Note: The original post can be found here: Google Analytics Referrer Spam
This is a reprint.
If you’ve launched a new website recently and were excited to see referrals from golbnet or forexmarket, you have been spammed. This is a tactic used by spammers to get webmasters, curious to research their referrers, to visit the desired website. Also referred to as log spam or referrer bombing. It’s not necessarily malicious, but it’s definitely annoying.
It’s funny that people are doing this now, because I had a chat about how someone could do this with my co-worker, Taylor Pratt, while working at LunaMetrics in 2007.
Your best option is to simply ignore these referrers. Do not visit the websites. They’re spam, so they don’t deserve your business, but there’s also the chance that you’ll wind up on a site filled with viruses and other malware. If you don’t want the referrals to show up in your Google Analytics account, you also have a few options for removing them.
How to get rid of referral spam:
1. I always recommend keeping at least one GA account with no filters. Make sure you have one profile that will show these referrals, just in case there’s a problem as you create new filters. (You always want to have access to your raw data.) If you don’t already have a separate profile, create a new Google Analytics profile and start anew.
2. On what will now be your “good” profile, you can create a few filters to eliminate the golbnet and forexmarket referrer spam entries.
Create an “include” filter that only includes your domain name. If someone uses your Google Analytics account ID on another domain, this will prevent them from showing up in your analytics.
- Filter Type: Custom > INCLUDE
- Filter Field: hostname
- Filter Pattern: yourdomain\.com
- *The filter pattern is RegEx, so you should escape the period with a backslash.
- Case Sensitive: No
The above method is probably the easiest way to solve the problem, but there are still loopholes. The “perpetrators” could actually be visiting your site through some automated means. If they do it this way, our hostname filter won’t have any effect. Instead, we’ll have to eliminate any referrals from the suspected spammers. *If you find more spam domains, please leave a comment below. I’ll keep this list updated for anyone that wants to cover all bases.
For now, we’ll create custom filters to eliminate any Referral Source (aka: Campaign Source) with text that matches our spammers:
Current Referral Spammer List
- golbnet
- forexmarket
- ForexTradingStrategies
- acessa.me
- is.gd/UnlimitedWebHosting
- is.gd/ForexTrading
- tinyurl.com/ForexTradingSystems
- tinyurl.com/MakeMoneyWithYourWebsite
- br4.in/ForexMarket
- toma.ai/6pf
- bct.im/ForexMarket
- ibexalerts.com/craigslist-email.aspx
- clubXstream.net
- slowfoodottawagatineau.org
- forex-ninjas.com
- rock.to
*There are many variations of the golbnet spam, so capturing any referral containing “golbnet” is necessary. However, if you’re actually in the forex market, eliminating any referrer with “forexmarket” in their URL might be overzealous. You’ll need to tweak these values for your individual situation. Luckily, there’s a link to learn more about Regular Expressions right in the filter creation screen.
Ok, onto the filters:
- Filter Type: Custom > EXCLUDE
- Filter Field: Campaign Source
- Filter Pattern: golbnet
- Case Sensitive: No
*This will eliminate any referrer with the text “golbnet” anywhere in the referring URL.
To exclude other referrers, such as forexmarket, you could create another filter, OR you could simply add a “pipe” which acts as an “OR” operator.
(eg. Filter Pattern: golbnet|forexmarket|anythingelse )
*You can get the pipe by pressing Shift and Backspace.
That should eliminate these spam referrers from your Google Analytics reports. Remember, the most important thing is that you don’t visit these sites. If you have any questions, or additional solutions, please leave us a comment below. Also, if you have any additional spam referrals to report, please leave them below and we’ll add them to the list.
Thanks to Avinash and Nick for the shout out on the Google Analytics Blog! (Web Analytics TV #19 – The Most Productive Episode) (pretty cool to be mentioned there)
P.S. If you find this interesting, but don’t actually want to implement the filters yourself, I’m be happy to help. For $70, I’ll create the necessary filters to eliminate all of these known referral spammers and will apply them to up to 5 accounts. Most of you are fully capable of making these changes yourself, but if you don’t have the time, or just don’t feel like messing with this, email me at jgreen AT BusinessHut.com
Yep, that’s what it is. They’ve been sending me referrer spam. I wonder how many clicks they get a day.
