Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Get Rid of Cyber-monday(.)ga Referral Spam In Google Analytics

Referral spam has been causing quite the headaches lately as researchers manage to detect more and more websites providing referrer-spam services.. One of those websites is cyber-monday(.)ga which is frequently being spotted in comment spam messages with a subject similar to the one on the topic of the site being spammed. Researchers believe that this type of spam is either a web crawler or a ghost referrer spam and it may be a part of a money making scheme with a purpose to drive traffic to other websites, like the one it currently redirects to – heavengifts(.)com.

Name Cyber-Monday Referral Spam
Type Referral Spam
Short Description The page redirects users to third-party websites. The spam is able to quickly corrupt Analytics data..
Symptoms The user may witness several different type of messages on his website. And if clicked on, he/she may witness redirects to suspicious websites. Other symptoms involve sudden spikes in the GA data.
Distribution Method Spam Bots.
Detection Tool Download Malware Removal Tool, to See If Your System Has Been Affected by Cyber-Monday Referral Spam
User Experience Join our forum to discuss about Cyber-monday(.)ga Referral Spam.

heaven-gifts-spam

Cyber-monday.ga Referral Spam Explained

This particular type of referral spam may be seen in messages featuring a web link similar to these ones:

  • http://39e1d1hcyber-monday(.)ga/
  • http://cyber-monday(.)ga/281d82/

Any of the links may redirect to different third-party websites. Some links may even cause more than one redirect. This is particularly dangerous for the PC users because they may get redirected to a malicious site that might infect their computer with malware. And such malicious websites are not only malware-infested ones – some of them are scamming websites too. Fake online retailer stores, fake tech support scams, fraudulent marketing of an amazing new way to make money, etc are just small part of what dangers may be associated by visiting websites that are looking forward in boosting their traffic via using devious spam campaigns.

In case you simply open cyber-monday(.)ga you will immediately receive a browser redirect to an online retailer website, called heavengifts(.)com. This particular website features a privacy policy where they claim they may collect personally identifiable information upon user`s registration as well as payment during order to improve the service. What is wrong with this picture is that the compay also claims that they may share such information:

pii-sharing-heavengifts.com

As far as security researchers are concerned, this may or may not be a scamming site that aims to profit from such indecent activities.

In general, referral spam is two main types:

Crawlers

Web crawlers or spiders are also known for this because they often tend to crawl the web for websites to spam. This makes them very efficient because the spam bot software itself can be programmed to look for sites that possess certain criteria (no captcha, no robot identification, not frequently updated hence monitored, etc.). Usually this type of spam backs away as soon as it has been flagged as such, to avoid unnecessary bans. However. there are crafty spammers that often sophisticate crawlers to make them more efficient for longer periods of time.

One of those ‘features’ that make the spam more efficient may be strategies oriented towards passing the captcha identifiers. Some spammers have been reported to recruit fast typers on online websites that offer e-lancing to mke them type the captchas of the spam bots.

Ghost Referrers

This type of spam is more sophisticated by nature, hence its efficiency. The term ‘ghost’ is there because the spam is created not only to bypass bot identification. Ben Travis, spam researcher at viget.com has identified that this type of spam attacks involves taking advantage of the free HTTP data passing through. This may allow cyber criminals to conduct massive spam campaigns on a website and devaluate its statistics very quickly. In case you notice a sudden spike in your google analytics data brought by Cyber-monday(.)ga web links you should act swiftly towards blocking it. Some ghost referrer spam are even reported to attack different types of analytics data.

Stopping Cyber-monday(.)ga Referral Spam

There are many methods to stop this referral spam from doing further data corruption on your website. We have managed to provide instructions for you for some of the main methods after this article.

Method 1: Filtering Cyber-monday(.)ga Spam in Google Analytics:

Step 1: Click on the ‘Admin’ tab on your GA web page.
Step 2: Choose which ‘View’ is to be filtered and then click the ‘Filters’ button.
Step 3: Click on ‘New Filter’.
Step 4: Write a name, such as ‘Spam Referrals’.
Step 5: On Filter Type choose Custom Filter –>Exclude Filter –> Field: Campaign Source–> Filter Pattern. Then on the Pattern, enter the domain name – Cyber-Monday Referral Spam Step 6: Select Views to Apply Filter.
Step 7: Save the filter, by clicking on the ‘Save’ button.
You are done! Congratulations!

Also, make sure you check out these several methods to help you further block out this referrer spam from Google Analytics:

http://sensorstechforum.com/exclude-all-hits-from-known-bots-and-spiders-in-google-analytics/

Method 2: Block it from your server.

In case you have a server that is Apache HTTP Server, you may want to try the following commands to block Cyber-Monday Referral Spam domains in the .htaccess file:

RewriteEngine on

RewriteCond %{HTTP_REFERER} ^http://.*Cyber-monday \.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*Cyber-monday \.net/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*Cyber-monday \.co/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*Cyber-monday \.org/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*Cyber-monday \.co.uk/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*Cyber-monday \.ru/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*Cyber-monday \.ly/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*heavengifts \.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*Cyber-monday \-for\-website\.org/ [NC,OR]

RewriteRule ^(.*)$ – [F,L]

Also here is a web link to some spam URLs being blacklisted from other servers:

https://perishablepress.com/blacklist/ultimate-referrer-blacklist.txt

Disclaimer: This type of domain blocking in Apache servers has not yet been tested and it should be done by experienced professionals. Backup is always recommended.

Method 3 – Via WordPress

There is a method outlined by security researchers online that uses WordPress plugins to block referrer spams from sites. There are many plugins that help deal with referrer spam, simply do a google search. We have currently seen one particular plugin reported to work, called WP-Ban, but bear in mind that you may find an equally good or better. WP-Ban has the ability to block users based on their IP address and other information such as the URL, for example.

Also, in case you feel like you may have clicked and been redirected to one of those domains, and you believe your system may be compromised, you should scan your computer with a particular anti-malware tool. Downloading such software will also make sure your computer is safe against any future intrusions as well.

donload_now_250
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.