I use Google Analytics to track my website visitors. I recently noticed that my Google Analytics were showing spikes in recent visits. Typically lately I’ve been getting 50-100 user visits a day, but the stats were showing nearly 200 on some days.
My first thought was “Great! My traffic is going up!”
But then I dug into the figures a bit more, and discovered something more sinister…
Where did my visitors come from?
Most of my visitors come through organic search, then direct, then referral, then social. This can be found in the Channels section of Google Analytics.
Looking at the data for the last 10 days, referrals had gone up 61% compared to the previous 10 days. Increased referrals should be a good thing, as having links from other websites pointing to yours is a sign that your site has good content and people want to link to you.
So who was linking to me?
The Referrals tab gave me the answer. I recognised a number of the sites, but some were unknown quantities.
Who the heck were 4webmasters.org. sanjosestartups.com and free-social-buttons.com?
I Googled those sites and found the ugly truth. These are examples of referrer spammers.
What is referrer spam?
Referrer spam (aka referral spam) are fake requests for your site by scripts which spoof the HTTP referrer – a piece of data passed by the browser when it goes from one website to another.
Nefarious types will set the HTTP referrer to a spammy website which they want to promote. If you are curious and click on their links, they will get traffic. My advice is: don’t! You will get hit with marketing information at best, and at worst, could get a malware infection.
Some sites also publish their referrer logs and therein lies another benefit to the spammer – when the data is published, the spammers get a ranking boost to their sites, as it looks to search engines as if their links are legitimate.
Why is referrer spam bad?
It’s bad because:
- It skews Google Analytics data so the number of visits is inflated, and it makes it harder to see how many genuine visitors you have.
- Often these visits have a bounce rate of 0% or 100% and a session duration of 0:00:00. These factors are known to search engines, and may pull down your website’s ranking in search.
- Visiting these referrer sites inadvertently could harm your computer with viruses and malware.
Where can you find an up to date list of referrer spammers?
Here is a referrer spam blacklist, maintained by Piwik on GitHub.
How do you tell if you have referral spam?
There are 2 main types:
Crawler referrer spam – crawl your website like a regular search bot, but not with the intention of indexing them, which makes them bad.Ghost referrer spam – these access Google Analytics’s UA codes directly, and can affect your Direct traffic.
To see if your website is affected:
- Compare the blacklist mentioned above against your Google Analytics data and look for the known spammers.
- Sort your referrals by bounce rate or time spent on site. Be suspicious of 0 and 100% numbers.
- Look for the hostnames of referrer sites. If they are (not set) are don’t match your site’s domain name, they are likely to be spam. (Click Secondary dimension > Behaviour > Hostname).
- Check for spikes in your direct traffic too and check the hostnames there. If unset or fake, these could be examples of ghost spam.
What is Google doing about the problem?
We are still waiting for a definitive solution.
Last year Google introduced a bot and spider filtering check box in Google Analytics. You can read about how it works here:
The caveat is that you should keep an unfiltered view before checking this box, so that you have a default data set to compare against. Read more about views and filters. It’s also not clear if this method blocks the spam effectively.
How can you combat referrer spam?
Various solutions have been proposed by webmasters. The main ones are:
- Block the spam sites in your website’s .htaccess file. This method blocks referral spam before it reaches your site. This is if you are using Linux hosting. Not recommended if you are uncomfortable editing this key system file. If you use WordPress, you could try the WP Ban plugin instead. Note that this method will not work for ghost referral spam.
- Filter out the spam referrers in Google Analytics. This method removes spam from your future analytics data after the visits have been registered. You may need to do more work to clean up your historical data.
I have done a bit of work on the .htaccess blocking, but haven’t yet dived into filters. See the links below for detailed guidance.
Where are some good sources of further information on referrer spam and its removal?
I have found the following articles helpful:
Guide to Removing Referrer Spam in Google Analytics – Gives information on what spam removal methods are most and least effective. It recommends using hostname filters.
Geek guide to removing referrer spam in Google Analytics – Explains all about bots and which ones are good or bad.
What is Referrer Spam and How to stop it – Really comprehensive guide on what referrrer spam is and methods of dealing with it.
Removing Referral Spam from Google Analytics – Outlines the types of referral spam and options for removing it.
Google Analytics, .htaccess, and Spam Bot Referrals – Shows how to remove spam by the .htaccess and Google Analytics methods.
Some of these sites offer to set up Google Analytics filtering for you.
If you found this post helpful, please share it.
Have you been hit with referral spam? What method did you use to remove it? Let me know in the comments.