Thanks for writing about that! Almost every site I’ve installed analytics on has forex market traffic, and I couldn’t figure out why.
Another one for your list:
slowfoodottawagatineau.org
Thanks Lewys!
Does referrer spam eat your bandwidth?
Kaira,
No. Referrer spam shouldn’t eat up any of your bandwidth. I’m sure it’s noticeable by Google, but this type of spam generally doesn’t even occur on your site. The spammers just plug your analytics account into their software, and it begins registering hits in your analytics.
Completely agree…
When I check my http logs, I am unable to find any reference to forex. They do it through some type of spam application.
Makes me dislike GA a little more, but not a huge hassle.
I have been getting referral visits from slowfoodottawagatineau.org and forex-ninjas.com for the past few days. Interesting thing is forex-ninjas.com has sent me almost 80 referral visits in the past 2 days and when i visited their site, there is no link pointing to my site. Came across your post after googling info around it.
Going to follow your tips. Thanks a lot!
Hi Jason, great article. Very informative.
I got a one for you to add to your list, btw I just got this one tonight:
forex-ninjas.com (referral)
Cheers!
Hi, I followed your instruction to filter out forex-ninjas. Doesn’t seem to work. I still can see them in referral. Could you help? Thanks.
@novi If you use the hostname filter outlined above, it should remove these spam referrals. If you’re still seeing them, we could try additional filters specifically for those referrals. If you could send me a screenshot or even a report right out of GA that shows the details for these referrals, I could provide additional details on how to filter them out.
@novi Let me stand corrected… I see that forex-ninjas.com is coming through as a referral, and the hostname is my own site. They must actually be sending fake visits to our sites, or have found a way to spoof the hostname. As we block the spammers they just become more sophisticated…
To get rid of them, you’ll need to use the “Campaign Source” filter above, and specifically list forex-ninjas.
The forex-ninjas hit me too. Thanks to your tip I took them down.
And another one for your list:
www. rock.to
Thanks for the informative article, and like others, I have had referrals from forex-ninjas.com recently.
Have also been getting hit hard by forex-ninjas.com. Have been pinging my website for several days now, getting excited to see analytics that my traffic has increased, only to find out it is them!
I have had problems with several of these spam sites. I keep setting up filters as they show up but new ones just seem to appear. Does Google have any plans to fix this in the future? Does anyone have any suggestiosn for analyics programs that might have less problems?
Thanks!
@Kelly,
This is really just an inherent problem with any public-facing analytics platform. If someone can scrape your website for the GA code, they can put it into a bot that automatically generates “visits”. Technically, since GA accounts are incremental, they don’t even need to scrape your site. They can just create a new account, use that number as the upper limit and ping every account below that. Our best bet is to create these filters so visits are only attributed to actual visits to our pages. Google could probably analyze all of the GA results and come to this conclusion faster, and implement their own filters, but that might be a little more invasive than some people are looking for.
What do they gain from spamming our site statistics?
Darn good question – what do they get from this? They must need a lot of traffic to get money from banners and clicks and things cos the traffic would all be pretty web savvy webmasters and so forth – people looking at analytics and curious. Maybe that is a target demographic? Might work well for certain products?
Thanks Jason,
I’d been wondering about forex-ninjas and rock.to. Nice simple explanation to set up filters. Very helpful!
I’m glad everyone’s making good use of these filters.
On a personal note, I’m seeing a huge spike in traffic over the past 2 days and GA says it’s all “Direct”. So if you have a moment to comment, can you let us know where you came from??? 🙂
I’d say qutie a bit from http://www.google.com/support/forum/p/Google+Analytics/thread?tid=086dba0484688a3d&hl=en. The link is not live, so people need to copy and paste the URI to visit this page.
