Stop Referrer Spam Traffic from Your Site

This article has been made to help you stop referral traffic coming from on your website and block further referrer spam messages in the future as well.

Complaints by site publishers have recently increased about referral traffic coming in from a website, known as The spam may be contained either in messages posted on various places on the site, such as comment sections or replies on a forum or any other places. Whatever the case may be, the referrer spam is reported to quickly devaluate Google Analytics statistics, plus the web links may affect the users on your website. This is the main reason why spam security experts strongly recommend to completely block off the referrer spam from your website, instructions for which you can find if you read the article below. Referrer Spam – How Does It Work?

The spam, related with sending web links from the domain name can possibly originate from two primary spam bots.

Web Crawlers Also Known as Spiders

Another name for this type of referrer spam is “spiders” and the main reason for that is that they crawl like such from a web site to a web site, looking for a target site to spam. The sites they look for are usually sites with no captcha or lower overall spam security. Once they locate such a website, the spam bots have the ability to drop spammed URLs in the same time and very quickly to spike your traffic. However, do not be concerned, since this type of spam may also be blocked quite easily and it usually stops after being blocked once on your website, because the spam bots operate on many websites simultaneously and they risk being flagged and permanently shut down. So their only option to remain live and spamming for as long as possible is to quickly stop the spamming process after some time.

Ghost Referrer Spam

This spam is more dangerous than the previous two and just like it name suggests, once it has targeted your site, it may remain for longer periods of time, just like a ghost. The signs of this spam being on your site, may be a very similar site traffic each day, for example ~500 users each day, even on the weekends, when the traffic should be lower. This is because such spamming software relies on the free HTTP protocols and via those it may connect to the website it wants to spam without being logically connected to it with an IP address that you can ban. Not only the statistics on your Google Analytics is ruined as a result of using this spam, but it may also change popular posts and other key aspects of your site, targeting specific statistics. Being the more sophisticated type of spam, more advanced measures are required to block it.

The Referrer Spam Site – More Information

The domain is not a real domain by itself meaning that instead of visiting it when a user on your site clicks on it’s URL, they are transferred to a third-party website via a web browser redirect. The site is called and looks like the following:

The site is reported to be based in Netherlands initially, but it’s real location is concealed, so it is not known whether this site is safe to work with or not, although we assume that any site connected to a referral traffic is potentially unsafe.

In addition to this, the referral spam itself, related to may also be associate with a Google technique, known as “dorking”. This technique basically means that the spamming software may look for specific info on your website which makes it appear in google. It helps the spam bot to filter websites which to spam, based on specific criteria and items. Here is how several Google Dorking commands, related to vulnerabilities and other weaknesses appear like:

The end goal for those dorking commands may be to look for different vulnerabilities on your website, such as:

  • Vulnerable website files.
  • Opportunities, allowing hackers to gain access to web servers related to the site which are unsecured.
  • Sites containing secret directories with vital data.
  • Error messages.
  • Vulnerability and network logs.
  • Various online devices.
  • Information, regarding the web server of the website.
  • Files that have usernames or passwords in them.
  • Files with passwords.

How to Block Referrer Traffic

Since this type of referrer spam is primarily connected with multiple different risks, including the devaluation of your site’s statistics, it being flagged as spamming site and banned from google or the risk to your users as well. This is the primary reason we advise you not to underestimate this spam and act immediately. You can follow the instructions below in order to block the referrer spam from different locations on your website.

1: Filtering Referrer Spam in Google Analytics

Step 1: Click on the ‘Admin’ tab on your GA web page.

Step 2: Choose which ‘View’ is to be filtered and then click the ‘Filters’ button.

Step 3: Click on ‘New Filter’.

Step 4: Write a name, such as ‘Spam Referrals’.

Step 5: On Filter Type choose Custom Filter –>Exclude Filter –> Field: Campaign Source–> Filter Pattern. Then on the Pattern, enter the domain name – Referrer Spam

Step 6: Select Views to Apply Filter.

Step 7: Save the filter, by clicking on the ‘Save’ button.

Backup Solution

Since the domain blocking may not work, because the spam may use different hosts every time, same strategy may be used to block the referral spam via the keyword “vitaly rules Google ☆*:.。.゚゚・*ヽ(^ᴗ^)丿*・゚゚.。.:*☆ ¯\_(ツ)_/¯(•ิ_•ิ)(ಠ益ಠ)(ಥ‿ಥ)(ʘ‿ʘ)ლ(ಠ_ಠლ)( ͡° ͜ʖ ͡°)ヽ(゚д゚)ノʕ•̫͡•ʔᶘ ᵒᴥᵒᶅ(=^. .^=)oo like the picture below displays:

You are done! Congratulations!

Also, make sure you check out these several methods to help you further block out this referrer spam from Google Analytics:

More Methods To Stop Spam Bots and Spiders In Google Analytics

2: Block Referrer Spam from Your Server.

In case you have a server that is Apache HTTP Server, you may want to try the following commands to block Referrer Spam domains in the .htaccess file. Here is which domains we discovered so far and the commands to block them:

RewriteEngine on

RewriteCond %{HTTP_REFERER} ^https://.*Youtube-2-MP3 \.org/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^https://.*darodar \-for\-website\.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^https://.*get-free-traffic-now \.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^https://.*darodar \.com/ [NC,OR]

RewriteRule ^(.*)$ – [F,L]

Also here is a web link to some spam URLs being blacklisted from other servers:

Ultimate Referrer Blacklist by

Disclaimer: This type of domain blocking in Apache servers has not yet been tested and it should be done by experienced professionals. Backup is always recommended.

3: Stop Referrer Spam via WordPress.

There is a method outlined by security researchers online that uses WordPress plugins to block referrer spams from sites. There are many plugins that help deal with referrer spam, simply do a google search. We have currently seen one particular plugin reported to work, called WP-Ban, but bear in mind that you may find an equally good or better. WP-Ban has the ability to block users based on their IP address and other information such as the URL, for example.

Also, in case you feel like you may have clicked and been redirected to one of the domains mentioned in the spam message, and you believe your system may be compromised, you should scan your computer with a particular anti-malware tool. Downloading such software will also make sure your computer is safe against any future intrusions as well.

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter


Ventsislav Krastev

Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.