Home › Forums › BulletProof Security Pro › Semalt, Kambasoft, Ranksonic, Buttons-for-website – Referer Spammers, Referer Phishing
Tagged: Buttons-for-website, Kambasoft, Ranksonic, Referer Phishing, Referer Spammers, Semalt, semalt.com
- This topic has 14 replies, 4 voices, and was last updated 9 years, 11 months ago by AbZu2.
-
AuthorPosts
-
billParticipant
Hello, AITpro.
Had a question: Under referrers in my site stats (for multiple sites), I’ve been noticing a “semalt.com crawler” link on average at lease once a day. I read a little bit about it here: http://en.forums.wordpress.com/topic/semaltcom-2. Because of BPS, I know my sites are secure, but would you consider this daily crawl to be an attempt against my respective sites?
Just wanted to know your thoughts because the referrer is actually a link and I’ve been tempted to click on it once or twice to see what it was.
Thanks.
AITpro AdminKeymastersemalt.com is a known domain used in a Referer stats phishing scam. The goal is to get you click on the referer link in your stats for probably 2 reasons. Increased traffic to semalt.com and the possibility that you will buy their SEO services.
http://wordpress.org/support/topic/advise-1/page/2#post-5129764
If you have a stat counter plugin that is still logging the semalt.com domain in your stats you can wrap your stats counter code in this conditional wrap so that the semalt.com Referer will no longer be logged in your stats.
<?php if ( !preg_match('/semalt\.com/', $_SERVER['HTTP_REFERER']) ) { ?> // your statcounter code goes here <?php } ?>
billParticipantThank you for the history on these guys. I’m actually using Jetpack/Wordpress.Com for stats. Could the same code (you’ve graciously provided) be used?
AITpro AdminKeymasterJetpack is aware of this issue, but does not have a working solution yet: http://wordpress.org/support/topic/block-semaltcom-from-jetpack-stats#post-5835489 This is a nuisance issue and not a security issue and it is not really that important.
billParticipantOk, thank you.
AITpro AdminKeymasterUPDATE 3-5-2015: Added a couple more Referer Spammer domains to the code below: ranksonic.info and buttons-for-website.com. Also see Additional Notes below. Added to the Bonus Custom Code tag/list: https://forum.ait-pro.com/forums/topic/block-referer-spammers-semalt-kambasoft-ranksonic-buttons-for-website/
1. Copy the code below to this BPS Root Custom Code text box: CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.I did some testing with this code below to block/forbid semalt.com and a sister site kambasoft and I no longer see any semalt.com Referer stats being logged/tracked in Google Analytics.
# Block/Forbid Referer Spam RewriteCond %{HTTP_REFERER} ^.*(ranksonic\.|semalt\.|kambasoft\.|buttons-for-website\.).*$ [NC] RewriteRule ^(.*)$ - [F]
Additional Notes: Originally when semalt was the only Referer spammer using this form/method of Referer spamming/phishing it was not such a big deal, but now there are other sites using this same form/method of Referer spamming/phishing so now you have a combined total vs just semalt doing this and of course expect more Referer spamming/phishing sites to spring up and start doing this. On a client site that gets a relatively low amount of traffic I noticed a spike in traffic on one particular day. It was the ranksonic.info Referer spamming site that made 1,473 visits in one day. The client thought this was great until I explained what it really meant and also showed the negative impact to the Google Analytics Bounce Rate and other GA Metrics. You can of course filter out data in Google Analytics to get actual valid GA data/reports, but it is at bare minimum a nuisance.
billParticipantThanks, AITpro. Very interesting…
Quick question: which section of the custom code would I insert the code you’ve provided?
AITpro AdminKeymasterThe code would go in this BPS Root Custom Code text box: CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here
Click the Save Root Custom Code button.
Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.billParticipantAwesome. My sincerest thanks.
