, though not sure if this is also fake.
forum.topic59489388.darodar.com
this is mine. my domain is a .com and godaddy is the registrar but as I’ve seen it doesn’t matter. they take somewhere the google analytics ID
Google Analytics should just allow users to set ut authorized domains (or applications) where their code can be loaded.
They already do the same with Google Adsense; you can set domains where your code is authorized. On any other domain, it won’t show up.
If my Analytics code can be loaded only on domains I authorize, I guess that specific problem is over ?
I have seen Semalt, Buttons For Websites, Daroder etc. all arriving on our and our clients websites.
The question I can’t get to the bottom of is SEO related….i.e. will the 100% bounce rate these referrals create impact on ranking factors? Surely a high bounce impact like these cant be good? Does anyone have a definitive source or answer to this point please?
Ideally I’d prefer to find a rock solid way to block the referrals all together. For now I just tend to filter as described by Wendy & others here.
@Mark (S4G) I am asking this question to my Twitter and LinkedIn followers to see if any has a definitive answer.
Definitive answer: no they do not affect your search ranking.
Caveat: be careful lumping them all together — “they” are very different. Semalt actually visits your site; darodar does not; other referral spam uses embedded/hidden links on spam sites. With semalt and darodar, there are no links on the web for the search engines to discover. The “traffic” you see in your web analytics is not visible to the search engines.
http://www.analyticsedge.com/2014/12/removing-referral-spam-google-analytics/
Thanks Mike, great to have an answer (and clarification on their different elements).
I understand why everyone is choked up about Semalt. Not everyone wanna pay for web analytics. Then accept it that your free counter distorts statistics. And don’t you lash out at those who are a gun at SEO. Well, if you have a blog with kitties with two visitors per day, you don’t need professional tools like Semalt.
Lars,
That’s another way to look at it. Google will just put these in their ignore list, so these wont affect anything. At the end of the day, content rules search results. If you got something unique (a kitty singing Opera!), your site will rank 1st in Google Analytics and no matter what happens, you stay in top. Just my 2cents.
-BMO
Since I don’t get too much traffic from Russia my solution was create a new segment that filter Russia. Hope that helps!
Hi Hernan,
It would be pointless as they’ve never visited your site. Also you will miss on traffic (if any). It’s Google’s problem, let them sort it. Cheers,
-BMO
Google really needs to fix this referral spam and fast! I run several SEO / Adword accounts for my clients and a couple of them spend a reasonable sum of money with Google every month.
To have referring sites appearing in the traffic when they have not even visited the site is huge oversight imho. I have added the .htaccess filter codes and while that certainly seems to stop most of the more traditional spam-referrals I can confirm it has no effect on some of the latest instances (particularly the social button variations).
I expect as soon as this starts impacting Google’s Adword revenue in one way or another we’ll see a fix – ie: I might start suggesting to my clients their Adword $$ are better spent elsewhere – such as a targeted traditional snail-mail campaign.
Now there is a referral keyword coming in as: vitaly rules google ☆:.。.゚゚・ヽ(^ᴗ^)丿・゚゚.。.:☆ ¯_(ツ)/¯(•ิ•ิ)(ಠ益ಠ)(ಥ‿ಥ)(ʘ‿ʘ)ლ(ಠ_ಠლ)( ͡° ͜ʖ ͡°)ヽ(゚д゚)ノʕ•̫͡•ʔᶘ ᵒᴥᵒᶅ(=^. .^=)oo
This guy just doesn’t stop!
Joe seen the spam before it said google loves vitality the new one vilality rules google
I was reading this post last night for another block i did find most of the blocks but this new one no one has the answer at the moment.
I don’t know where it is from so cant set a filter to exclude it
I am going to filter out all of the spam visits I’ve been getting as per the conversation on this thread. However I have just discovered porn and torture spam links in my CONTENT list!! I’m a little perturbed and worried about this… please help
Cathy, Nothing to worry about. It’s all just spam referrals, not real traffic. You can filter it all out with a single valid hostname filter in Google Analytics. I describe it in my Definitive Guide to Removing Referral Spam (linked above):
http://www.analyticsedge.com/2014/12/removing-referral-spam-google-analytics/
I have also started offering a personalized service to install the filters and advanced segments needed to clean up people’s accounts…for those not sure about the whole filter thing.
