If you are a serious business owner or marketer you probably use Google Analytics or another web analytics solution to help you to measure the results of your investment in marketing. However you may have noticed some strange changes in your metrics lately, including:
- A large increase in recorded traffic
- A reduction in your average page views per visit
- Decreased visit duration
- Higher bounce rate (visits to a single page)
One possible cause could be the recent huge upsurge in referrer spam.
What is a website referrer?
To understand referrer spam, you first need to understand what a website referrer is. When someone visits your website by clicking a link on another site, the details of the originating site are shown in your Google Analytics reports as the source of the visit.
So what is referrer spam?
Referrer spam (also known as referral spam, log spam or referrer bombing) are visits recorded in your website traffic reports that appear to originate from a link on another website. In reality there is no such link and the domain of the originating website may also be fake. In the example report below all the referrer websites listed are spam:
Are you seeing referrer domains like these in your Google Analytics reports?
4webmasters.org, trafficmonetize.org, traffic2money.com, webmonetizer.net, trafficmonetizer.org, social-buttons.com, yourserverisdown.com, free-share-buttons.com, free-social-buttons.com, darodar.com, chinese-amezon.com, e-buyeasy.com, hulfingtonpost.com (not huffingtonpost.com), webmaster-traffic.com.
Please note that this list is not exhaustive as new spammers are appearing daily, and there are now various efforts underway (including this one, this one and this one) to maintain comprehensive lists of these fake referrers.
What is the purpose of referrer spam?
There are a couple of reasons we can think of why someone might create fake referrers:
- Visits: they hope you might click on a link in your reports to visit their site through curiosity. Unlikely as it seems, they hope your visit could end in an online purchase for which they will receive commission or (more likely) inflate advert impressions on their site, earning them an income. More worryingly your visit might result in malware being silently installed on your computer for nefarious reasons such as building a botnet for distributed denial of service attacks.
- Search rankings: they hope your website traffic reports are publicly accessible online, and as a result can be indexed by search engines in an attempt to increase their site’s search rankings.
Crawler referrer spam and ghost referrer spam explained
To make matters even more confusing, referrer spam currently comes in two flavours: crawler and ghost.
Crawler referrer spam is caused by the pages of your website being automatically indexed in a similar way that the Google and Bing search engines visit your site to record changes to its contents. However unlike bona fide search engines, spam crawlers are likely to ignore any rules in your robots.txt file created to control access to content. Excessive crawling can also slow your site’s performance by making a large number of page requests in a short period of time.
There are a number of ways of blocking crawler referrer spam, including an .htaccess file or installing a plugin for WordPress. Please note other methods may be applicable depending on your hosting platform, web server and content management system.
Unlike crawler referrer spam it is not possible to block ghost referrer spam from your website as it doesn’t even access it. Instead fake referrer data is sent direct from the spammers to Google Analytics servers using Google’s Measurement Protocol, which is not currently authenticated. The only way this fake ghost data can be removed is by filtering in Google Analytics. Currently ghost referrer spam is only a problem for Google Analytics but similar hosted analytics systems could also prove to be vulnerable.
How to spot ghost referrer spam in Google Analytics
In Google Analytics click on Reporting > Acquisition > All Traffic > Channels > Select Source/Medium as Primary Dimension > Click Secondary Dimension button > type Hostname and select. Adjust the control at the bottom of the table to display all the data.
In the example below all the sources in the table that show a hostname other than www.cognique.co.uk (this website) are ghost referrer spam.
How to block referrer spam
At the moment there is no magic wand you can wave to stop all referrer spam quickly and easily. We think that until Google implements some kind of blocking at the data collection level the only proven methods are blocking access to your site, either by using an .htaccess file or WordPress plugin, and filtering out referrer spam sites in Google Analytics. However, sadly none of these methods are perfect, as they all need to be updated frequently to keep up with the spammers.
Other ideas for stopping referrer spam
Often overlooked, Google Analytics includes a bot filtering checkbox designed to exclude hits from all known bots and spider (good or evil). This can be set under Admin > View > View Settings. We cannot yet confirm whether this has much of an effect though!
If you are using Google Analytics your tracking code is embedded on every page of your website and can be automatically scraped from your site by spammers. One way to avoid this happening may be to use Google Tag Manager – a free service that can be used to manage all your tracking codes on your website but also hides them. However if you are already receiving referrer spam the chances are your tracking code is already known to the spammers so you may need to create a new tracking code in Google Analytics.
What happens if I do nothing?
If you use Google Analytics or another web analytics solution and rely on its unfiltered data to make decisions about your marketing, referrer spam could easily mislead you!