Awesome. I bet that’s it. Thanks for letting me know!
I host a couple dozen basic websites for individuals (not companies), and finally today got fed up with hits on my own website, and checked out what was going on with my other clients. When I saw almost all of them had spam hits from the same places – sometimes with huge spikes on one day – I decided to figure out what could be done. I think I googled for either slowfood or ninjas and got here. Thanks for this page! I’ve just added a bunch of filters that will hopefully help me and my clients. I can only imagine how huge this must be if my sites are a typical sampling.
Seen any problems with thirstyear.tumbler.com?
Found this trying to figure out the Forex Ninjas – thanks!
I haven’t seen the tumbler one, but Forex-Ninjas seems to be really popular lately.
Me also got refferal traffic from forex-ninjas.com and tinyurl.com/ForexTradingSystems..Just now I realized its a spam..thanks.
I got spikes of traffic from the so-called “ian duggan” service provider (a stolen name and IP address.) I had searched for “ian duggan service provider”, got here via the same forum as wasaweb. The spikes I am seeing are under Direct Traffic, not referrals; is this the same phenomena?
Hey Jason:
thanks a million for this post, we have been hit by the forex-ninjas.com spam and want to resolve asap. I have added both the hostname filter and tried to add extra filters (campaign source) for the forex-ninjas but I have had no luck removing them from the referral list? Have they been adapting to our thread? If you email me and with any help it would be most appreciated…. Thankx. I have seen a drop in our ratings (they are linking to us in some way) and am concerned about this.
@Chris, Remember that any changes to filters will only affect future visits. Anything that has already been captured by Google Analytics cannot be removed or changed. If you’ve added the filters and continue to get visits from them, we’ll need to dig into how they’re getting around our countermeasures.
About the linking, I assume you mean they’re linking to your site and you think it’s causing your search engine rankings to decline? (If I’m wrong, please clarify.) A single link or even a few links from spammy sources like this shouldn’t affect your rankings. As long as the ratio of trusted links to “untrusted” links stays closer to the trusted side, you’ll be fine.
Duly noted about the forex-ninjas.com being on the referral list, I will monitor Google Analytics to make sure they drop off the list.
As far the rankings go, its probably just another google dance, very sweet with highs and lows. We do have plenty of trusted high PR backlinks, however I did see a slight decrease do to these jokers. seems like all of the referral links come up with 100% bounce rate and are virus in nature.
What is really strange is that there is no links found on their website pointing back to us? As I understand it, from your thread, they have just scraped our Google Account ID and have created links only within GA and they don’t actually exist anywhere on forex-ninjas.com? Is this correct? Any thoughts?
Thank you very much for the informative article. My website is only about a year old, and was put together by a computer programmer who is my best friend.
I make jewelry targeted to very specialized markets (well-educated adult-to-older women, and atheists of both sexes and all ages, and fans of hand-crafted art jewelry who are not driven away that I am an overt atheist).
All of that is not beside the point; my market/s are very small and targeted, and so is my advertising. My profits are nil (I’m driven by passion, and just trying to lose as little money as possible), and my advertising is on a shoestring budget.
As a result, I track my minimal website traffic and minimal advertising results with OCD attentiveness. So those dirt-bag spammers and scammers are really getting under my skin.
I have (just yesterday) applied filters to get rid of those fraudsters, but some of seems to still be getting through. If Google wants to retain dominance in this field (even with a service that’s free for us “little guys”), they will build more and better filtering mechanisms into their “Analytics” product.
But I have found it very helpful to use the following strategy to look at some real results from Google Analytics. (Sadly the site reverts to including all of the garbage data… though I hope that will change when the “new version” is forced on everyone.)
On the Map Overlay section, click on “View report.”
Click on the “Advanced Filter” link
(ignore the “country, territory” field)
Click on “Add new condition”
–> Metrics: site usage
(Pick from drop-down menu) “Greater than”
Type in field: 0
Click on “Apply Filter”
That will filter out all of the garbage that doesn’t even stay on your site for one second and shows up as 00:00:00 (and any real person would take at least one second to determine if your website was not worth looking at).
