Rankings-Analytics.com Referral Spam
On Thursday, October 22, 2015,
rankings-analytics.com appeared in my Google Analytics referrer list with a landing page of
try.php–a page that does not exist on my web site. Since discovering Google Analyics referral spam is a well-known referral spam robot, I didn’t Google them and click on their site. Google Analytics referral spammers place their website name into the GA referral list. Whether this is to drive business to their web site or to download malware on the computers of webmasters is not clear.
I first used
whois rankings-analytics.com and learned that the domain was registered on October 6, 2015; most referral spammer domains are registered within a month of the first attack. Many are created on Thursdays for attacks over the weekend. The domain was registered in the Ukraine and uses a privacy service.
curl rankings-analytics.com returned nothing, indicating that the site redirects.
curl -L rankings-analytics.com | grep '.com' shows a number of hyperlinks to
semalt.com, a well-known referral spammer.
curl -L rankings-analytics.com | grep 'UA' shows that the website is user of Google Analytics:
which is the same GA account used by
Other domains on
18.104.22.168 shown by
Stopping Referral Spam
Although there are many web sites that suggest adding code to
.htaccess, this does not work for all referral spam and will ultimately cause performance problems for your website as
.htaccess grows with hundreds of rows for referral spammers. In addition, this approach will not stop the referral spammers that do not crawl your site but which instead spoof your Google Analytics ID directly with the Google servers.
A better approach is to use filters within Google Analytics using regular expressions.
Trends in Rankings-analytics.com Referrals
It is hard to tell just how often this is occurring on any site other than one’s own, but Google Trends may offer some additional information, as shown in the dynamic figure below showing interest in the search term “social-buttons.com”. This graphic currently won’t render on Firefox and Chromium (it will on Chrome), as they appear to handle the
X-Frame-Options header more restrictively (and securely) than current versions of Chrome, Safari and Internet Explorer. If you want to see the graphic in these browsers, use https://www.google.com/trends/explore#q=social-buttons.com%2C%20ustprofit.xyz%2C%20referral%20spam&cmpt=q&tz=.
Fixing the Problem
My first reaction in addressing referral spam was to add a line to .htaccess to block these spam referrals (see http://www.htaccess-guide.com/deny-visitors-by-referrer/ for a description of how to do this) but with more research, it turns out these referrals weren’t referrals to my site at all, but were insertions of fake referrals into my Google Analytics reports. As was the case with
darodar.com, the clear intent is to cause webmasters to go to an unfamiliar site when they see a reference in their Google Analytics reports. Whether the motivation is to generate traffic to their site or to cause webmasters to visit a site that will download malware is unknown.
Based upon the instructions in Removing Referral Spam from Google Analytics, I checked the hostname on the referrals, and all showed “(not set)”–a clear sign that no one ever touched my site and that these were inserted into Google Analytics to get me to click
social-buttons.com to generate traffic or download malware onto my computer.
Removing Referral Spam from Google Analytics provides a good description of the problem and some solutions. Understanding and eliminating referrer spam in Google Analytics gives another good description of referral spam and a programmatic solution that is appropriate for plug-in developers but not for administrators of WordPress, Joomla and other content management system (CMS) based sites.
An alternative is to switch to self-hosted Piwik for your web analytics; if you do this, it will be immediately clear that the vast majority of Google Analytics referral spam is of the spoofed variety rather than the crawler variety. Piwik does not have the advertising integration nor does it have the demographic information, but for many small-traffic sites it can provide much more information. See Using Piwik as an Alternative to Google Analytics on this web site for more information on why Piwik might work for you and how to implement it.
Useful Commands and Web Sites for Investigating Referrers
For investigating a referrer, here are some useful commands and web sites:
- TCPIPutils is a great site for looking up data on an domain or IP address
- For domain registrations, the command line
whois social-buttons.comis very convenient as is https://www.whois.net/
- For IP lookups,
dig social-buttons.comis convenient, as is http://ip-lookup.net/index.php
- Better Business Bureau
- To view a site in character mode so that malware doesn’t get downloaded, use
curl -L. These are commonly installed on Linux machines, but will require additional software on Windows and OS X, as discussed below.
- To look up a lot of information on an IP address in one place http://www.tcpiputils.com/browse/ip-address will give you a lot of information quickly.
Command Line Utilities
To use the
curl commands on Windows and OS X, you will need to install additional software:
- On Windows, install Cygwin and add the
- On OS X, install MacPorts and add the
Cygwin and MacPorts have many additional command line and graphical utilities that make life easier in Windows and OS X.
For more information on referral spam, see
- Social-buttons.com Referral Spam
- Best-seo-solution.com Referral Spam
- justprofit.xyz Referral Spam
- Get-free-social-traffic.com Referral Spam
- Video--production.com Referral Spam
- Rankscanner.com Referral Spam
- Success-seo.com Referral Spam
- Videos-for-your_business.com Referral Spam
- Semaltmedia.com Referral Spam
- 100dollars-seo.com Referral Spam