Have you noticed a number of inexplicable referrers in your Google Analytics reports recently? This is most probably caused by malicious referrer spam.

The rise of referrer spam in your analytics reports

Bots vs. humans: who runs the web?

If you monitor your website analytics regularly, you’ve probably seen an increase in visits recently. This normally would be cause for celebration, but if this is happening to you, you should be a little suspicious. Are the visits from real humans or bots?

Today, bots are as active as ever and represent up to 50% of web traffic. Not all bots are bad, though. Some of them help improve our user experience on the web. Take Googlebot, for example. It’s a useful bot which indexes content and web pages in its search engine to help us find what we are looking for quickly.

Of course, other bots do not have such good intentions. They perform malicious functions and cause confusion in the web analytics reporting system. Google Trends recently revealed an exponential increase in malicious bots in search engine queries involving referrer spam, as well as ghost referral spam, which is even more difficult to control.

Referrer spam and ghost referral spam: trouble maker bots interfering with your analytics

Referrer spam, also known as ghost referral spam, is a very specific kind of spamdexing (spamming aimed at search engine queries). In the field of web analytics, it represents a growing trend that misleadingly inflates the number of visits on a website from a referred source. In other words, referrer spam is a fake traffic source pretending to redirect visitors to your site, giving you a false picture of your popularity.

This referrer spam technique involves making repeated requests using a fake referrer URL to the target website. The aim of these spammers is two-fold: to improve their ranking on search engines by indexing (via access logs) these bulk generated links, and also to generate revenue by tricking webmasters and web marketers into visiting the malicious websites reported as referrers in their analytics.

Over the years, referrer spam bots have become more and more sophisticated. The latest generation of bots acting as ghost referral spam send fake visit data without even visiting your website. They simply obtain your analytics tracking code or Google Analytics property ID, which is public information. This type of spam is particularly harmful because it is ‘immune’ to the regular methods for dealing with referrer spam.

How does referrer spam data affect your analytics?

Spam bots skew your analytics in five key ways:

  1. They affect the accuracy of your data
  2. They drag down your engagement rate
  3. They lower the quality of your site traffic
  4. They increase your bounce rate (up to 100%)
  5. They reduce the average time-on-page (close to 1.0) and session duration (close to 0.00)

In other words, referrer spam gives you a false impression of success while degrading the rest of your most qualified and useful data.

Cleaning up your analytics is more critical than ever, regardless of the popularity or size of your website, or even how long your website has existed. Referrer spam can affect newly created websites well before they have gained in popularity.

In fact, the smaller your site, or the fewer visits you have, the greater the impact of referrer spam will have on your metrics. If you run a large website with tens of thousands of visitors each day, fake referral links will be offset by your real backlinks data. Whatever the size or popularity of your site, the impact of referrer spam is important, and not to be overlooked.

Thankfully, there are solutions which can allow you to ignore referrer spam and ghost referral spam, and even restore your previous data integrity.

How to deal with referrer spam on your Google Analytics reports

Here is a quick overview of the most common ways to deal with referrer spam, and how effective they are:

Filter on the ‘Referral’ field

Filter on the ‘Referral’ field

Filter on the ‘Referral’ field

A common recommendation is to simply create a filter based on the Referral field criteria. It sounds too good to be true. Unfortunately, it is! This approach is ineffective because spammers regularly change the referrals they use. You would have to constantly update your filter which is an inefficient solution and not dealing with the cause. Some people recommend using a filter based on the Campaign Source field, but this field is often not explicitly mentioned, so Google Analytics automatically uses the referrer by default.

Filter on the Hostname field

Filter on the Hostname field

Filter on the Hostname field

Another approach is to set a filter based on the Hostname field. But as we have seen earlier, spammers can send fake data without targeting any identified website hostname correlated to a Google Analytics property ID. By creating a white list based only on the hostname field, you run the risk of accidentally filtering out valid page views. Not a good idea!

Filter on the Request URI field

Filter on the Request URI field

Filter on the Request URI field

This is a more deductive technique based on the assumption that the ghost referral spam is requesting the website homepage. So the solution is to override the reported homepage URI (/) in the Google Analytics Javascript snippet with an alternative such as /index.php. By doing this, you can safely ignore referrer spam by creating a filter that excludes all page views with the Request URI field set to /. A major issue with this approach is that it will introduce discontinuity in your homepage data. To get around this, you can run another filter to automatically map /index.php on to / in your analytics.

Custom dimension

Custom dimension

Custom dimension

You can use Custom dimension in case spammers start targeting pages other than /. This technique aims to change the tracking code to prevent this specific behavior and send a correlated and filterable value to Google Analytics in all page views. But even this approach is not entirely safe and sustainable.

Invest in cleaner analytics data to block referrer spam

The Emolytics development team has developed robust and effective security measures in our analytics tool. Referrer spam often targets specific providers such as Google Analytics, so our analytics tool is naturally immune to spam bots.

Putting a spoke in the wheels of bad bots is our credo. We have set up a filter to protect IPs from well-known or live detected bots referrer spam. We check and filter all data and ensure that the domain and ID fit well to prevent malicious behavior. Unlike with Google Analytics, it is impossible to parse the ID with the Emolytics solution, which makes referrer spam traffic more difficult or impossible in bulk activities.

Our customers have already seen significant improvements when comparing their Google Analytics reports with our Emolytics optimized data: a number of key statistics are clearly more qualified and realistic, particularly when looking at bounce rate, session time and number of visits.

The moral to this bots story? Blocking referrer spam, especially ghost referral spam, takes time and effort, but it is a crucial issue that needs to be resolved if you want to preserve the validity of your performance indicators and achieve your marketing goals.

Why not request a free demo with one of our most hardened referrer spam blockers?

CTO and Co-Founder at Emolytics, David Frenay is an Engineer, Physicist and Entrepreneur. He is Passionate about data, web dev, psychology, entrepreneurship and complexity science.

View Comments

There are currently no comments.

Next Post

This website uses cookies to ensure you get the best experience on our website.
Some functionality will be unavailable until cookies are allowed. About cookies