Over the last few weeks I’ve been looking into ways to stop the traffic spikes, caused by a known issue with many aliases:
- Referrer Spam
- Ghost Traffic
- Log Spamming
- Referrer Bombing
… amongst others.
What is it?
Basically, it’s a technique used by evil spammers to create backlinks to their (or their dark overlord’s) website.
It works by making multiple requests, using a fake URL, to your site with the aim of being published via your access logs and, ultimately, indexed by Google. This only really works if you publish your access logs which, most likely, isn’t the case but that doesn’t stop them having a go anyway.
The main headache for me, and I imagine for a lot of folk, is very skewed ‘Acquisition’ stats in Analytics. You could also argue that it could affect your site’s performance during an attack.
What can we do about it?
So, there’s a few different ways we can approach this and most of them have been highlighted beautifully by our friends over at Raven Tools. These include blocking referrer traffic via .htaccess, ‘deflecting’ the traffic back to where it came from (which I love the idea of) and, if you’re a WordPress user, there’s a couple of handy plugins that work to a certain extent – Semalt Blocker & SpamReferrerBlock.
However, there is the issue of keeping up with the latest offenders. Manually creating and maintaining files with lists of these rogue URL’s is surely just another task to add to the never-never list. Even the plugins will rely heavily on the developer(s) keeping the blacklist up-to-date.
A Simple Solution
After some research, I stumbled across this. The appropriately named ‘Referrer Spam Help‘ from xse media is a very clever way of filtering referrer spam via Analytics. The tool is super simple to setup and, once you give it access to your Analytics data, will automatically detect new spammers and block them for you using a new filter rule.
OK, so it doesn’t actually block the actual traffic and you might not feel totally comfortable with giving the tool access to your Analytics data, but as far as a smart way to solve my immediate problem, this fits the bill perfectly.
I’m pretty sure this model could be adapted to block the spam traffic itself, and it’s possibly something we may look into for the WordPress community.