Semalt Reveals A Guide To Removing Fake Traffic From Your Site

Referral spam is the product of spambots sending fake traffic to Google Analytics directly, thus appearing in the traffic reports generated. Take action to delete referral spam if you find them in GA reports to achieve accurate statistics for the site.

Artem Abgarian, the Senior Customer Success Manager of Semalt Digital Services, shares here some practical issues in this regard.

What is a Bot?

Bots are programs developed to execute tasks repetitively quickly and with precision. Bots were initially purposed for indexing pages on the internet by search engines. People with malicious intent adopted the use of bots over the years to help them create fraud by clicks, transfer the contents of a site, distribute malware, accumulating email addresses, and overstating site traffic.

Safe and Malicious Bots

An example of a good bot is the Googlebot which crawls and indexes pages for users. Search bots do not run JavaScript (most of them). Nevertheless, those that do use it find themselves appearing on the GA reports which might hurt metric representation. If they do not run JavaScript, then there is no impact on the reports, but appear on the server logs despite. They may, however, affect the loading speed since they use up the server resources. Safe bots adhere to the directives contained in the robots.txt. Malicious bots, on the other hand, implement various strategies to override these guidelines.

Spam Bots

Their primary objective is to visit as many websites as possible, and sending out spam with face referrer headers to avoid detection. The fake referrer header embeds a redirect link to the site they want to promote. HTTP requests from such a bot appear in the server logs and indexed by Google. It acts as a backlink to the site when it appears in the server log. Google has made changes to their algorithms not to index data from server logs, thus thwarting efforts by spambot developers. JavaScript-run spam bots can make their way past GA filters, which is why they reflect in the reports.


Botnets comprise several infected computers to form a network controlled by the spammer. It uses different IPs to attack a single website. The larger the botnet, the higher the success rate of infiltration. Traffic from a botnet appears as direct traffic since it comes from another computer, making it harder to detect. Blocking one, would not have much impact as another takes its place.

Highly Malicious Spam Bots

Their primary purpose is to recruit a computer to be part of a botnet by infecting it with malware. The computer is then used to distribute the same malware to other computers. Blocking a botnet can inhibit incoming traffic from actual visitors. Suspicious redirects from the referral traffic report mostly lead to these malware-infecting websites. Avoid clicking such links unless there is an effective anti-malware software installed or a separate computer.

Smart Spam Bots

These websites send traffic to Google Analytics by using its tracking code together with the site ID. They also include some fake referrers in the traffic report, which may go unsuspected. Their activities never appear in the server logs, and there is no way of blocking them since they send data straight to the analytics tool. People that do not use Google Tag Managers have the GA tracking code on their site, which acts as a web-property identifier. Google Tag Manager is an efficient tool to delete referrer spam in this case. Spambots mostly attack sites riddled with vulnerabilities in the source code or those with limited security measures.

Detecting Spam Sources

Navigate to the Google traffic reports and use the bounce rates as the sorting element, in descending order. Those with 100% or 0% bounce rates should be suspect to spamming. Alternatively, there is an exhaustive list of already established spammers you can compare with, without having to do any manual analysis. The next step is to block them.

Make sure to create a notation on the report's graph explaining where there was a burst of traffic at that time.

1. Use the rewrite engine for the .htaccess file and use the Spambot Capabilities to delete referral spam by making changes to it. If sure about the IP address the spambot uses, include it in the code and deny it access. The capability can be used to block ranges of IP address. Only do this if you are sure that the spambot uses several IP addresses to perform a single action. Also, prevent users known to use spambots.

2. Bot Filtering Feature: check the box that prompts to exclude known bots and spiders.

3. Monitor Server Logs: scare the bots away by visiting the site regularly. Use a firewall to protect the computer from the virtual space by filtering web sources from spambots.

4. The system's administrator should be in a position to offer professional assistance.

5. The ItSAlive code helps keep the metrics from Google and Yandex from interference by spambots.

6. Google Chrome is capable of detecting malware and suitable for browsing if there is no firewall in place.

7. User alerts are personalized notifications from Google which notify when there is an unexpected traffic surge.

8. Google Analytics Filters. Create new filters in the view section of the Admin tab in GA.