TomParticipant[Topic has been merged into this relevant Topic]
In Google Analytics I can see a lot of sessions lasting 00:00:00 and coming from these sites (which have nothing to do with the topic of my web site):
make-money-online.7makemoneyonline.com
search.tb.ask.com
semalt.semalt.com
buttons-for-website.comI added the offenders to my root htaccess file:
# DENY SPAMMER REFERERS SetEnvIfNoCase Via evil-spam-proxy spammer=yes SetEnvIfNoCase Via pinappleproxy spammer=yes SetEnvIfNoCase Referer adult spammer=yes SetEnvIfNoCase Referer baixar-musicas-gratis.net spammer=yes SetEnvIfNoCase Referer blackjack spammer=yes SetEnvIfNoCase Referer buttons-for-website.com spammer=yes SetEnvIfNoCase Referer cialis spammer=yes SetEnvIfNoCase Referer descargar-musica-gratis.net spammer=yes SetEnvIfNoCase Referer doobu.com spammer=yes SetEnvIfNoCase Referer poker spammer=yes SetEnvIfNoCase Referer casino spammer=yes SetEnvIfNoCase Referer cazino spammer=yes SetEnvIfNoCase Referer diet-pills spammer=yes SetEnvIfNoCase Referer evil-spam-domain.com spammer=yes SetEnvIfNoCase Referer evil-spam-keyword spammer=yes SetEnvIfNoCase Referer gambling spammer=yes SetEnvIfNoCase Referer kasino spammer=yes SetEnvIfNoCase Referer make-money-online.7makemoneyonline.com spammer=yes SetEnvIfNoCase Referer medici spammer=yes SetEnvIfNoCase Referer medica spammer=yes SetEnvIfNoCase Referer insur spammer=yes SetEnvIfNoCase Referer kambasoft.com spammer=yes SetEnvIfNoCase Referer levitra spammer=yes SetEnvIfNoCase Referer poker spammer=yes SetEnvIfNoCase Referer roulet spammer=yes SetEnvIfNoCase Referer savetubevideo.com spammer=yes SetEnvIfNoCase Referer search.tb.ask.comm spammer=yes SetEnvIfNoCase Referer semalt.com spammer=yes SetEnvIfNoCase Referer semalt.semalt.com spammer=yes SetEnvIfNoCase Referer slot-machine spammer=yes SetEnvIfNoCase Referer srecorder.com spammer=yes SetEnvIfNoCase Referer texas-hold-em spammer=yes SetEnvIfNoCase Referer texasholdem spammer=yes SetEnvIfNoCase Referer viagra spammer=yes SetEnvIfNoCase Referer virtuel spammer=yes SetEnvIfNoCase Referer pharma spammer=yes Order allow,deny allow from all deny from env=spammer
Is this traffic doing any harm to my web site? Is it a virus redirecting to my site?
My web site significantly dropped in Google search results and I am wondering if these semalt and makemoney sessions have anything to do with this.
AITpro AdminKeymaster@ Tom – This is known as Referer Phishing or Referer Spamming. I believe the only impact these Referer phishing/spamming sites can cause is to affect your Alexa rankings or skew your Google Analytics info. They cannot harm or affect your Google ranking.
TomParticipantThank you AITpro! I think my htaccess generated with BPS Pro blocks Semalt.com et al. (they did not appear in my recent stats). Now that I understand referrer phishing I am not worried any more.
AbZu2ParticipantJust installed BPS and would like confirmation that spammers can be added at the end of the root htaccess file. In my fresh install the last line is :
# Use BPS Custom Code to add custom code and save it permanently here.
would like to add a SetEnvIfNoCase Referer list after inserting the following after the above mentioned line:# DENY SPAMMER REFERERS
TIA
AITpro AdminKeymasterYes. That is correct.
The code would go in this BPS Root Custom Code text box: CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here
Click the Save Root Custom Code button.
Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.AbZu2ParticipantGreat. Thank you very much. Excellent and much needed plugin. Was trying to block buttons-for-website.com and consider this plugin to have been the easiest solution. Kudos.
-
AuthorPosts
- You must be logged in to reply to this topic.