Get Rid of Referral Spam Leading to Semalt from Google Analytics

spam-refferral-smalt-sensorstechforumA number of website URLs linking to Semalt Media’s website have been reported to be associated with numerous referral spam messages sent out all across the globe on various websites. The spam affects predominantly websites which do not have adequate spam protection and which are not monitored to often. All users, as well as website publishers, should be aware that this spam can quickly devaluate Google Analytics data of a site and infect the ones who open the spammed web links with malware and unwanted programs as well as involve them in various scams.

Threat Summary

Name Semalt
Type Referral Spam.
Short Description Software which spams different URLs to boost traffic to them and to quickly devaulate the statistics on targeted sites..
Symptoms Spams contain several specific spammed URLs which redirect to third-party sites. The default domains of those URLs redirect to Semalt’s web page.
Distribution Method Web Crawlers and Ghost Referrals
Detection Tool See If Your System Has Been Affected by malware


Malware Removal Tool

User Experience Join our forum to Discuss Semalt Spam Campaings.

How Do Semalt Spam Links Distribute

Since the spammers behind Semalt have used a massive spam campaign, according to Incapsula researchers, the spammers may have used two types of spamming software:

Web Crawlers or Spiders

This type of spamming software “crawls” though different pages to collect information about how often are the sites of those pages modified by administrators and other criteria. After it has gathered enough data, it may initiate a massive spam campaign on certain URLs, previously assigned to it from a specific “hitlist”. And what is worse is that reports by Incapsula indicate that when official Google bots crawl to scan for web links they begin to index the referral spammed web links and therefore boost the SEO of the spammed web site, in this case, Semalt.

Ghost Referral Spam

Even though it has not been officially confirmed, Semalt Referral Spam may also be redistributed via ghost referrals. Such spam is more sophisticated and more targeted than massive. It takes advantage of the free HTTP protocol to connect remotely to the website and spam while not even being on the website itself. It is extremely effective and is very hard to be removed.

Both off those spam methods can be utilized via very expensive spam campaigns, and they are something you DO NOT want to have on your website. Besides regular checks for spam, they should be permanently blocked on your web server because they have the potential to quickly devaluate the data of Google Analytics websites. And the damage done by such spammed URLs may even be more. For example, Ghost Referrals can target specific aspects of Google Analytics data to devaluate. And not only this, but it may also lead to malicious web pages that may infect the users of the website with malware, and make them never come back to your site again.

More Information About the Semalt Referral Spam

As soon as the spam is initiated, it may be in messages that contain web links which originate from the following domains:

  • https://semalt.semalt(.)com
  • HTTP://
  • HTTP://

Also, researchers have identified that the following IP addresses were belonging to spam bots spreading web links redirecting to Semalt’s main web page:


In addition to that, the spammers are reported to use a very dangerous software, called QtWebKit, which allows them to perform different activities, like executing different JavaScript. Also, further reports indicate that these spam bots may be doing the spamming from infected machines and hence be spread via different malware, like botnet malware, for example. Malware researchers report that Semalt may have used the Soundfrost botnet which might have allowed them to infect hundreds of thousands of computers all over the world, primarily in South America.

More Information on Semalt

The website itself appears to be a website that offers a variety of services to users as well as websites:


Besides the products it offers, Semalt’s website also pretends to offer to analyze a website’s potential for free by scanning for keywords and other statistics:

semalt-website-potential analysis

However, the website wants money from users to show the report for its analysis. It offers various SEO tools and even to create websites for its clients.

Stop Semalt Referral Spam from Your Computer

Since referral spam associated with Semalt may link to many third-party websites, trying to boost their traffic by using spamming methods, users can never be too sure what type of websites the web links will lead them to. Not only this, but such spam is mainly a menace for website publishers since it devaluates their analytics data quickly and makes research based on it impossible. This is why we advise you to use some of the following instructions and hopefully block this spam and protect yourself in the future as a user.

1: Filtering Semalt in Google Analytics

Step 1: Click on the ‘Admin’ tab on your GA web page.

Step 2: Choose which ‘View’ is to be filtered and then click the ‘Filters’ button.

Step 3: Click on ‘New Filter’.

Step 4: Write a name, such as ‘Spam Referrals’.

Step 5: On Filter Type choose Custom Filter –>Exclude Filter –> Field: Campaign Source–> Filter Pattern. Then on the Pattern, enter the domain name – Semalt

Step 6: Select Views to Apply Filter.

Step 7: Save the filter, by clicking on the ‘Save’ button.

You are done! Congratulations!

Also, make sure you check out these several methods to help you further block out this referrer spam from Google Analytics:

More Methods To Stop Spam Bots and Spiders In Google Analytics

1: Block Semalt from Your Server.

In case you have a server that is Apache HTTP Server, you may want to try the following commands to block Semalt domains in the .htaccess file:

RewriteEngine on

RewriteCond %{HTTP_REFERER} ^https://.*semalt.semalt \.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^https://.*semalt.semalt \-for\-website\.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^https://.*keywords-monitoring-your-success \.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^https://.*keywords-monitoring-your-success \-for\-website\.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^https://.*free-video-tool \.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^https://.*free-video-tool \-for\-website\.com/ [NC,OR]

RewriteRule ^(.*)$ – [F,L]

Also here is a web link to some spam URLs being blacklisted from other servers:

Ultimate Referrer Blacklist by

Disclaimer: This type of domain blocking in Apache servers has not yet been tested and it should be done by experienced professionals. Backup is always recommended.

3: Stop Semalt via WordPress.

There is a method outlined by security researchers online that uses WordPress plugins to block referrer spams from sites. There are many plugins that help deal with referrer spam, simply do a google search. We have currently seen one particular plugin reported to work, called WP-Ban, but bear in mind that you may find an equally good or better. WP-Ban has the ability to block users based on their IP address and other information such as the URL, for example.

Also, in case you feel like you may have clicked and been redirected to one of the domains mentioned in the spam message, and you believe your system may be compromised, you should scan your computer with a particular anti-malware tool. Downloading such software will also make sure your computer is safe against any future intrusions as well.

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter


Ventsislav Krastev

Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share