Block Referer Spammers – Semalt, Kambasoft, Ranksonic, Buttons-for-website

Home Forums BulletProof Security Pro Block Referer Spammers – Semalt, Kambasoft, Ranksonic, Buttons-for-website

This topic contains 33 replies, has 8 voices, and was last updated by  alexb 2 years, 3 months ago.

Viewing 15 posts - 1 through 15 (of 34 total)
  • Author
    Posts
  • #21376

    AITpro Admin
    Keymaster

    What is Referer Spamming/Referer Phishing?
    A bot or crawler sends a Request to your site as a Referer and it is logged in Google Analytics and other Stats applications (if you are using another 3rd party Stats application). The Request contains a Referer link back to the site that made the Request to your website.

    So what is the purpose/goal of doing this? To get you to click on the Referer link and visit the site. Semalt.com was the first site to start doing this and now there are other sites doing this: Ranksonic.info and buttons-for-website.com. On the surface this seems completely harmless and just a nuisance that skews your Metrics/Stats. That was true when only Semalt.com was doing this, but now more sites are doing this Referer Spamming/Referer Phishing method. The end result if you count the total number of all sites making Referer Spamming Requests to your website would be the total number of all of those Referer Spamming Requests. Example: if semalt.com makes 50 Referer Spamming Requests per month, Ranksonic.info makes 50 Referer Spamming Requests per month and buttons-for-website.com makes 50 Referer Spamming Requests per month then you have a total of 150 Referer Spamming Requests per month. Not a big deal really if you get a lot of website visitors to your site, but expect that other sites will start doing this Referer Spamming Request method and that monthly total number of Referer Spamming Requests will increase. The other possibility is that the Referer Spamming link will send you to a website that has malicious code on it that could infect your Browser or computer. Probably not likely, but nothing should be ruled out now or in the future to be safe. Clicking a Referer Spam/Referer Phishing link is basically no different than clicking a phishing link in an email that was sent to you.

    1. Copy the code below to this BPS Root Custom Code text box:  CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here 
    2. Click the Save Root Custom Code button.
    3. BPS Pro 11.9+ & BPS .53.8+: Go to the Security Modes page and click the Root Folder BulletProof Mode Activate button.
    3. Older BPS versions: Go to the Security Modes page, click the Create secure.htaccess File AutoMagic button and activate Root folder BulletProof Mode.

    # Block/Forbid Referer Spammers/Referer Phishing
    RewriteCond %{HTTP_REFERER} ^.*(ranksonic\.|semalt\.|kambasoft\.|buttons-for-website\.|buttons-for-your-website\.com|4webmasters\.org|social-buttons\.com|best-seo-offer\.com|best-seo-solution\.com).*$ [NC]
    RewriteRule ^(.*)$ - [F]

    If you have a stat counter plugin or 3rd party stats application that is still logging Referer Spammer/Referer Phishing links in your stats you can wrap your stats counter code in this conditional wrap so that these Referer Spammer sites will no longer be logged in your stats.

    <?php if ( ! preg_match_all('/ranksonic\.|semalt\.|kambasoft\.|buttons-for-website\.|buttons-for-your-website\.com|4webmasters\.org|social-buttons\.com|best-seo-offer\.com|best-seo-solution\.com/', $_SERVER['HTTP_REFERER'], $matches ) ) { ?>
    your statcounter code goes here
    <?php } ?>

    Important Note:  Some Referer Spammers (4webmasters.org) send fake tracking calls directly to your Google Analytics Tracking ID.  This is a completely random and automated thing.  So since the Referer Spammer domain is not actually visiting your website then that leaves you with filtering out Referer Spam domains/hostnames in Google Analytics Metrics.

    This site has a list of additional Referer Spammer domain names that you can add to the code above:  http://www.theedesign.com/blog/2015/blocking-spam-referral-traffic-google-analytics

    These Referer Spamming sites: semalt, kambasoft, ranksonic and buttons-for-website are by far the worst offenders.  If you are seeing large numbers of requests by any of the other Referer Spamming sites listed in the link above then add those website domain names to your Referer Spammer/Referer Phishing blocking code.

    Update 4-21-2015: After using the code above for 5 weeks our Bounce rate went from 52% to 48%.  I had no idea that these Referer Spammers were having that big of an impact on Bounce rate.  A 4% Bounce rate decrease may not seem like a lot, but on a website with much lower visitor traffic the Bounce rate decrease would be much more significant.

    #22126

    AITpro Admin
    Keymaster

    I will be adding additional nasty Referer Spamming bots|domains that make excessive spambot Bounce visits.  If you come across any Referer Spamming bots|domains that make excessive Spam Bounce visits then post them in this Forum Topic for other folks so they can add them to the code above.

    Extreme|Excessive Offenders:
    www1.social-buttons.com: Very nasty, abusive and excessive Referer Spamming bot|domain. 250-400 Bounce visits per month.
    4webmasters.org:  Very nasty, abusive and excessive Referer Spamming bot|domain. 100-200 Bounce visits per month or 100+ Bounce visits per day. Known to directly send fake tracking calls to your Google Analytics Tracking ID.

    Mild|Moderate Offenders:
    best-seo-offer.com:  Low Bounce visit Spamming bot|domain. 10-25 Bounce visits per month
    best-seo-solution.com:  Low Bounce visit Spamming bot|domain. 10-25 Bounce visits per month
    buttons-for-your-website.com:  Low Bounce visit Spamming bot|domain. 10-25 Bounce visits per month

    #22131

    Paul
    Participant

    I Use Statcounter, so where exactly do i add the

    <?php if ( ! preg_match_all('/semalt\.|kambasoft\.|ranksonic\.|buttons-for-website\./', $_SERVER['HTTP_REFERER'], $matches ) ) { ?>
    your statcounter code goes here
    <?php } ?>
    #22138

    AITpro Admin
    Keymaster

    How did you add your original StatCounter code to your website/website files?  Using a Widget – ie Text Widget?  Manually in your Theme header.php or footer.php file?

