Canning Referrer SPAM in Google Analytics

Before you do your next analytics report, you need to read this article.

In the past six months I’ve noticed a dramatic increase in referral traffic to the many sites that we maintain and report upon. In the beginning, it was only a small amount of traffic, and it was easy to ignore. However, starting in June I began to notice a few of our properties getting absolutely slammed with referral traffic. In one extreme case, a small site ended up having 95% of it’s traffic from referral spam!
Skip to the solution: “How to stop it” »

What is referrer spam? How do they do it? Why do they do it?

Referrer or referral spam is when someone – perhaps one person, perhaps a robot network – injects fake traffic into your Google Analytics property, which includes the URL of their site.

The “How” is pretty simple. Google Analytics doesn’t require any sort of authentication – if you visit a site with Google Analytics, you are injecting data into that site’s Google Analytics property. If you consider that Google Analytics has been around for more than a decade, it’s a little surprising that this hasn’t been a bigger problem before now. I suspect what has accelerated this in the past months is that Google opened up HTTP access to Analytics, essentially allowing developers to directly input data into any property without authentication – it’s called Measurement Protocol.

As far as the “why are they doing this?” question – it’s just shotgun SPAM, plain and simple. Nothing malicious (yet). It’s easy to do this to thousands or millions of sites. Back-in-the-day there were a lot of sites who had their analytics data on display through server-side “stats” packages like Webalizer or AWStats (remember those?), and these referrer URLs would appear on those sites under http://domain.com/awstats/index.html – free “link juice” for those referrer spammers. With the advent of Google Analytics, however, those reports are no longer public – so I can only assume they hope that strategists like myself click on their URLs and hire them? That sounds insane, but then I look at the SPAM folder of my inbox…

Identifying Referrer SPAM

There are a handful of ways to identify referrer spam. It will typically:

• not have a “language” applied to it – “(not set)” instead of “en-us”
• not have a “hostname” applied – this is the hostname visited by the user, typically the domain of your site or a subdomain
• have a referral URL like free-website-buttons.com, semalt.com or darodar.com
• be from Russia if your site is even remotely bank or credit-card related (ugh!)

How do I stop it? How do I remove it from my property?

You can stop future referral SPAM, but you can’t remove it from your historical data (though you can segment it away).

Stopping Future Referrer Spam

There are many ways to stop it - but my preferred method is checking for your domain’s hostname in a view-level filter.

The key here is to only accept traffic into the view that has your domain in the “hostname” value.

NOTE: If you are tracking a site that includes subdomains or other domains, you’ll need to add them here as well – e.g. shop.viastudio.com.

Alternate methods, like using a complicated regular expression to filter out the Referring URL work too – but with the possibilities for URLs being infinite, you’ll have to update a regex filter constantly. The hostname method only needs to be updated when you change your domain or add a subdomain.

Hiding Historical Referrer Spam Using a Segment

Similar to the View-Level Filter above, you can do the same thing in a “Segment” on that view.

Filter > Sessions > Include > Hostname > Contains > yourdomain.com

(Note: 75% of our traffic to viastudio.com in the last three months was referrer spam!)

Advanced!

While I haven’t tested this method, Sayf Sharif at Lunametrics has a novel approach: use Google Tag Manager to set a cookie, and only allow cookied traffic to be reported into Google Analytics. Read more about that here: Eliminating Dumb Ghost Referral Traffic in Google Analytics

References

Moz.com: How to Stop SPAM Bots from Ruining Your Analytics Data (Some info on specific spammers, a bit of explanation of “why?”)

Analytics-Toolkit.com: Guide to Removing Referrer Spam from Google Analytics (GA filters, etc)

Viget.com: Removing Referral SPAM from Google Analytics (more filters)