What is Referrer Spam and How Do You Get Rid of It? by @shanejones15
Google’s web analytics service is one of the most reliable, and most powerful, tracking services around. If there’s a stat you’d like to monitor on your website, chances are Google has an analytics tool to do so.
Unfortunately, there’s a new, shady tactic that spammers use to draw attention — and traffic — to their own sites through your analytics account. If you’re a webmaster, SEO professional, or content marketer, then you probably know exactly what we’re talking about already: Referrer spam.
What is Referrer Spam?
Referrer spam is a unique type of spam content that is visible through the web analytics dashboard, usually only to a website administrator. It shows up as either a fake traffic referral, a search term, or a direct visit. The way it works is pretty ingenious.
A referrer — if you don’t already know — is a name or link that is shared via the HTTP header when a web browser navigates from one page to another. This information is generally tracked by your web analytics platform and offers you a bevy of information about your audience, such as where they came from.
The referrer can be replaced with any name or link. Some resourceful spammers have taken it upon themselves to change this information to a site they want to promote, and then they send multiple requests to your site. Since this information is tracked by your analytics platform, it will show up in your reports. This repeated hijacking of your reports is what we call referrer spam.
Why Would They Do This?
Again, the reason they spam your account is pretty clever. As a web admin, you probably check your reports and logs on a regular basis, right? If a referrer appeared multiple times in your reports and you didn’t know it was spam, you’d probably follow the link or visit the domain name out of curiosity. That’s what the offenders are counting on. The truly cunning ones will direct you to an online store or filter you through an affiliate link that installs a cookie and nets them a cut of revenue when you purchase something.
You’re probably wondering, how this is lucrative? Consider this: You’re just one of many. The reason this is viable to spammers is because they do the same thing to thousands upon thousands of Google Analytics accounts. Most likely, it’s all done through an automated script a la a bot.
One person visiting the link through their dashboard is nothing, but thousands visiting over a short period of time will certainly add up.
One way to identify spam is to visit your referrals report in your account dashboard and sort it by bounce rate in descending order. You’ll notice the spam referral accounts have an incredibly high bounce rate.
How Does This Affect Me?
Apart from being annoying, it can seriously screw up your analytics data. Of course, that depends on the size of your website is and how much traffic you pull in. A massive site like Amazon wouldn’t bat an eyelash at a few thousand hits from spammers in their analytics reports. An independent business, on the other hand, might be a bit more concerned. The core issue here is that it can disrupt marketing analysis by masking legitimate traffic reports.
Worse yet, the repeated requests can cause a higher server load. If, for some reason, your server becomes overloaded, visitors may experience sluggish load times. That may translate into a bounce rate increase and drop in SEO rankings for you.
When it comes to security, spammers could easily be detracting attention from what’s important. You don’t rightly know why they’re visiting your site or why they’re sending so many requests. It’s possible they’re trying to find vulnerabilities, exploits, or any number of other ways to breach your site’s security. This is an extreme case, of course, but anything is possible.
How Do You Stop It?
One of the most common ways to prevent this kind of spam is to block the related URLs through your .htaccess file in the root directory of your site domain. This may work, but it also may just give the appearance that it’s working, so it’s not the ideal method.
The reason you shouldn’t bother with the .htaccess file is because most of these referrer spam bots are not actually visiting your website. You see, there are two types of referrer spambots:
One type is called Crawler Referrer Spam, but it’s the least common. This method involves using a web crawler — much like Google uses to crawl your site — and actually requires visiting your page. These types of spam bots can be blocked via the .htacess file, but, again, they’re not as common.
The other type is called Ghost Spam. With this type of spam, they make use of the Google Analytics Measurement Protocol. Essentially, this allows them to submit their data to the Google Analytics Servers directly, bypassing your site in the process. This is where blocking the URL in your .htaccess file becomes useless.
The only way to prevent Ghost Spam from pinging your analytics account is to make use of filters. It’s worth noting that filters can only be created and managed by an administrator, so if you don’t have the proper access to the account, you’ll either need to get it or have someone else set up the necessary filters.
As for the filters, you can enable them by heading to your Google Analytics dashboard and following through the menu options listed below:
Admin > All Filters > New Filter
Once you’ve opened the new filter tool, create a custom exclude filter for campaign source. Then, all you need to do is include the domain name for the sites you’d like to filter out in the filter pattern box.
It should look like the following:
To offer a better representation, if you wanted to block the “semalt” and “darodar” domains, you would do it like so:
So, the domain name should always precede “.” and a pipe “|” should always separate each entry. If you set it up right, it will look just like this:
Putting it All Together
You want to avoid as much spam as possible from any avenue, but the spam that messes with your analytics is especially detrimental. With some understanding of what referrer spam is and how you can set up your dashboard to stop it, you’re on the path to protecting yourself and your site from unwanted hits and an inaccurate analytics report.