But as I said above, sadly there’s no way to default the data to just that of one second and over.
I hope that when Google forces everyone to the new version of the site, they will include a filter that will allow users to permanently exclude all of that spam crap… …which would make internet business success more likely, increasing the chance that we might eventually become paying customers of Google Analytics customers.
Or at least make it more likely that we won’t give up on Google Adwords, since we can’t easily track results with Google Analytics with all of the spam traffic included in our results. Though with my specialty markets I personally am probably not relevant to their corporate decisions, anyway.)
But anyway, thank you for the info, and I hope I’ve offered something useful to someone, as well.
These 3 have been plaguing Blogger users for quite some time…
_777seo.com
_googlecorrection.com
_justforlaughsgags.tv
Aqui les paso dos direcciones
_www.forex-ninjas.com / referral
_forex-ninjas.com / referral
Thank you very much for this post! I found it through google forum tring to get rid of these forex-ninjas… Actually I set up both filters (including my domain / excluding visits from their domain) but these Forex Ninja keep hitting my website and GA keep registering their visits… I got two profiles, one filtered and one unfiltered, and their last visit is shown on both… is there some additional filter we can use or some different solution in order to stop them?
Hi,
I have also been hit with ” Ian Duggan ” plus the Forex.com. I noticed another one yesterday:. Black Oak Computers of San Francisco, when I tried to find out the region and city, it said ” not set ” on both. Are you familiar with this?
@maria “Not Set” is seen when that information is unavailable. They’re probably using code to make sure that value gets set to “Not Set” to make it a little harder for us to track them down.
thanks for the tips!
does creating the ‘include’ filter for ‘only my domain’ also filter out any referrals I get from other domains I own, and that are currently showing in my GA as a referring site i.e. myotherdomain.com / referral PLUS will it omit other GA stats from any other referring sites?
I’m not really clear about how this filter works, and what it filters exactly – just don’t want it to filter any legit stats as we do a lot of online marketing and get traffic to our site from many different sources.
Thanks!
Does anyone know… are these spammers using the Google Analytics UA-XXXXX codes to spoof visits?
Or is there a crawler that’s just sending empty referrals/user-agents? I’ve modified my .htaccess already to disallow slowfoot and forex-ninjas… unless anyone knows, I’m just playing the waiting game to see if I stop getting referrals from those sources.
@ryan, It appears they’re just using the UA codes to spoof the visits. That’s why the hostname filter works….because the visits aren’t actually happening on your site.
However, the forex-ninjas spam is a new one that appears to be a crawler of some type. Those visits appear with your site’s hostname and thus, our hostname filter won’t work on those.
I just started my site, but no forex or golbnet referrers in my logs. I feel kind of left out 😉
I believe meta-search.net is another one– 20+ referals in the last week, every one of them 100% bounce rate with 00:00 time on the site.
I think that is a good way to assess if it is a real referral or not: big numbers (seemingly overnight), with no actual time on the site and a 100% bounce rate.
Frustrating to learn that these bots are out there skewing up our numbers, but I’m glad to learn about it now. Hopefully I can get the filtered out and we can again have an accurate assessment of our visitors and sources.
Hey thanks a bunch for this article. So I am being spammed by forex like I’m a cheap cold meat platter. To catch anything that has “forex” in the URL do I need a regular expression or can I just put the word forex in the exclusion? Struggling to get my head around regular expressions so any help will be great.
Cheers,
Pete
@pete, you can just put the text “forex” (without quotes) and any referrals with that text will be ignored. I believe the proper RegEx for such a thing is as shown below:
.*forex.*
The dot represents any character, and the asterisk means to include any number of them.
That’s why we use the backslash in front of periods/dots in our filters. The backslash “escapes” special characters to turn them back into their “normal” version.
Can Google not just penalize them for this? would be a lot easier then to apply filters no?