    #22139

    Paul
    Participant
    #22140

    AITpro Admin
    Keymaster

    I do not see an option in the StatCounter plugin settings to add the additional code so you will have to manually edit/add it yourself to the StatCounter plugin code:

    Open and edit this file at code line 223-243 (scroll to end|bottom of this file):  /official-statcounter-plugin-for-wordpress/StatCounter-Wordpress-Plugin.php

    Add the additional Referer Spamming|Phishing code as shown below (CAUTION: do not forget to add another brace } at the end of the code – there were 2 braces and now there are 3 braces). braces are another name for curly brackets:

    <?php if ( ! preg_match_all('/semalt\.|kambasoft\.|ranksonic\.|buttons-for-website\./', $_SERVER['HTTP_REFERER'], $matches ) ) { ?>
    
    <!-- Start of StatCounter Code -->
    <script>
    <!--
    var sc_project=<?php echo $sc_project; ?>;
    var sc_security="<?php echo $sc_security; ?>";
    <?php
    if($sc_invisible==1) {
    echo " var sc_invisible=1;\n";
    }?>
    var scJsHost = (("https:" == document.location.protocol) ?
    "https://secure." : "https://www.");
    //-->
    document.write("<sc"+"ript src='" +scJsHost +"statcounter.com/counter/counter.js'></"+"script>");
    </script>
    <noscript><div class="statcounter"><a title="web analytics" href="https://statcounter.com/"><img class="statcounter" src="https://c.statcounter.com/<?php echo $sc_project; ?>/0/<?php echo $sc_security; ?>/<?php echo $sc_invisible; ?>/" alt="web analytics" /></a></div></noscript>
    <!-- End of StatCounter Code -->
    <?php
    }
    }
    }
    ?>
    #22142

    Paul
    Participant

    Thank you. Will this affect future updates to plugin, or do i just check after any update and add code again if required?

    #22143

    AITpro Admin
    Keymaster

    You will either have to add the code again after each time you update the StatCounter plugin or you can contact the StatCounter plugin folks and ask them to add a new option to do this from the StatCounter plugin settings so that you can save it permanently in that plugin.  I think this is a new option|feature that the StatCounter plugin folks would be happy to add since it adds appeal and additional capability to the plugin that folks will want more and more as the Referer Spamming|Phishing problem gets worse and it will.  So contact them and ask them to add this as a new feature|option in their plugin.

    #22144

    Paul
    Participant

    OK Thanks, have requested this on plugin site

    #22171

    Mike
    Participant

    so with those new spam sites you mentioned above, our code would look like this:

    # Block/Forbid Referer Spammers/Referer Phishing
    RewriteCond %{HTTP_REFERER} ^.*(ranksonic\.|semalt\.|kambasoft\.|buttons-for-website\.|social-buttons\.|4webmasters\.|best-seo-offer\.|best-seo-solution\.|buttons-for-your-website\.).*$ [NC]
    RewriteRule ^(.*)$ - [F]

    Is that correct?

    #22173

    AITpro Admin
    Keymaster

    Yes, that is correct, but it is possible that some of those tld’s could go to legitimate sites (or could in the future if they are purchased by a legitimate outfit). For example: best-seo-offer.net, best-seo-offer.org would also be blocked. I have not checked if any of those tld’s point to actual domains. The example is just for example sake. So if you want to make sure that you are only blocking best-seo-offer.com then you would use the tld.

    # Block/Forbid Referer Spammers/Referer Phishing
    RewriteCond %{HTTP_REFERER} ^.*(ranksonic\.|semalt\.|kambasoft\.|buttons-for-website\.|buttons-for-your-website\.com|4webmasters\.org|social-buttons\.com|best-seo-offer\.com|best-seo-solution\.com).*$ [NC]
    RewriteRule ^(.*)$ - [F]
    #22177

    Mike
    Participant

    Okay good to know, thanks. So I bought the pro version today and so far I like what I see. My site was hacked recently so I’ve been looking for a really good security wrapper. I would like to place the plugin on all my sites. Now that I have things set up the way I want, is there an export script that I can use, then import that script into my other sites?

    #22178

    AITpro Admin
    Keymaster

    A lot of settings are going to be unique to each website and are setup by the Setup Wizard, but yeah it would be nice to be able to export and import Custom Code.  The complication with doing something like that would be that some of that Custom Code could be unique to a site you exported from so that if you imported it to another site then that Custom Code would cause problems.  So if we created an exporter then we would have to filter out everything that could be unique and only leave general code like Bonus Custom Code.  For now the simplest method is to copy all customizations that are general things that can used on any other sites to a Notepad or Notepad++ text file and save it to your computer as a “master” file of sorts.  Then do a copy and paste from that “master” file to Custom Code for things like Bonus Custom Code or other personal customizations after running the Setup Wizard.  We are looking into creating an exporter|importer, but it is a bit complex to pull off without causing problems so this will take some careful thought.

    #22182

    Mike
    Participant

    Okay makes sense. Thanks!

    #22474

    Mike Harrison
    Participant

    In this custom code text box I currently have (block ip) custom code that denies access to login.php by any ip address except mine. Can/should I still add the block refer spammers code to this same text box – and, if so, should it appear before or after the existing custom code?

    Thanks!

Viewing 15 posts - 1 through 15 (of 34 total)

You must be logged in to reply to this topic.