How to Stop Referrer Spam

Referrer spam has been a problem in the industry for quite a while now, but there is still a ton of misinformation about the topic out there. We see companies time and time again making the same mistakes in terms of dealing with the problem, and so I wanted to share with you how we've managed to stop referrer spam and the methods that work for us.

What is Referrer Spam?

First, let's talk a little bit about what referrer spam is. Referrer spam comes into Google Analytics in the Referral channel of the acquisition report.

Google Analytics Acquisition Channels

It looks like real traffic until you dig into things a little bit deeper and see that it has an abnormally high bounce rate and little to no site interaction. You'll start to see weird domains showing up in your reporting like this:

Referrer Spam Example

Referrer spam takes 2 forms, each of which we deal with differently:

Crawler Referrer Spam: In this case, a company sets up a script or a "crawler" to actually visit your website, making it look like a normal visitor. In this case, the Google Analytics tracker fires just like any other visitor and logs a referral from another website.

Ghost Referrer Spam: This type of spam inflates all of your visitor numbers without an actual visit taking place. In this case, a company sets up a special script that fires off bogus data to your Google Analytics tracker, making it think there is actual traffic that's taking place. In fact, with ghost spam, some companies have even taken things a step further and started to spam the "keywords" area of the reporting with bogus keywords.

Why Do Companies Use Referrer Spam?

Shady companies use referrer spam as a way to get their website out in front of people. They bank on the fact that people will come across their domain name in the reports and go check them out. Since they're spamming on an automated basis, their costs are slim and they get a ton of exposure. Just like any other form of spam, it exists because it's making them money.

One of the major worries that many clients have is wondering if they've somehow been targeted or if they're being hacked. Don't panic, this type of spam happens in mass. They're taking a shotgun approach and hitting everyone, so there's no need to worry.

What Are the Negative Effects of Referrer Spam?

The major impact of referrer spam is that it skews legitimate traffic. For larger sites, this isn't that big of an issue as the spam traffic will be minuscule in comparison to the legitimate traffic. However, for smaller sites, it can be a big problem. It's still possible to wade through and segment out the data to find what you're looking for, but it's a hassle and can make things wildly inaccurate.

How Do you Stop Referrer Spam?

There are two methods we use to stop referrer spam. One method is for ghost spam and the other is for crawler spam.

Stopping Ghost Spam

For ghost spam, we set up a custom dimension that must be passed to the tracker in order for the data to be valid. This blocks random requests from coming through where the spammer just sends data out to random side id's (which is what normally happens. To do that, we first make an adjustment to the tracking code to add the custom dimension:

Google Analytics Tracking Code Before

Google Analytics Tracking Code After

You can replace 'YOURVALUE' with whatever value you want to use - it doesn't matter.

Once we're tracking the custom dimension, we now want to let Google know what that custom dimension is. Under the 'Property' settings in your analytics account, you'll want to go to Custom Definitions->Custom Dimensions.

Google Analytics Custom Dimension Option

You'll then add a new custom dimension. In this example, we create one called 'Developer', but you could name it anything you like. The index should be '1' and the scope should be 'Hit'.

Google Analytics Custom Dimension

We'll then need to make an adjustment to the View by clicking on Filters. Once there, you'll add a new filter and you're going to exclude traffic that doesn't contain the custom dimension we set up earlier.

Google Analytics Filter Referrer Spam

So to recap, what we're essentially doing is modifying our tracking code with a custom piece of data and then filtering out any tracking hits that don't contain that custom data. The beauty here is that this will automatically stop almost any ghost spam attack because their scripts won't contain this custom data. Note, this won't stop any sort of targeted spam attack, but that's typically not what companies deal with, with this sort of thing.

Stopping Crawler Spam

For crawler spam, the solution isn't as automatic, but it does its job. In this case, these are actual user sessions hitting the page (they're not simulated), so the tracker is sending our custom dimension data like anyone else. In this case, we want to make a change on the server to block anyone coming from a list of known hostnames. For this, we add a file in the root directory of the website called ".htaccess" which allows us to customize some things about how the web server operates. The file is going to look something like:

    RewriteEngine On

    RewriteBase /

    RewriteCond %{HTTP_REFERER} free\-video\-tool\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} keywords\-monitoring\-your\-success\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} rank\-checker\.online [NC,OR]
    RewriteCond %{HTTP_REFERER} responsive\-test\.net [NC,OR]
    RewriteCond %{HTTP_REFERER} semalt\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} share\-buttons\.xyz [NC,OR]
    RewriteCond %{HTTP_REFERER} top1\-seo\-service\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} traffic2cash\.xyz [NC,OR]
    RewriteCond %{HTTP_REFERER} web\ [NC,OR]
    RewriteCond %{HTTP_REFERER} website\-analyzer\.info [NC,OR]
    RewriteCond %{HTTP_REFERER} uptime\.com [NC]
    RewriteRule .* - [F]

In this case we're telling the server "if the user is coming from any one of these domain names, drop the traffic". We don't even allow them to get to the website.

The downside with this solution is that if new crawlers appear, you'll need to add them to this list. In our experience though this isn't needed very often. Most of the spam we see is ghost spam and is being removed automatically. We do check all of our client's sites each month to see if anything needs to be added for crawler spam.

Wrapping Up

Now that you have a proper analytics spam blocking strategy in place, the real work of analyzing traffic and looking for actionable insights can begin.

Ready to GainLiftoff?

It's easy to get started today. Just choose the plan that's right for you and we'll immediately connect you with one of our dedicated account managers.

Get Started