Hi Mike. Thanks so much for the reply and help offer. I am confident re the whole advanced filter set up thing for the referrer data. I’ve created a duplicate view so I can set up the exclude. I might just exclude the whole of Mother Russia for the hell of it.
It was more the fact that these links are coming into my page content view which made me worried as essentially these are tracking as ‘my pages’ are they not?
Just want to check this doesn’t mean the site is compromised in any way……
Let me say it again, for emphasis:
If you create a single filter to INCLUDE YOUR hostname only, then ALL of those visits would not have bothered you.
By adding individual exclude filters for each new spam source, you will be forever chasing the next spam domain.
This does not work for the likes of semalt and make-money-online, but those crawlers are fewer and do not change as quickly.
Creating a single filter for own hostname would hurt ranking though! Not?
If someone keeps on adding new domains to exclude filters in WebServer/.htaccess, their site will become slow cause there’s just too many things to check. I am yet to see any definitive discussion about how this is hurting search ranking for anyone.
BTW, recently this attack became more sophisticated. I’ve had 700+ extra visitors from Russia, all referral by Google, to my homepage “/”, random stay. If they’d keep this to say 120% instead of 300%, I’d never suspect that it was a spam referral.
I believe Google’s recent encryption for all AdSense data was a respond to such attack. And if Google can encrypt AdSense, they surely can encrypt Analytics. I guess they don’t really care as the main business focus is AdSense…
The porn and torture spam is ghost referrals — they are fake tarffic injected into Google Analytics tracking servers. Since they don’t actually exist, they will NOT affect rankings.
Since they are faking the traffic and never visit your site, they do not actually know what your hostname (website) is. They use a fake one, making them really easy to identify. If you filter to INCLUDE only traffic to YOUR hostname, then ALL of the fake traffic is prevented.
Thanks all. Will add the ‘include only’ filter as you’ve advised and see what it does to the results.
I’ve evaluated and found 3 solutions that are working for these type of spams. Check Three effective solutions for Google Analytics Referral spam
Are the visits except for the samara visits from genuine visitors?
There’s no sure where spammy sessions come from – filtering by Localization isn’t working solution.
Thanks
So, here’s what is strange to me. I just set up a new Analytics account for a new website and ten minutes later I am getting darodar.com referrer spam. How did they know? Are they simply pinging the highest number Analytics account numbers waiting for the next new one to come online?
Referrer spam has gotten so bad these days. It’s ruining GA.
Hi Tim,
Not really. You are not supposed to use GA to measure visitor counts, performance etc. cause Google may or may not censor parts of the data displayed to suite their business model. For an accurate measure you should be using Piwik or something similar that’s built and run in-house.
As for censoring spams, just follow this guide: Three effective solutions for Google Analytics Referral spam.
And if you are really Analytics-OCD (no pun intended), then setup a second GA code, add to your website (so 2 GA code running at the same time- there’s official guide in Google for that). Use all the filters in one to view censored and clean data and the second one with all the spammy ones. Compare and you get the idea. Enjoy,
-BMO
Vitaly Popov, Russian idiot first class. i hope they hang you, upside down, in the streets.
Its a real pain when trying to explain to a customer why their traffic is in fact ‘ghost traffic’ and the fact it has no bearing on their website performance. Unless someone is an expert in writing decent RegEx code permanently filtering this kind of reporting ‘noise’ is challenging.
I wrote an article about it here if anyones interested: http://www.sparks4growth.com/accurate-website-traffic-reporting/
This post is on 17 spot in google’s search results, if you want
more visitors, you should build more backlinks to your posts,
there is one trick to get free, hidden backlinks from authority forums, search on youtube: how
to get hidden backlinks from forums