THREAT REMOVAL

o-o-8-o-o.com search shell is much better than google! – Block Referral Spam in GA

o-o-8-o-o.com search shell is much better than google! – have you encountered this in your Google Analytics? It is the latest example of a new generation GA spam, already dubbed language spam. Apparently, the referral spam is linked to the Russian spammer Vitaly who uses referral spam to promote a search engine. A website owner would notice unusual language dimensions, keywords, and referral traffic from o-o-8-o-o(.)com.

This referral spam campaign may also be linked to Secret.ɢoogle.com. Besides polluting the source/medium dimension in Google Analytics, other parameters may be affected as well.

o-o-8-o-o.com search shell is much better than google! – What to Know

The very first thing to keep in mind is that visiting that page is dangerous as it is a domain controlled by spammers. Visiting such domains hides many risks and should be avoided. What is more, this is what spammers want you to do – end up on their website and purchase their dubious services.

The o-o-8-o-o.com spam has been outlines as ghost traffic that bypasses the server and directly targets Google Analytics. To do that, spammers rely on the “Measurement Protocol”. The main difference between regular bot spam and ghost referral spam is that the second one will show up only in Google Analytics reports.

More about Ghost Referral Spam

This particular type of spam is more sophisticated because it uses the free hype text protocol (HTTP) in order to take advantage of it and remain hidden and in some cases not even logically present in the website it spams. Ben Davis at vidget.com claims that such spam is not even present on the website it is spamming. Even worse, the spam may target different parts of the website.

Either way, referral spam aims to drive hoax traffic to third-party websites and most spammers do not really care about the type of websites they advertise this way, i.e. sharebutton(.)to. The end goal here is the same as in email spam – quick and efficient monetization of campaigns.

o-o-8-o-o.com search shell is much better than google! – How Dangerous Is It?

The good news here, as explained by GA experts, is that the spam isn’t directly threatening to a website. All the spam campaign does is data pollution which can still be quite irritating and the level of damage may be difficult to define. This type of spam tends to “attack” smaller sites.

o-o-8-o-o.com search shell is much better than google! – How to Block

There are several consequences of keeping referral traffic related to Vitaly Rules Google domains:

  • Devaluation of the website statistics.
  • Over-flooding of the site comments and flagging the website in Google.

That is why it is highly recommended that affected website owners proceed with blocking it by following the instructions provided below.

1: Filtering in Google Analytics

Step 1: Click on the ‘Admin’ tab on your GA web page.

Step 2: Choose which ‘View’ is to be filtered and then click the ‘Filters’ button.

Step 3: Click on ‘New Filter’.

Step 4: Write a name, such as ‘Spam Referrals’.

Step 5: On Filter Type choose Custom Filter –>Exclude Filter –> Field: Campaign Source–> Filter Pattern. Then on the Pattern, enter the domain name –

Step 6: Select Views to Apply Filter.

Step 7: Save the filter, by clicking on the ‘Save’ button.

Backup Solution

Since the domain blocking may not work, because the spam may use different hosts every time, same strategy may be used to block the referral spam via the keyword “vitaly rules Google ☆*:.。.゚゚・*ヽ(^ᴗ^)丿*・゚゚.。.:*☆ ¯\_(ツ)_/¯(•ิ_•ิ)(ಠ益ಠ)(ಥ‿ಥ)(ʘ‿ʘ)ლ(ಠ_ಠლ)( ͡° ͜ʖ ͡°)ヽ(゚д゚)ノʕ•̫͡•ʔᶘ ᵒᴥᵒᶅ(=^. .^=)oo like the picture below displays:

You are done! Congratulations!

Also, make sure you check out these several methods to help you further block out this referrer spam from Google Analytics:

More Methods To Stop Spam Bots and Spiders In Google Analytics

2: Block from Your Server.

In case you have a server that is Apache HTTP Server, you may want to try the following commands to block domains in the .htaccess file. Here is which domains we discovered so far and the commands to block them:

RewriteEngine on

RewriteCond %{HTTP_REFERER} ^https://.*Youtube-2-MP3 \.org/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^https://.*darodar \-for\-website\.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^https://.*get-free-traffic-now \.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^https://.*darodar \.com/ [NC,OR]

RewriteRule ^(.*)$ – [F,L]

Also here is a web link to some spam URLs being blacklisted from other servers:

Ultimate Referrer Blacklist by Perishablepress.com

Disclaimer: This type of domain blocking in Apache servers has not yet been tested and it should be done by experienced professionals. Backup is always recommended.

3: Stop via WordPress.

There is a method outlined by security researchers online that uses WordPress plugins to block referrer spams from sites. There are many plugins that help deal with referrer spam, simply do a google search. We have currently seen one particular plugin reported to work, called WP-Ban, but bear in mind that you may find an equally good or better. WP-Ban has the ability to block users based on their IP address and other information such as the URL, for example.

Also, in case you feel like you may have clicked and been redirected to one of the domains mentioned in the spam message, and you believe your system may be compromised, you should scan your computer with a particular anti-malware tool. Downloading such software will also make sure your computer is safe against any future intrusions as well.

donload_now_250
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...