Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Get Rid of Ranksonic(.)net Referral Spam In Google Analytics

NameRanksonic(.)net Referral Spam
TypeMalicious domain being spammed by Referrer Spams
Short DescriptionThe domain may do various dangerous or unhealthy deeds to the PC activities.
SymptomsThe user may witness fake Java Update downloads as well as redirects to other potentially harmful domains.
Distribution MethodVia clicking on any Ranskonic(.)net links (For example Ransonic(.)net/?hrefasdi9/). By being redirected to it via a PUP (Potentially Unwanted Progra) causing pop-ups and redirects on the PC.
Detection ToolDownload Malware Removal Tool, to See If Your System Has Been Affected by Ranksonic(.)net Referral Spam
User ExperienceJoin our forum to discuss about Ranksonic(.)net Referral Spam.

In case you have been caught off guard by Ranksonic(.)net referral spam, you should take immediate actions to stop the spam once and for all, experts say. Referral spam has been causing quite the havoc lately and security researchers have identified that it is at its peak during the colder seasons. Many websites have suffered by it mainly because it devaluates their google analytics data. In this article we have researched several methods to get rid of referral spam as it has continued to evolve over time.

Ranksonic(.)net Referral Spam – What Is It?

Referrer spam (also known as referrer bombing or log spam) is created mainly to drive traffic to affiliate websites which are primarily vendors or clients of the spammers themselves. We have looked up into Ranksonic(.)net in depth only to establish that it may be a part of a whole network created by the spammer to generate hoax traffic for profit. Currently the domain itself leads the user to analytics data management site that advertises helpful software for website analytics.

ranksonic,spam

However, the referral spam may come in the form of many different URLs, for example ranskonic.net/fpbf02736d9/ which may redirect to all sorts of suspicious third-party websites:

  • Malware containing URLs
  • Fake retailer stores that may resemble well known websites such as AliExpress, Alibaba, eBay, Amazon and others.
  • Fake ‘Virus Detected’ type of pop-ups which aim to scare users and make them call fake customer representatives that are usually scammers.
  • Fake survey schemes that promise a reward if you enter your personal or financial details in the survey.
  • Rogue antivirus program websites that advertise poorly coded antivirus software displaying exaggerated or non-existent virus detections.

Now that we have looked into the dangers towards the user who clicks on those referral spams, let’s examine the dangers for the website publisher himself.

Imagine that you have a website that has low traffic but you are working yourself off to drive traffic to it. Suddenly you see a huge boost in traffic and you get extremely excited that your site finally gets boosted. However, it is unfortunately spam campaign aiming to drive traffic to some other website. Here are some of the dangers for website publishers, like you:

  • Referral spam devaluates the user data very swiftly.
  • It is very persistent and cyber-criminals use devious tactics to mask their presence and spam you for as long as possible.
  • Some particular spam attacks may catch information passing through HTTP traffic and target different analytic information.

If the spam is on a massive scale and the server that is hosting the website is not made to handle a lot of traffic, referral spam may crash the server, taking the website down with it.

Referral spam has been classified as two types:

1)WebCrawlers or Spiders Spam

This type of spam is called web crawling because what the spam bot essentially does is crawl over the web to search for various sites that are a lucrative spam target. It usually targets small websites that are in their initial development stages. It can corrupt their data very swiftly and make research based on it impossible.
This particular type of spam is less aggressive since spider bots are usually programmed to immediately stop spamming after being flagged instead of remaining present via another account. However bear in mind that there is a big ‘it depends’ because some spammers may remain present after all.

2)Ghost Referrer Spam

Ghost Referrer Spam is a particularly dangerous type of spam mainly due to one of its characteristics – it is widely used and is applied on a massive scale by spammers. However it is mostly effective because of how developed are the spam campaigns. The name Ghost Referral is there for a reason – this type of spam aims to mask its identity and remain for as long as possible on a target website and extra measures are required to ban it.

Ben Davis at vidget.com, an expert on spam research has indicated that this particular type of spam is actually not even logically present on the website it is spamming. This is done by spammers taking advantage via exploits in the free HTTP protocol data that passes through. Spammers try to conduct maximum amount of spam for as long as possible. Ghost referrer spam might also have a potential to send fake http prompts, focused on various Analytics data and allowing themselves to even modify search results.

Ranksonic(.)net Referral Spam – How To Protect Yourself from It?

There are several methods to protect yourself from this spam and we have provided them to you below based on their efficiency and sophistication, starting from the simplest and most widely used to the more tech savvy and out-of-the box approaches.

We also recommend before blocking out any Ranksonic(.)net and other spams to check out these blacklisted spammer domain lists provided for free online and block them as well:

https://github.com/piwik/referrer-spam-blacklist/blob/master/spammers.txt

Method 1: Filter it in Google Analytics

You can always try to block all of the domains associated with this website (.info, .net., .com, etc.).

Step 1: Click on the ‘Admin’ tab on your GA web page.
Step 2: Choose which ‘View’ is to be filtered and then click the ‘Filters’ button.
Step 3: Click on ‘New Filter’.
Step 4: Write a name, such as ‘Spam Referrals’.
Step 5: On Filter Type choose Custom Filter –>Exclude Filter –> Field: Campaign Source–> Filter Pattern. Then on the Pattern, enter the domain name – Ranksonic(.)net Referral Spam
Step 6: Select Views to Apply Filter.
Step 7: Save the filter, by clicking on the ‘Save’ button.
You are done! Congratulations!

Also, make sure you check out these several methods to help you further block out this referrer spam from google analytics:

https://sensorstechforum.com/exclude-all-hits-from-known-bots-and-spiders-in-google-analytics/

Method 2: Block it from your server.

In case you have a server that is Apache HTTP Server, you may want to try the following commands to block Ranksonic(.)net domains in the .htaccess file:
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://.*ranksonic\.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*ranskonic.\.ru/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*ranskonic \.org/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*ranskonic \.info/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.* ranskonic \.co/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.* ranskonic \.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.* ranskonic \-for\-website\.com/ [NC,OR]

RewriteRule ^(.*)$ – [F,L]

Also here is a web link to some spam URLs being blacklisted from other servers:

https://perishablepress.com/blacklist/ultimate-referrer-blacklist.txt

Disclaimer: This type of domain blocking in Apache servers has not yet been tested and it should be done by experienced professionals. Backup is always recommended.

Method 3 – Via WordPress

There is a method outlined by security researchers online that uses WordPress plugins to block referrer spams from sites. There are many plugins that help deal with referrer spam, simply do a google search. We have currently seen one particular plugin reported to work, called WP-Ban, but bear in mind that you may find an equally good or better. WP-Ban has the ability to block users based on their IP address and other information such as the URL, for example.

In case you have misclicked on one of the links related to Ranksonic(.)net, make sure to use an advanced anti-malware scanner to check whether or not our system has been compromised by malware. Virus experts recommend scanning your computer more than once since some cyber-threats may regenerate.

donload_now_250
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.