Google Analytics referral spam is a growing problem, and since Littledata has launched a feature to set up spam filters for you with one click, we’d like to correct a few myths circulating.
1. Google has got spam all under control
Our research shows the problem exploded in May – and is likely to get worse as the tactics get copied.
From January to April this year, there were only a handful of spammers, generally sending one or two hits to each web property, just to get on their reports.
In May, this stepped up over one thousand-fold, and over a sample of 700 websites, we counted 430,000 spam referrals – an average of 620 sessions per web property, and enough to skew even a higher traffic website.
The number of spammers using this tactic has also multiplied, with sites such as ‘4webmasters.org’ and ‘best-seo-offer.com’ especially prolific.
Unfortunately, due to the inherently open nature of Google Analytics, where anyone can start sending tracking events without authentication, this is really hard for Google to fix.
2. Blocking the spam domains from your server will remove them from your reports
A few articles have suggested changing your server settings to exclude certain referral sources or IP addresses will help clear us the problem.
But this misunderstands how many of these ‘ghost referrals’ work: they are not actual hits on your website, but rather tracking events sent directly to Google’s servers via the Measurement Protocol.
In this case, blocking the referrer from your own servers won’t do a thing – since the spammers can just go directly to Google Analytics. It's also dangerous to amend the htaccess file (or equivalent on other servers), as it could prevent a whole lot of genuine visitors seeing your site.
3. Adding a filter will remove all historic spam
Filters in Google Analytics are applied at the point that the data is first received, so they only apply to hits received AFTER the filter is added.
They are the right solution to preventing future spam, but won’t clean up your historic reports. To do that you also need to set up a custom segment, with the same source exclusions are the filter.
You can set up an exclusion segment by clicking 'Add Segment' and then red 'New Segment' button on the reporting pages and setting up a list of filters similar to this screenshot.
4. Adding the spammers to the referral exclusion list will remove them from reports
This is especially dangerous, as it will hide the problem, without actually removing the spam from your reports.
The referral exclusion list was set up to prevent visitors who went to a different domain as part of a normal journey on your website being counted as a new session when they returned. e.g. If the visitor is directed to PayPal to pay, and then returns to your site for confirmation, then adding 'paypal.com' to the referral exclusion list would be correct.
However, if you add a spam domain to that list then the visit will disappear from your referral reports... but still, be included under Direct traffic.
5. Selecting the exclude known bots and spiders in the view setting will fix it
Google released a feature in 2014 to exclude known bots and spiders from reports. Unfortunately, this is mainly based on an IP address - and the spammers, in this case, are not using consistent IP addresses, because they don't want to be excluded.
So we do recommend opting into the bot exclusion, but you shouldn't rely on it to fix your issue
Need more help? Comment below or get in touch!