Recently I noticed a small web site I manage was showing an unusual amount of traffic…far more than expected. Upon checking Google Analytics under Acquisition/Channels/Referrals here’s what I found.
Over 80% of the traffic was being referred from the domain, www1.social-buttons.com!
After a few minutes researching this domain I found a relatively new issue has emerged known as ghost referral spam. They leave a trail in your analytics reports to entice you to click through to their spam-ridden websites while screwing up your analytics reporting and SEO analysis.
They are called ghost referrals because they NEVER visit your site. They are able to post fake pageviews to Google’s tracking service using a random series of tracking IDs. So when they happen across a series that includes your tracking ID, Google will record a referral visit from that source in your analytics reports.
Since they never actually visit your site they can’t be blocked at the server using traditional blocking techniques like IP excludes or .htaccess methods. So what to do?
There seems to be several main ideas floating around about how to most effectively handle this new threat.
The most common recommendation is to simply create a filter in Google Analytics to block them from showing up in reporting. Here’s a good article with detail step-by-step instructions and screen shots on how to setup these filters in Google Analytics.
Since the spammer hostnames can change frequently, thus rendering your exclude filters useless, another approach is to only INCLUDE valid hostnames by creating filters based on a hostname INCLUSION lists. Here’s an article, Definitive Guide to Removing Referral Spam, with the details of this approach.
Yet another approach, which claims a “surefire” method using a combination of tracking changes, cookies, and filters can be found here:
Why are Ghost spammers doing this in the first place? It seems no one is really sure. Speculation is they want to entice website owners to out of curiosity visit their site for some nefarious purpose. Perhaps it’s a shady SEO service promising to get thousands of people to look at a site? Or perhaps they are infecting visitors with malware?
Hopefully Google will take action against this and provide some additional security in Google Analytics but in the meantime this is something we’ll just have to deal with.