100dollars-seo.com Referral Spam
On June 5th, 2015, Google Analytics showed that my site got a big spike in referral traffic from
100dollars-seo.com. After dealing with the
social-buttons.com referral problems in late 2014 early 2015 where these sites spammed Google Analytics trying to get web masters to go to their site, I didn’t automatically go to the
100dollars-seo.com site. I first checked ownership via
whois 100dollars-seo.com and found the domain was registered to Whois Privacy Corp on June 5, 2015 through TLD Registrar Solutions, a domain registrar in Nassau, Bahamas.
curl 100dollars-seo.com showed nothing, indicating that the domain redirects, so I tried
curl -L 100dollars-seo.com, which displayed the code that had a lot of references for
semalt.com, a well known referral spammer. If you are not familiar with
semalt.com, read Semalt Hijacks Hundreds of Thousands of Computers to Launch a Referrer Spam Campaign, or Removing Referral Spam from Google Analytics. Next, I used
curl -L 100dollars.com > junk1 and
curl -L semalt.com > junk2 and then compared the two sites with
diff junk1 junk2 and found no differences. None.
100dollars-seo.com is redirecting to
semalt.com or is a duplicate of it. To find out, I used
curl -I 100dollars-seo.com, and found that it is doing a 302 redirect to
dig 100dollars-seo.com shows an IP address of
Tcpiputils.com shows that the site is hosted in the Netherlands, and that
website-errors-scanner.com are hosted on the same server.
Removing 100dollars-seo.com from Google Analytics
Next, I went to Google Analytics, and added
100dollars-seo.com to my filters as described in Removing Referral Spam from Google Analytics. This is an excellent article, and I won’t repeat the instructions here. You will find articles that give instructions on adding redirects in
.htaccess and for allowing/denying access in the
.htaccess file. Neither solutions works at all for the spammers like
social-buttons.com that use the vulnerability in Google Analytics’ protocol. The allow/deny
.htaccess approach can inadvertantly open up some serious security holes on your site.
Use Google Analytics filter approach described in Removing Referral Spam from Google Analytics.
To understand the frequency of this attack and other referral spam attacks, I looked at Google Trends and Figure 1 which shows the relative frequency of searches for “referral spam” and Figure 2 which shows the relative frequency for “100dollar-seo.com”. At this posting, there isn’t enough data to generate a Google Trends chart for Figure 2, but my guess is that on Monday June 8th, or Tuesday June 9th, enough web masters will be looking for this to generate a lot of data on it.
For more information on referral spam, see
Fixing the Problem
My first reaction in addressing referral spam was to add a line to .htaccess to block these spam referrals (see http://www.htaccess-guide.com/deny-visitors-by-referrer/ for a description of how to do this) but with more research, it turns out these referrals weren’t referrals to my site at all, but were insertions of fake referrals into my Google Analytics reports. As was the case with
darodar.com, the clear intent is to cause webmasters to go to an unfamiliar site when they see a reference in their Google Analytics reports. Whether the motivation is to generate traffic to their site or to cause webmasters to visit a site that will download malware is unknown.
Based upon the instructions in Removing Referral Spam from Google Analytics, I checked the hostname on the referrals, and all showed “(not set)”–a clear sign that no one ever touched my site and that these were inserted into Google Analytics to get me to click
social-buttons.com to generate traffic or download malware onto my computer.
Removing Referral Spam from Google Analytics provides a good description of the problem and some solutions. Understanding and eliminating referrer spam in Google Analytics gives another good description of referral spam and a programmatic solution that is appropriate for plug-in developers but not for administrators of WordPress, Joomla and other content management system (CMS) based sites.
An alternative is to switch to self-hosted Piwik for your web analytics; if you do this, it will be immediately clear that the vast majority of Google Analytics referral spam is of the spoofed variety rather than the crawler variety. Piwik does not have the advertising integration nor does it have the demographic information, but for many small-traffic sites it can provide much more information. See Using Piwik as an Alternative to Google Analytics on this web site for more information on why Piwik might work for you and how to implement it.
Useful Commands and Web Sites for Investigating Referrers
For investigating a referrer, here are some useful commands and web sites:
- TCPIPutils is a great site for looking up data on an domain or IP address
- For domain registrations, the command line
whois social-buttons.comis very convenient as is https://www.whois.net/
- For IP lookups,
dig social-buttons.comis convenient, as is http://ip-lookup.net/index.php
- Better Business Bureau
- To view a site in character mode so that malware doesn’t get downloaded, use
curl -L. These are commonly installed on Linux machines, but will require additional software on Windows and OS X, as discussed below.
- To look up a lot of information on an IP address in one place http://www.tcpiputils.com/browse/ip-address will give you a lot of information quickly.
Command Line Utilities
To use the
curl commands on Windows and OS X, you will need to install additional software:
- On Windows, install Cygwin and add the
- On OS X, install MacPorts and add the
Cygwin and MacPorts have many additional command line and graphical utilities that make life easier in Windows and OS X.
For more information on referral spam, see
- Social-buttons.com Referral Spam
- Best-seo-solution.com Referral Spam
- justprofit.xyz Referral Spam
- Get-free-social-traffic.com Referral Spam
- Video--production.com Referral Spam
- Rankscanner.com Referral Spam
- Success-seo.com Referral Spam
- Videos-for-your_business.com Referral Spam
- Semaltmedia.com Referral Spam
- 100dollars-seo.com Referral Spam