2

I'm trying to block spam referer domains with web.config. I have it (mostly) working.

Here's the code I'm using:

<rule name="abort referer spam requests" stopProcessing="true">
                <match url=".*" />
                <conditions>
                    <add input="{HTTP_REFERER}" pattern="(semalt\.com|Darodar\.com|Priceg\.com|7makemoneyonline\.com|Buttons\-for\-website\.com|Ilovevitaly\.com|Blackhatworth\.com|Econom\.co|Iskalko\.ru|Lomb\.co|Lombia\.co|hulfingtonpost\.com|cenoval\.ru|bestwebsitesawards\.com|o\-o\-6\-o\-o\.com|humanorightswatch\.org|forum20\.smailik\.org|myftpupload\.com|prodvigator\.ua|best\-seo\-solution\.com|Buttons\-for\-your\-website\.com|Buy\-cheap\-online\.info|offers\.bycontext\.com|website\-errors\-scanner\.com|webmaster\-traffic\.com|guardlink\.org|www\.event\-tracking\.com|trafficmonetize\.org|traffic\-paradise\.org|simple\-share\-buttons\.com|sharebutton\.org|s\.click\.aliexpress\.com|social\-buttons\.com|site12\.social\-buttons\.com|anticrawler\.org|adcash\.com|adviceforum\.info|cenokos\.ru|cityadspix\.com|edakgfvwql\.ru|gobongo\.info|kambasoft\.com|luxup\.ru|4webmasters\.org|get\-free\-traffic\-now\.com|Best\-seo\-offer\.com|Theguardlan\.com|www1\.social\-buttons\.com|netvibes\.com|webcrawler\.com|www\.get\-free\-traffic\-now\.com|sanjosestartups\.com|100dollars\-seo\.com|resellerclub\.com|savetubevideo\.com|screentoolkit\.com|seoexperimenty\.ru|slftsdybbg\.ru|socialseet\.ru|superiends\.org|vodkoved\.ru|websocial\.me|ykecwqlixx\.ru|76brighton\.co\.uk|paparazzistudios\.com\.au|powitania\.pl|sharebutton\.net|tasteidea\.com|descargar\-musica\-gratis\.net|torontoplumbinggroup\.com|cyprusbuyproperties\.com|ranksonic\.org|Googlsucks\.com|free\-share\-buttons\.com|securesuite\.co\.uk|securesuite\.net|www3\.free\-social\-buttons\.com|free\-social\-buttons\.com|sitevaluation\.org|howtostopreferralspam\.eu|symbaloo\.com|acads\.net|addons\.mozilla\.org\/en\-US\/firefox\/addon\/ilovevitaly\/|aliexpress\.com|anal\-acrobats\.hol\.es|brakehawk\.com|domination\.ml|event\-tracking\.com|forum69\.info|ilovevitaly\.co|ilovevitaly\.ru|iminent\.com|kabbalah\-red\-bracelets\.com|makemoneyonline\.com|masterseek\.com|o\-o\-6\-o\-o\.ru|o\-o\-8\-o\-o\.ru|ok\.ru|pornhub\-forum\.ga|pornhub\-forum\.uni\.me|prlog\.ru|ranksonic\.info|rapidgator\-porn\.ga|sexyteens\.hol\.es|smailik\.org|youporn\-forum\.ga|youporn\-forum\.uni\.me|.*monetiz.*|semaltmedia\.com)" />
                </conditions>
                <action type="AbortRequest" />
            </rule>

It is blocking all the domains except webmonetizer.net.

my question:

How is webmonetizer.net getting through? In the code above I've included

.*monetiz.*

I've tested this in fiddler too, and it's being blocked. It gets a 504 response when I test my site (www.myirelandtour.com), so I thought that would have stopped it?

User-Agent: Fiddler

Referer: webmonetizer.net

Host: www.myirelandtour.com

I'm still seeing webmonetizer.net as a referer in my google analytics, any ideas why or how to stop that? Thanks!

Phil Teare
  • 417
  • 1
  • 6
  • 14

2 Answers2

0

I use the following code in my web.config (well I imported my .htaccess file into a Windows server, and it converted it to this):

                <rule name="Imported Rule 1">
                <match url=".*" ignoreCase="false" />
                <conditions logicalGrouping="MatchAny">
                    <add input="{HTTP_REFERER}" pattern="^http://.*semalt\.com" />
                    <add input="{HTTP_REFERER}" pattern="^http://.*buttons-for-website\.com" />
                    <add input="{HTTP_REFERER}" pattern="^http://.*7makemoneyonline\.com" />
                    <add input="{HTTP_REFERER}" pattern="^http://.*webmonetizer\.net" />
                </conditions>
                <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
            </rule>

I did this in January, and the referers still don't show up in Google Analytics.

ChrisJ
  • 1
0

Most of the spammers in Google Analytics never access your site so any server solution like web.config or the htaccess file won't work

This type of spam is known as Ghost because it never reaches your site, the only way to stop it is by using filters in GA.

You may get confused and think the web.config rules block it because Ghost spam usually shows only for a few days. Sometimes it comes back sometimes it doesn't.

The other type of spam "Crawlers" can be blocked from there, but there are just a few of them compared to the Ghosts, from your list only semalt, buttons-for-website and few more.

You can find a guide to create the filters and more information on this related answers

https://stackoverflow.com/a/28354319/3197362

https://webmasters.stackexchange.com/a/80927/49561

Hope it helps,

Community
  • 1
  • 1
Carlos Escalera Alonso
  • 2,333
  • 2
  • 25
  • 37
  • thanks, that's very helpful and interesting. Just out of interest do you know how ghost spamming works? if they never load my website then how do they get to the google analytics code to fire that? I presumed they would have to load the head section to get the google analytics tracking code & fire that. thanks – Phil Teare Jul 08 '15 at 11:11
  • Ghost spam hits codes that have never been inserted in any page, so most probably they just generate random numbers in the code format UA-xxxxxx-1, there is an article in one of the related answers I post above where you can find all the explanation of this. – Carlos Escalera Alonso Jul 10 '15 at 08:12