Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Get Rid of WordPress-crew(.)net Referrer Spam

WordPress-crew referrer spam is a type of spam aiming to drive hoax traffic to third-party websites. The site itself leads to a WordPress management service that is shady and does not have any privacy policies. This spam is mainly seen on the comment sections in websites as well as forum comments. The spam may not be dangerous for website publishers but It may cause some headaches mainly regarding analytics data. It is highly recommended to follow the instructions after the article to block out the spam from your analytics, WordPress and server.

Name Wordpress-crew(.)net Referrer Spam
Type Malicious domain being spammed by Referrer Spams
Short Description The domain may do various dangerous or unhealthy deeds to the PC activities.
Symptoms The user may witness fake Java Update downloads as well as redirects to other potentially harmful domains.
Distribution Method Via clicking on any WordPress-crew(.)net links (For example WordPress-crew(.)net/asiudg983/). By being redirected to it via a PUP (Potentially Unwanted Program) causing pop-ups and redirects on the PC.
Detection Tool Download Malware Removal Tool, to See If Your System Has Been Affected by Wordpress-crew(.)net Referrer Spam
User Experience Join our forum to discuss about WordPress-crew(.)net Referrer Spam.

wordpress-crew-net-homepage

WordPress-crew(.)net Referral Spam – More About It

This type of spam is also familiar as log bombing and it is done to satisfy various third-party interests:

  • Generating hoax traffic to the competition, affiliates, vendors or other third-parties.
  • Infecting as many users as possible via third-party links(for example 2047129Wordpress-crew(.)net or wordpress-crew(.)net/sd2088d2/) that may cause redirects.
  • Massive devaluation of the analytics statistics of the website (Targeted massive spam attacks) making research based on those impossible.
  • Link users to a phishing website that resembles reputable sites like Alibaba, eBay, Amazon, etc.

Spammers that are utilizing referrer spam for their interests is primarily aim to generate traffic to other websites which are basically their clients. A warning has been given that the WordPress-crew(.)net referral spam threat is as real as the net cyber threat and it should not be taken lightly. Fact is the cold days of the year are the peak of such spam attacks because there are more users in front of their computers.

When it comes to referrer spam, two main types exist so far:

Type 1: Web Crawlers

Crawlers or spiders conduct their spam in waves and they have the ability to devaluate the statistical data of underdeveloped or small websites very fast. What is more, this spam may cause fast fluctuations in statistical charts such as the traffic chards and corrupt the data for the period of time since it started its spam campaign. This makes the data utterly useless and impossible to be used for research. And if the server supporting the website has a low traffic capacity and the spam is from multiple domains on a massive scale and targets the specific website it may even reach its traffic limit which may result in many negative consequences.
However, the good news is that there are very little targeted and massive attacks confirmed and most spammers usually back away after they have been flagged since the software basically ‘crawls’ from website to website.
But bear in mind that there are persistent spammers as well who instead of stopping immediately, may attempt to develop their spam and use different technologies to remain persistent and evade flagging to continue spreading their spam.

Type 2: Ghost Referrer Spam

This is the more widely chosen spam strategy because of several different advantages over the more simplistic crawler spam. The goal of this particular spam as its name suggests it is to remain anonymous and undetected, just like a ghost, so that it can spam your favorite website for longer periods. Ben Davis, an expert from vidget.com, researching primarily spam has indicated that this type of spam may have technologies that enable it to not even be present on the site it spams. This is very effective because it may skip all of the captcha enterings and bot checkers.

There have even been situations where spammers have taken advantage by sniffing out information via the free HTTP information that passes through. All of its features combined are clear indication of the sophistication of this attack. In the hands of experienced cyber crook may even have the power to mask the whole HTTP session, targeting specific data it wants to corrupt. This spam attack may also have the capability of influencing how search results appear.

The WordPress-crew(.)net Domain

.
If we take a look the domain itself in detail it will be quickly noticed that it is advertised as a wordpress assisting site, promising certain features regarding site protection:
wordpress-cre.net-offers

The website even has a manager who to contact, however it lacks any privacy policy or terms and conditions in it:

wordpress-crew-manager

This site most likely belongs to the spammers themselves and it may advertise its web links as redirects to third-party sites. Since some redirects may prove to be malicious in the sense of them being either scams or malware infested, it is highly recommended to block it out from your servers, in google analytics and wordpress. Users are also advised not to open any web links containing the “wordpress-crew(.)net” domain since they might be redirected and hence have their PCs infected. This is why we advise users to seek out a specific anti-malware program featuring active protection that may block any incoming intrusions by WordPress-crew(.)net redirects.

WordPress-crew(.)net Referrer Spam – Protecting Yourself

In order to filter this spam and protect your website from it, you should follow the methods outlined below plus the methods that are presented below:

Method 1: Filtering Get-Your-Social-Buttons(.)Info in Google Analytics:

Step 1: Click on the ‘Admin’ tab on your GA web page.
Step 2: Choose which ‘View’ is to be filtered and then click the ‘Filters’ button.
Step 3: Click on ‘New Filter’.
Step 4: Write a name, such as ‘Spam Referrals’.
Step 5: On Filter Type choose Custom Filter –>Exclude Filter –> Field: Campaign Source–> Filter Pattern. Then on the Pattern, enter the domain name – WordPress-crew(.)ne
Step 6: Select Views to Apply Filter.
Step 7: Save the filter, by clicking on the ‘Save’ button.

Make sure you check out the methods from this article to help you to further block out this referrer spam from Google Analytics!

We have also researched other methods to remove this spam:

Method 2: Block it from your server.

In case you have a server that is an Apache HTTP Server, you may want to try the following commands to block Get-Your-Social-Buttons(.)Info and Sharebutton(.)to domains in the .htaccess file:
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://.*Wordpress-crew \.info/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*Wordpress-crew \-for\-website\.info/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*Wordpress-crew \.org/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*Wordpress-crew \.net/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*Wordpress-crew \.to/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*Wordpress-crew \-for\-website\.to/ [NC,OR] RewriteRule ^(.*)$ – [F,L]

Also, have a look at the link below to get to know other spam URLs being blacklisted from other servers:

https://perishablepress.com/blacklist/ultimate-referrer-blacklist.txt

Disclaimer:This type of domain blocking for servers in an Apache environment has not been fully tested and it should be done by experienced professionals. Backup is always recommended.

Method 3 – Via WordPress

There is another method, which uses WordPress plugins to block referrer spams from websites. We have currently seen one particular plugin reported to work, called WP-Ban. You can research and find others that are efficient as this one. WP-Ban has the ability to block users based on their IP address and other information such as the URL.

In case you are a user and you keep experiencing redirects to this annoying site or other forms of spam ads, we highly recommend you to use an advanced anti-malware software in order to determine whether or not your computer has been compromised by threats like WordPress-crew(.)net.

donload_now_250
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.