THREAT REMOVAL

Stop Vitaly Rules Google Referral Spam Traffic from Your Site

This article contains information on how to Block “vitaly rules Google ☆*:.。.゚゚・*ヽ(^ᴗ^)丿*・゚゚.。.:*☆ ¯\_(ツ)_/¯(•ิ_•ิ)(ಠ益ಠ)(ಥ‿ಥ)(ʘ‿ʘ)ლ(ಠ_ಠლ)( ͡° ͜ʖ ͡°)ヽ(゚д゚)ノʕ•̫͡•ʔᶘ ᵒᴥᵒᶅ(=^. .^=)oo” referral traffic from your Google Analytics and your web server.

Is Vitaly unsecure? What is Vitaly Rules Google? Should you remove Vitaly Rules Google referral spam? How to clean your site from referral spam?

Users have increasingly begun to complain in Google support forums regarding referral spam attacks caused by hosts linking to the message vitaly rules google in Google Analytics. This referral traffic has been reported to quickly devaluate Google Analytics statistics, so blocking swiftly every related URL and on the server is strongly advisable. Furthermore, it is also recommended to take additional precautions in case you have visited web links spammed by “vitaly rules Google” bots. This is why we advise reading the following article and get familiar with how this spam is spread and how it can be blocked completely.

Vitaly Rules Google Referral Spam – How Does It Work?

The spam sending web links linking to “vitaly rules Google” domains has been reported to originate from two primary types of spam bots.

Type 1: Web Crawlers (Spiders)

Also known as spider spam, this is a type of software that aims to “crawl” the web for different websites pre-set based on specific criteria, for example, no captcha, easy registration and others. After this has been performed, the spam bot may drop spam links on the websites simultaneously. The benefits for the spam sender are that more websites can be spammed at the same time. The good part concerning you is that this type of spam can be blocked and backs away immediately after being flagged and blacklisted, meaning that is not as persistent as the second type.

Type 2: Ghost Referrer Spam

Also known as ghost referral, the name of this spam suggests that the spamming software related to it aims to crawl a website and stay on it for longer periods of time undetected. The nickname “ghost” comes from the fact that most spamming software of such type uses the free HTTP protocols to connect remotely to the targeted website and spam “from a distance” without even being directly connected and present on the site as a bot/user. This spam may quickly render the statistics on a website it attacks useless, making research from those statistics, practically impossible, changing popular posts and other information. It is so sophisticated that it can even target separate parts of the analytics information of a website.

More About the Vitaly Rules Google Domains

Whatever the case of Vitaly Rules Google may be, the referral spam is very sophisticated, and the spammers behind it may have used a sophisticated combination of a technique known as “Google dorking” to find a pre-set lists of websites based on specific criteria and embed them in the source code of their spamming software. This technique is basically filtering websites, based on specific items and includes usage of code-generated searches to find specific information on a site which is appears in Google. Here is an example of Google dorking commands below:

Some of those commands may look for websites with unsecured robots.txt files as well as several other criteria, like missing captchas and others. Furthermore, there are other features that Google Dorking possesses and can be inputted in the spam-bots to look for:

  • Vulnerabilities and vulnerable files.
  • Footholds that allow hackers to gain access to directories of unsecured web servers.
  • Sites containing sensitive directories.(or secret ones)
  • Vulnerable servers – servers with specific vulnerabilities which is most likely the type of dorking used by this ransomware.
  • Error Messages.
  • Network or vulnerability data.
  • Different Online Devices.
  • Web Server Information.
  • Files that have usernames in them.(Only)
  • Password files.(Only)

When we check the domains related to the spam, it immediately becomes evident that they are low-quality websites or phishing websites, like the following:

How to Block Vitaly Rules Google Referral Traffic

There are several consequences to keeping referral traffic related to Vitaly Rules Google domains and those are primarily related to:

  • Devaluation of the website statistics.
  • Over-flooding of the site comments and flagging the website in Google.

This is why we recommend you to not underestimate this spam and follow our instructions to block it from several different locations:

1: Filtering Vitaly Rules Google in Google Analytics

Step 1: Click on the ‘Admin’ tab on your GA web page.

Step 2: Choose which ‘View’ is to be filtered and then click the ‘Filters’ button.

Step 3: Click on ‘New Filter’.

Step 4: Write a name, such as ‘Spam Referrals’.

Step 5: On Filter Type choose Custom Filter –>Exclude Filter –> Field: Campaign Source–> Filter Pattern. Then on the Pattern, enter the domain name – Vitaly Rules Google

Step 6: Select Views to Apply Filter.

Step 7: Save the filter, by clicking on the ‘Save’ button.

Backup Solution

Since the domain blocking may not work, because the spam may use different hosts every time, same strategy may be used to block the referral spam via the keyword “vitaly rules Google ☆*:.。.゚゚・*ヽ(^ᴗ^)丿*・゚゚.。.:*☆ ¯\_(ツ)_/¯(•ิ_•ิ)(ಠ益ಠ)(ಥ‿ಥ)(ʘ‿ʘ)ლ(ಠ_ಠლ)( ͡° ͜ʖ ͡°)ヽ(゚д゚)ノʕ•̫͡•ʔᶘ ᵒᴥᵒᶅ(=^. .^=)oo like the picture below displays:

You are done! Congratulations!

Also, make sure you check out these several methods to help you further block out this referrer spam from Google Analytics:

More Methods To Stop Spam Bots and Spiders In Google Analytics

2: Block Vitaly Rules Google from Your Server.

In case you have a server that is Apache HTTP Server, you may want to try the following commands to block Vitaly Rules Google domains in the .htaccess file. Here is which domains we discovered so far and the commands to block them:

RewriteEngine on

RewriteCond %{HTTP_REFERER} ^http://.*Youtube-2-MP3 \.org/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*darodar \-for\-website\.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*get-free-traffic-now \.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://.*darodar \.com/ [NC,OR]

RewriteRule ^(.*)$ – [F,L]

Also here is a web link to some spam URLs being blacklisted from other servers:

Ultimate Referrer Blacklist by Perishablepress.com

Disclaimer: This type of domain blocking in Apache servers has not yet been tested and it should be done by experienced professionals. Backup is always recommended.

3: Stop Vitaly Rules Google via WordPress.

There is a method outlined by security researchers online that uses WordPress plugins to block referrer spams from sites. There are many plugins that help deal with referrer spam, simply do a google search. We have currently seen one particular plugin reported to work, called WP-Ban, but bear in mind that you may find an equally good or better. WP-Ban has the ability to block users based on their IP address and other information such as the URL, for example.

Also, in case you feel like you may have clicked and been redirected to one of the domains mentioned in the spam message, and you believe your system may be compromised, you should scan your computer with a particular anti-malware tool. Downloading such software will also make sure your computer is safe against any future intrusions as well.

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Avatar

Ventsislav Krastev

Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.

More Posts - Website

Follow Me:
Twitter

1 Comment

  1. AvatarOkom3pom

    Bonjour,

    Il y a une partie traduit qui doit rendre le filtre inefficace :)

    Merci pour l’article.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...