You can add Crowdflower.com to your list. i had 18 hits in one day from that one…
Hi Jason,
thank you for the article. Actually with both filters setted forex-ninja are still spamming my analytics… Suggestions?
Thanks Jason for taking the time to post your solutions here to this pervasive old spamming issue..
I’m working on a fix for one of the offenders ( forex-ninja.com ) ..
across many accounts right now… since GA is javascript based….
… would setting up some rules in the .htaccess file per each site knock out
this specific troubling referral spammer …? ..
thanks and cheers for 2012
Dennis
I got the same hits on one of my websites with GA tracking code. However, I also got these hits on a website without GA. I checked this through my C-Panel with Awstats. Hits from the same IP-address.
Hits were from forex-ninjas.com, rock.to, e-cardsdirect.com, 321blog.info but also hits from networks named ian duggan, eric fleischman, 21 productions, peak web hosting inc.
All these networks are from Portland in Oregon and direct traffic but same results like the referrals (rock.to, forex-ninjas, …….). Zero time on the website, 100% new visits and 100% bounce rate and up to 80 hits from one source at one time.
I know from internet research that this happened to many websites and that the name ian duggan is stolen and used from this crazy and stupid people.
I received the last hits on 18th, 19th and 20th January. Based on information from other people with the same problem I now blocked the IP-addresses via C-Panel of these spammer sites. It’s just one day now but until now no further hits. I will see how it works. Others reported success with IP- blocking.
Just if you want to do the same you will find below the IP-addresses I blocked:
204.11.219.0-204.11.219.99 (eric fleischman, 21 productions inc., …)
202.29.18.4
176.65.158.36 (forex-ninjas)
50.28.7.169
8.22.206.125
From all the above IP’s I got the same spam hits to some of my websites hosted at Hostgator. If you have C-Panel you can go to the Safety category and open the IP Deny Manager. It’s easy to follow the instructions. As you can see above I blocked also a complete range of IP’s as I got hits from different IP-addresses but all in a specific range (I blocked the complete range).
You can find IP-addresses of a website with the following link:
http:// www. selfseo.com/find_ip_address_of_a_website.php
There are also other websites with the same service. Do a Google search and you will find many alternatives.
If you use WordPress you can use also a plug-in to block IP-addresses (wp-ban).
http:// wordpress.org/extend/plugins/wp-ban/
I did not use this plug-in until now as I blocked the IP-addresses directly via C-Panel (it works for all my websites hosted on this webhost). With the plug-in I have to do it on all single websites affected by the spam hits. However, other people reported success also with this method.
Thanks. It would be nice if Google took action to greatly reduce this spam seen by us. It can’t be too hard for them to stop the largest abusers from confusing Google users. This would also have the benefit of reducing the reward to those that spam. Gmail anti-spam may well be the best thing Google does. It would be nice to see them take care of this for users instead of confusing so many new users and requiring users that are able to understand posts like yours to take the actions themselves.
I’d go ahead and add companyweb to your list.. they are staying on my site for a while though.. an average of 8 pages viewed 17% bounce rate and an avg time on site of about 5 minutes…
Ian D and Eric Fleischman, are all the same person as well as all of the above organization names, I recommend blocking their IP addy’s in your control panel and here are the main 5 culprits:
204.11.219.86
204.11.219.85
204.11.219.80
204.11.219.87
204.11.219.84
FYI, these guys were tarnishing my good (host)name. 🙂 There was an old PTR kicking around for 204.11.219.84 which used to be my IP. This hasn’t been my IP for many years. I asked and they were kind enough to delete it…the PTR is gone now. I hope you get to the bottom of the traffic, but at least it wasn’t actually me.
Eric
This is good information. The visits also increase your bounce rate, which means we have to adjust for it. I agree that Google should automatically compensate for this in the analytics so we don’t see and or have to compensate for them in our stats. Perhaps there is a plug-in by now for it.
thanks! you also can add _777seo.com!
