Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Get Rid of Ranksonic(.)biz Referral Spam In Google Analytics

If you have become a victim of Ranksonic(.)biz’s referral spam it is important to take the necessary actions to cut the spam away from your website permanently. According to experts, this referral spam has been caught to cause a storm of spam targeting both small and developed websites with its peak during the colder days. Several websites have experienced the headache of removing spam by Ranksonic(.)biz. In the hereby article we researched several methods to block the spam completely from google analytics and also prevent it via other techniques.

NameRanksonic(.)biz Referral Spam
TypeMalicious domain being spammed by Referrer Spams
Short DescriptionThe domain may do various dangerous or unhealthy deeds to the PC activities.
SymptomsThe user may witness fake Java Update downloads as well as redirects to other potentially harmful domains.
Distribution MethodVia clicking on any Ranksonic(.)biz links (For example Ranksonic(.)biz/?hrefasdi9/). By being redirected to it via a PUP (Potentially Unwanted Progra) causing pop-ups and redirects on the PC.
Detection ToolDownload Malware Removal Tool, to See If Your System Has Been Affected by Ranksonic(.)biz Referral Spam
User ExperienceJoin our forum to discuss about Ranksonic(.)biz Referral Spam.

Ranksonic(.)biz Referral Spam – What Is It?

This particular type of spam is also familiar as referrer bombing or log spam. It has been made primarily to generate traffic which is hoax to client websites by spamming its links which redirect to them. An example of spam link by Ranksonic may look like the following:

http://2382321ranksonic(.)biz/a_20eh02das0d-002pldna0w2/

At the moment the domain itself ranksonic(.)biz leads users to the main website of the ‘service’ which advertises it as a analytics data management website, offering helpful website analytics.

ranksonic,spam

This referral spam may come in different forms, along with different messages, redirecting users to one or more websites that may have any content (from legitimate to malicious) on them. Such sites may conceal different dangers from the user:

  • Infect the user with malware.
  • Scam the user into buying a product from non-existent online retailer stores or good phishing sites that look almost the same as Alibaba, eBay, Amazon and others. A good example for a phishing site is offer(dot)alibaba(dot)com which looks almost the same as the original website alibaba.com
  • Fake social engineering scams in the face of fake error pop-ups prompting users to call fake tech support to fix the problem for an expensive fee.
  • Survey schemes promising rewarding upon entering your personal information or financial info in the questionnaire.
  • Fraudulent antivirus software sites advertising badly coded antivirus software that slows down user PCs and shows fake virus detections to make inexperienced users subscribe and buy an overpriced licensed version.

After we have examined several of the many dangers if you are a user and visit such redirecting links, let’s see what dangers this spam may be posing for the site itself.

In case you have a site that is low on traffic and you are trying to research based on the traffic analytics how to improve it, this type of spam may quickly damage your data by adding the spam traffic and hence devaluating it.

Referral spam is very persistent and in some cases (if conducted on a massive scale by more than one vendors and not stopped in time) it may crash the website server, causing the site do change into a ‘down’ state.

Officially, referrer spam has been divided into two main categories.

1st category: WebCrawing or Spiders

This type of spam attacks is called this way because the spamming program ‘crawls’ over the web to search for opportunities to spam. It is usually aimed at small and underdeveloped websites since larger sites may have various defences in the form of captcha letters and other ‘Am I a robot?’ type of checks. The spam bot devaluates statistics very fast making a relevant research based on them impossible.
This spam category is less aggressive due to the fact that spider spam bots usually back away as soon as they have been spotted to avoid flagging and raise eyebrows. However, there is a big ‘it depends’ when it comes to agressiveness.

2nd category – Ghost Referral Spam

This particular spam category is the most widely used type of spam because it is very developed and its attacks are more sophisticated. The word ‘ghost’ is there for a particular reason. This type of spam remains hidden for as long as possible on a site while sending out its messages. Some attacks by this type of software are so well developed that the spam bot itself may use specific tools to help it not even stay on the website it is spamming i.e. conduct the spam while not there. This makes it harder to block out and filter and extra measures are usually required.

Ben Davis at vidget.com, a spam researcher, claims that this type of attacks use the free HTTP traffic data passing through to capture it and use it to mask their sessions.

Ranksonic(.)biz Referral Spam – How To Protect Yourself from It?

Users and publishers may not be aware but there are many methods to stop such spam from happening in the future. Here we have provided links to some of those methods. In case the ones below are not successful, you can see more filtering and blocking methods in Google Analytics here:
https://sensorstechforum.com/exclude-all-hits-from-known-bots-and-spiders-in-google-analytics/
Before blocking out any Ranskonic(.)biz, make sure you check out this blacklist of websites also featured in massive referral spam campaigns:
https://github.com/piwik/referrer-spam-blacklist/blob/master/spammers.txt

Method 1: Filter it in Google Analytics

You can always try to block all of the domains associated with this website (.info, .net., .com, etc.).

Step 1: Click on the ‘Admin’ tab on your GA web page.
Step 2: Choose which ‘View’ is to be filtered and then click the ‘Filters’ button.
Step 3: Click on ‘New Filter’.
Step 4: Write a name, such as ‘Spam Referrals’.
Step 5: On Filter Type choose Custom Filter –>Exclude Filter –> Field: Campaign Source–> Filter Pattern. Then on the Pattern, enter the domain name – Ranksonic(.)biz Referral Spam
Step 6: Select Views to Apply Filter.
Step 7: Save the filter, by clicking on the ‘Save’ button.
You are done! Congratulations!

Method 2: Block it from your server.

In case you have a server that is Apache HTTP Server, you may want to try the following commands to block Ranksonic(.)biz domains in the .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://.*ranksonic\.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*ranskonic.\.ru/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*ranskonic \.org/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*ranskonic \.info/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.* ranskonic \.biz/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.* ranskonic \.co/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.* ranskonic \.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.* ranskonic \-for\-website\.com/ [NC,OR]

RewriteRule ^(.*)$ – [F,L]

Also, here are some more domains you could block from your server as well:
https://perishablepress.com/blacklist/ultimate-referrer-blacklist.txt

Disclaimer: This type of domain blocking in Apache servers has not yet been tested and it should be done by experienced professionals. Backup is always recommended.

Method 3 – Via WordPress

There is a method outlined by security researchers online that uses WordPress plugins to block referrer spams from sites. There are many plugins that help deal with referrer spam, simply do a google search. We have currently seen one particular plugin reported to work, called WP-Ban, but bear in mind that you may find an equally good or better. WP-Ban has the ability to block users based on their IP address and other information such as the URL, for example.

In case you have misclicked on one of the links related to Ranksonic(.)biz, make sure to use an advanced anti-malware scanner to check whether or not our system has been compromised by malware. Virus experts recommend scanning your computer more than once since some cyber-threats may regenerate.

donload_now_250
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.