Home Services Contact Info

Looking at multiple websites in various niches, 4webmasters.org seems to have mounted…

Posted in: General by Richard Hearne on April 21, 2015
Internet Marketing Ireland

Looking at multiple websites in various niches, 4webmasters.org seems to have mounted a fairly massive referral spam attack yesterday. From what I can tell these are phantom referrals in Google Analytics, and not actual visits. That means you cant block them at the server level, and need to rely on GA filters to take them out.

Would be great if GA would start to do some of this for us…

Google+: View post on Google+

This post was first made on the Richard Hearne Google+ profile.

You should subscribe to the RSS Feed here for updates.
Or subscribe to Email Updates now:


  1. The best I've seen is a filter in GA to exclude the data

    Comment by Fintan Costello — April 21, 2015 @ 5:25 am

  2. This is across the board. We manage over 100 GA account and there's a MASSIVE attack ongoing. Mainly porn ghost referrals and stupid website button spam. A quick glance at the official GA forum will show you how bad it is (and also show you how people simply refuse to search for their problem before posting a new thread).

    The only solution is filters as the code is triggered remotely. Only custom segments can remove it too at a reporting level.

    There's no way Google don't know about this. I figured the "block known bots" feature would cover these but it doesn't. April across the board has completely skewed referral stats for countless accounts.

    Unfortunately, GA doesn't have a public face like WMT or AdWords so getting an official word is going to be tricky. I'm going to ask through the AdWords TC channel to see if I can get some info. Knowing Google though, this is going to continue for a while.

    Comment by Dave Davis — April 21, 2015 @ 8:25 am

  3. +Fintan Costello :) How are you, mate. :)

    Comment by Jim Munro — April 21, 2015 @ 8:54 am

  4. Rather than  filtering spam site upon spam site as they show up in analytics,  coupled with an include hostname filter
    the following method works quite nicely for a lot of the spam

    Also interesting discussion started here by 
    Stéphane Hamel on this topic

    Comment by Bronwyn Vourtis — April 21, 2015 @ 10:41 am

  5. We received over 1,000 visits from them just yesterday on one website!

    Comment by Stacey Gardner — April 21, 2015 @ 4:10 pm

  6. I just deployed a new website about 2 weeks ago. Wtf is this shitty referral spam? Porn and these webmaster jokers. Brand new site with 0 back links and 70 referral spam hits. Lol

    Comment by Jennifer M — April 22, 2015 @ 2:47 am

  7. +Jennifer M They're not visiting your site. They're loading the tracking code remotely with a random property ID so even if nobody knows about your website, it will still get loaded. +Bronwyn Vourtis' advice is the best advice. You can eliminate it all that way.

    Comment by Dave Davis — April 22, 2015 @ 4:50 am

  8. Quick afterthought too – if GTM is being used, then a hostname filter shouldn't be necessary either, as the trigger for the GA tracking tag can be setup to fire only on pages where the hostname matches the website's hostname

    Comment by Bronwyn Vourtis — April 22, 2015 @ 5:01 am

  9. +Bronwyn Vourtis the problem is that many of these "referrals" are not being triggered via actual visits to any site. The spammers are sending GA tracking requests directly without ever visiting the site in question, hence "phantom" or "ghost" referrals.

    Comment by Richard Hearne — April 22, 2015 @ 5:04 am

  10. +Bronwyn Vourtis That is correct. We use GTM for all our clients and we've escaped the majority of that crap. It's the remote triggering. +Richard Hearne a "To Hostname" filter resolves that. Fortunately, that's one of the first steps in GA installation for all our projects. Our design kept getting stolen, including the GA code so it's something we've always used. Luckily, GA allows copying of filters to every view so it's not a massive deal. 

    Comment by Dave Davis — April 22, 2015 @ 5:15 am

  11. I do understand that +Richard Hearne :-)
    Is why I recommended Lunametrics solution in my earlier reply.
    Its easier to setup and filter a single custom dimension for the real site visitors, than trying to add filter upon filter to exclude the data from the spam sites each time a new one appears in the reports

    Comment by Bronwyn Vourtis — April 22, 2015 @ 5:17 am

  12. Aha, yes I'm with you.  I just couldn't see why this had anything to do with GTM.

    The real shame though is that we have to worry about this at all.  I think GA will have to do something about this sooner than later.  I've had over 6k spam referrals in just 2 days to my small domain site that normally gets 100-150 visits per day :(

    Comment by Richard Hearne — April 22, 2015 @ 5:22 am

  13. What I don't understand, is what is the motivation/reason for doing it? What do the spamming sites get out of it?

    Comment by Bronwyn Vourtis — April 22, 2015 @ 6:12 am

  14. I've also wondered, and apart from Semalt selling their service it's crossed my mind that the buttons sites may be distributing more than buttons.  I looked a their code, but it's entirely conceivable that they selectively serve something malicious. Given their ability to mount large-scale spam campaigns you have to assume they are cleverer than your average spammer. Might be wrong of course…

    Comment by Richard Hearne — April 22, 2015 @ 6:22 am

  15. Thank you +Dave Davis for clarification. That makes sense.  +Bronwyn Vourtis as for benefit, I looked at some of the sites except the porn ones. Majority of mine are porn sites, but there is one with something like "Get-Free-Traffic-Online.com" so I figure they are trying to lure webmasters into buying traffic, which is useless unless you're trying to scam someone on Flippa. Another one is a subdomain that at first looks like Huffington Post but it's something like "editorial.Huflingtonpost.com." It's clever because at first I looked and thought "my site is 2 days old..that's impossible." And I opened it and it redirected to me an ecommerce store with an affiliate ID. I assume it dropped a cookie on my computer too.

    Comment by Jennifer M — April 22, 2015 @ 1:07 pm

Comments Feed TrackBack

Leave a comment