Fighting spam has always been a hard-fought, epic battle which has still yet to be conquered successfully. Google Analytics is one of the leading tools available for gathering and analysing data about your website but unfortunately, its data been compromised in the past through various hackers. This has left many website owners frustrated and confused about how to interpret their reports, since it was not known whether their statistics were not a true reflection of actual website traffic.
Back in 2014, several bots (website crawlers used by Search Engines) were hacked to visit websites and leave fake referral data within the Analytics reporting. Since then, there have been many similar instances from various sources including fake organic search terms or fake events being reported. Whilst Google’s spam defences are always improving, the fight is a tough one for them. By not discussing their tactics and strategies to overcome this problem, they are keeping their security systems private, away from the hackers prying ears.
The Next Web Ghost Spam Referrals
There have been many reports recently of a Russian hacker by the name of Vitaly Popov who managed to find a way to use a fake Google domain to send referral spam into Google Analytics. The hacker registered a domain name almost identical to Google but with replacing the first letter “g” with a Unicode character set of the letter instead. This resulted in fake referral mentions being contaminated within the Google Analytics data.
The intention behind this hacking incident was in this case not to expose any vulnerabilities or hotlinking to images. Instead, he successfully managed to leave a political message within the domains’ referral links.
The original message appeared as: “Secret.ɢoogle.com You are invited! Enter only with this ticket URL. Copy it. Vote for Trump!””
Visitors who would be intrigued by the new URL would be tempted to trace it back to its original source. As a result, this would then boost the popularity of the hacker’s own website further. The hits appeared as though they were coming from thenextweb.com but in fact, they were not.
Ghost referral data appearing as though it was coming from thenextweb.com when in fact, it wasn’t.
How To Remove Google Analytics Referral Spam
Most Google Analytics ‘ghost referrals’ spam can be blocked by using a single filter for a valid hostname. These are websites that you have configured to use within the Google Analytics account, such as ecommerce shopping carts or associated call tracking services. Since the ghost or fake referral traffic never actually goes to your website, it isn’t actually possible to block the visits, either through the .htaccess file or through any plugins.Therefore, setting up a filter which excludes them makes good sense.
The main problem with spam referrals is that they tend to continuously change and reappear, meaning new filters are always required. Our recommendation is to continually check the data showing from your website’s referrals and test to ensure the information is legitimate, to the best of your knowledge. Hopefully there will be a time in the future when your Google Analytics data can be entirely spam-free but until then, take care!