Get Rid of C(.)новым(.)годом(.)рф Referral Spam In Google Analytics - How to, Technology and PC Security Forum |

Get Rid of C(.)новым(.)годом(.)рф Referral Spam In Google Analytics

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

A new referral spam network possibly originating from Russia has been identified to spam websites in the days around New Year`s Eve. The website currently features a web page saying Happy New Year to the users. The redirected traffic goes to a sibling domain with a random name.

TypeReferral Spam
Short DescriptionThe spam redirects internet traffic and rapidly devaluates a targeted site’s statistical data.
SymptomsYou may see multiple redirects to other potentially malicious websites. You might witness a sudden statistics change in Google Analytics data.
Distribution MethodSpam Bots, Referrals
Detection ToolDownload Malware Removal Tool, to See If Your System Has Been Affected by C(.)новым(.)годом(.)рф
User ExperienceJoin our forum to discuss about C(.)новым(.)годом(.)рф.


C(.)новым(.)годом(.)рф Referral Spam Distribution

Referral spam (otherwise known as Referrer Spam) uses several methods to be distributed. It may be sent out manually or automatically. In massive spam campaigns such as C(.)новым(.)годом(.)рф two main automatic methods of distribution may be used:

Method 1: Web Crawlers

Web crawlers, also known as spiders are a very effective spamming method that is being used primarily to spam different websites, instead of remaining persistent on a few targeted ones. Usually, the spam bots being used by this type of spam are not aggressive, i.e. they back off immediately after being warned or reported. The name ‘crawlers’ for this type of referral spam Is the following because the spamming software crawls around the websites collecting information and leaving a spam message on several sites based on a pre-programmed criteria.

Method 2: Ghost Referral Spam

This spamming method is mostly preferred by spammers since it is often reported as very effective. The spam is named like this for a reason – its aim is to remain unnoticed on a website while quickly devaluating its Analytics data, making research based on it impossible. The ghost spam is reported to take advantage of the free HTTP traffic data passing through. This may enable it to spam while not even being present on the website being spammed.

C(.)новым(.)годом(.)рф – Information About the Domain

The domain itself has not presented any information on international whois services, suggesting it may be either new or well concealed. Furthermore, when opened with the most used web browser, Google Chrome, the domain redirected to the following web link:


Malware researchers firmly believe that C(.)новым(.)годом(.)рф referral spam is used in combination with random web links such as the above one to advertise third-party websites and generate hoax traffic to them. It may also be deployed with the purpose to infect users with malware and collect personal or financial information.

The spam may not be this dangerous for website publishers. However it is important to bear In mind that it may have the ability to corrupt different Google Analytics statistical data.

Stop C(.)новым(.)годом(.)рф Referral Spam

To successfully be rid of C(.)новым(.)годом(.)рф spam and prevent it from driving away users from your website it you should act towards blocking it. We managed to collect and present several guides on successfully blocking this spam from your Google Analytics, WordPress and Apache server. It is highly recommended to follow them carefully to stop this spam from spreading further and affecting how your website appears in Google results.

Method 1: Filtering C(.)новым(.)годом(.)рф Spam in Google Analytics:

Step 1: Click on the ‘Admin’ tab on your GA web page.
Step 2: Choose which ‘View’ is to be filtered and then click the ‘Filters’ button.
Step 3: Click on ‘New Filter’.
Step 4: Write a name, such as ‘Spam Referrals’.
Step 5: On Filter Type choose Custom Filter –>Exclude Filter –> Field: Campaign Source–> Filter Pattern. Then on the Pattern, enter the domain name – C(.)новым(.)годом(.)рф Step 6: Select Views to Apply Filter.
Step 7: Save the filter, by clicking on the ‘Save’ button.
You are done! Congratulations!

Also, make sure you check out these several methods to help you further block out this referrer spam from Google Analytics:

More Methods To Stop Spam Bots and Spiders In Google Analytics

We have also researched the following methods to remove this spam:

Method 2: Block C(.)новым(.)годом(.)рф from your server.

In case you have a server that is Apache HTTP Server, you may want to try the following commands to block C(.)новым(.)годом(.)рф domains in the .htaccess file:

RewriteEngine on

RewriteCond %{HTTP_REFERER} ^http://.*C.новым.годом \.рф/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*xn--b1aube0e.xn--c1acygb \.xn--p1ai/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*C.новым.годом \-for\-website\.рф/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*xn--b1aube0e.xn--c1acygb \-for\-website\.xn--p1ai/ [NC,OR]

RewriteRule ^(.*)$ – [F,L]

Also here is a web link to some spam URLs being blacklisted from other servers:

Ultimate Referrer Blacklist by

Disclaimer: This type of domain blocking in Apache servers has not yet been tested and it should be done by experienced professionals. Backup is always recommended.

Method 3 – Stop C(.)новым(.)годом(.)рф Via WordPress

There is a method outlined by security researchers online that uses WordPress plugins to block referrer spams from sites. There are many plugins that help deal with referrer spam, simply do a google search. We have currently seen one particular plugin reported to work, called WP-Ban, but bear in mind that you may find an equally good or better. WP-Ban has the ability to block users based on their IP address and other information such as the URL, for example.

Also, in case you feel like you may have clicked and been redirected to one of the domains mentioned in the spam message, and you believe your system may be compromised, you should scan your computer with a particular anti-malware tool. Downloading such software will also make sure your computer is safe against any future intrusions as well.

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share