Here is another one… very successfull as it dropped daily about 20K visitors on my site:
sky lancers .com and ~.net
Surprisingly, my site was only affected in GA (and Yahoo! web analytics) but I did not get a spike in traffic on my hosting servers, while someone else had its website shut down by his hosting service because of exceeding bandwidth.
Thanks for this great post, guys!!
Hey Jason!
This has been rearing its ugly face for the last couple of days:
http://www.tinyurl.com/BuyFacebookShares
I tried blocking tinyurl.com in a vein attempt to kill a flock of birds with one stone. I didn’t think it would work and I was right!
These people are such a pain. I really do wish Google would do something about it.
Cheers
R
Another one I’ve found in my reports recently: tinyurl.com/buyfacebookshares
Good article. It confirmed my suspicions.
Seems the spam I get is mostly going through Pelotas Brazil. Usually I get spam and “0-second” visits from these guys. Time to cut em off methinks.
Another filter we could add, if you are relying entirely on traffic from your home country, would be to exclude visits from any other country. If you own a local business and don’t care if anyone from Brazil is coming to your site, you could create an “includes” filter for only your home country.
Just another attempt to cut them off as easily as possible. Let us know if you have any unique solutions to this problem.
proteanstrategy.com seems to be a new one that’s cropped up. I’ve got it on a few sites now.
Yes! proteanstrategy.com has latched on to all of mine too….
Another referrer spammer:
alertpayclick.com
I created my blog on 7/30/12 and have been showing daily referral stats from two porn sites:
www. filmhill .com
www. meendo .com
This article totally helped me with my same site referrals issue. I added the include that you have posted above and excluded referrers from my domain and poof, life is good again. Totally forgot about filters.
I am having a problem where someone, probably a bot, creating pageviews from mydomain/wp-content/plugins… pages in WordPress creating thousands of 403 errors, which are not accessible to the public, as well as making up fake urls creating thousands of 404 errors per day.
Thanks for the tip on viewing raw data in a separate account. I need to do this now that I finally figured out how to filter the /wp-content clicks out.
My real pageviews have dropped considerably since then while viewing them in the filtered view. Though I suppose I am filtering out real image views that occurred as images are stored in folder under /wp-content/ .
Any advice would be appreciated.
Thanks!
I know this is an old post but if you are still updating (or maybe want to create an updated post), I have a few more you could add to the list.
First, I have a question though.. I hear two different claims about this referer spam.. 1. Eventually search engines will remove my site. 2. Referer spam doesn’t really do anything to me.
Which is true?
I just recently started getting this referer spam and I think it’s because when I moved, I had to take a break from posting; I lost a lot of traffic. Here are the sites I’m receiving hits from –
1. www. r-e-f-e-r-e-r .com (they even named a page with my site name) This site actually says its referer spam and states that it is not illegal. They also have www. r-e-f-e-r-r-e-r .com.
2. www. tkdot .com
If you add these or have any info for me, please email me. Thanks!
Thanks for the info. I was wondering where the traffic was coming from. Thanks again.
Yeah!!! I have been getting these referral spams too.But if you keep up the good work and write your original and worthy posts,its not a big problem.Many people and new bloggers are suffering from this issue and therefore i could not stop my self from writing a new post on it.I hope it would be helpful to many newbies.
Another for the list: seoanalyses.com — it redirects to ourmeets.com which is a porn site.
1. I always recommend keeping at least one GA account with no filters. Make sure you have one profile that will show these referrals, just in case there’s a problem as you create new filters. (You always want to have access to your raw data.) If you don’t already have a separate profile, create a new Google Analytics profile and start anew.2. On what will now be your “good” profile, you can create a few filters to eliminate the golbnet and forexmarket referrer spam entries.Create an “include” filter that only includes your domain name. If someone uses your Google Analytics account ID on another domain, this will prevent them from showing up in your analytics.
I am seeing with newstatpress for wordpress that I am getting traffic from “installerex official website” coming in from google search? on 27th may just noticed today (this I have seen with 2 of my sites with exact same keywords) Is this possible.. or have I been hacked?
Please help?
thank you