referral spam examples

Referral Spam Examples

I bet that if you’ve gone into Google Analytics either on your own website or a client’s, you’ve seen that you get a significant amount of referral traffic from strange sites like,, and others. To get there, go your GA account, and go to Acquisition -> All Traffic -> Referrals. There you’ll see all the clicks that you get from other sites.

Some of this is legitimate click traffic, social media sites like LinkedIn, Facebook, and so on. Probably others like Chambers of Commerce or other orgranizations where you might get clicks. That’s all good.

But why are you getting clicks from These are spam phantom “clicks”, and they’re completely
bogus. It’s annoying to see a bunch of traffic from these sites. The reason for their existence is that they want you to go look at THEIR website and do whatever they want you to do. (Don’t do it by the way – don’t give them the satisfaction!) Unfortunately, more of these spam sites are starting to pop up and multiply, so it can add to a significant chunk of your traffic.

Assuming you want to remove this phantom traffic from your Google Analytics, there are a couple ways to do it.

Using the HTACCESS File To Send Spam Referral Traffic Into A Black Hole

If you’re running WordPress, Joomla, or Drupal, which are all PHP websites that run on Linux (typically), you can edit a special file that lives in the top-level directory of your website. This file is special instructions to the web server before it serves up any page to anyone.

Connect to your website with your ftp tool and look for a file called .htaccess in the main (parent) directory of the website. Download a copy of the file to your computer and rename it to .htaccess-works (so you have a backup copy). Download the one from the website again, and edit the second one. If you goof up the .htaccess file, you can crash your website, so ALWAYS keep a backup copy of one that you know works.

Now open the .htaccess file with a text editor like Notepad (PC’s only) or Dreamweaver (don’t use MS Word – it isn’t a text editor and it’ll mess up your file).

Copy and paste the following lines into the file at the end:

RewriteCond %{HTTP_REFERER} [NC,OR]
RewriteCond %{HTTP_REFERER} [NC,OR]
RewriteCond %{HTTP_REFERER} [NC]
RewriteRule .* – [F]

For each site you want to add, just insert a new one of these and change the web address to whatever you want:

RewriteCond %{HTTP_REFERER} [NC,OR]

but put it above the last [NC] line.

Save the file, and upload it to your website. Make sure you test your website, and if you get an Error 500, don’t panic. Just upload the WORKING copy of the .htaccess file (the original) and rename it back. That’s why you keep a backup.

Assuming it works, these magic lines in your .htaccess file are basically catching a request to load your web site from the “REFERRER” domain, and if it catches one, then it sends them to a black hole. *snicker*

Exclude The Domains from Google Analytics

If you’re not feeling too confident about that, or you’re not running a website on WordPress, you can just tell Google Analytics to exclude the traffic completely from your reports. You must be running the Universal Google Analytics code for this to work. To find out if you are, open your home page and view the html source code (in Chrome and Firefox press [Ctrl][U], in IE right-click on the web page and choose “View Source”).

Press [Ctrl][F] to bring up a search box, and search for Google. Look for code that looks like this:

<!– Google Analytics Code –>
<script type=”text/javascript”>
var gaJsHost = ((“https:” == document.location.protocol) ? “https://ssl.” : “http://www.”);
document.write(unescape(“%3Cscript src='” + gaJsHost + “‘ type=’text/javascript’%3E%3C/script%3E”));
<script type=”text/javascript”>
try {
var pageTracker = _gat._getTracker(“UA-xxxxxx-xx”);
} catch(err) {}</script>

If you see the line, that’s the OLD code, and you’ll have to get your web person to upgrade you to the new Universal GA code. Some WordPress Analytics plug-ins have a checkbox that turns on the Universal code, so you can look for that. The Universal code looks like this:

<script type=”text/javascript”>

(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),

ga(‘create’, ‘UA-xxxxxx-xx’, ‘auto’);
ga(‘send’, ‘pageview’);


Referral Exclusion List in Google Analytics

Referral Exclusion List in Google Analytics

If you have that (look for the /analytics.js line), then eliminating the spam referral clicks is easy.

Go into your Google Analytics, and click the “Admin” tab. In the middle column under “Property”, click the “.js Tracking Info” button, then “Referral Exclusion List”. For each site you want to remove, just add them in there.

Boom! Done!

Update August 17, 2015

OK, I’ve heard from a couple people now that some of this information is incorrect. I appreciate the feedback on that.

It turns out that the Google Analytics Referral Exclusion List is NOT a good way to go. It’s actually intended for different traffic – specifically for people who have a shopping cart (say in 1shoppingcart or PayPal), and clicks back from those sites (like after a purchase has been completed) counts as a referral click. The Referral Exclusion List makes those come back as just a direct click, but does NOT remove it from the Analytics data. So your data will still be messed up.

Read Why You Should Not Use the Referral Exclusion List for Spam.

Secondly, it seems that a lot of the spam traffic is actually phantom traffic. They don’t actually visit your website! They’re firing off the Google Analytics JavaScript code with random GA accounts remotely, which is causing it to be recorded in your GA account. So the .htaccess method works up to a point, but doesn’t stop the phantom visits.

It seems that the only effective way to remove the spam visits is to add filters to your Google Analytics account to filter out all the spam domains. It’s a little tricky to do this, because you can erase all your data if you screw it up. You want to tread lightly. Here’s a detailed, step-by-step article that takes you through the process of getting this set up: Definitive Guide to Removing Referral Spam. Not for the faint of heart. It would be nice if Google had a simpler solution in the GA tool itself.

Also see the comment below from Werner Bastianen who has a tool that may help simplify setting up the filters as well. We haven’t tested it, so please contact him directly if you have questions.