Semalt, Kambasoft, Ranksonic, Buttons-for-website – Referer Spammers, Referer Phishing

Home Forums BulletProof Security Pro Semalt, Kambasoft, Ranksonic, Buttons-for-website – Referer Spammers, Referer Phishing

This topic contains 14 replies, has 4 voices, and was last updated by  AbZu 3 years, 1 month ago.

Viewing 15 posts - 1 through 15 (of 15 total)
  • Author
    Posts
  • #16566

    bill
    Participant

    Hello, AITpro.

    Had a question: Under referrers in my site stats (for multiple sites), I’ve been noticing a “semalt.com crawler” link on average at lease once a day. I read a little bit about it here: http://en.forums.wordpress.com/topic/semaltcom-2. Because of BPS, I know my sites are secure, but would you consider this daily crawl to be an attempt against my respective sites?

    Just wanted to know your thoughts because the referrer is actually a link and I’ve been tempted to click on it once or twice to see what it was.

    Thanks.

    #16568

    AITpro Admin
    Keymaster

    semalt.com is a known domain used in a Referer stats phishing scam.  The goal is to get you click on the referer link in your stats for probably 2 reasons.  Increased traffic to semalt.com and the possibility that you will buy their SEO services.

    http://wordpress.org/support/topic/advise-1/page/2#post-5129764

    If you have a stat counter plugin that is still logging the semalt.com domain in your stats you can wrap your stats counter code in this conditional wrap so that the semalt.com Referer will no longer be logged in your stats.

    <?php if ( !preg_match('/semalt\.com/', $_SERVER['HTTP_REFERER']) ) { ?>
    // your statcounter code goes here
    <?php } ?>
    #16572

    bill
    Participant

    Thank you for the history on these guys. I’m actually using Jetpack/Wordpress.Com for stats. Could the same code (you’ve graciously provided) be used?

    #16573

    AITpro Admin
    Keymaster

    Jetpack is aware of this issue, but does not have a working solution yet:  http://wordpress.org/support/topic/block-semaltcom-from-jetpack-stats#post-5835489  This is a nuisance issue and not a security issue and it is not really that important.

    #16574

    bill
    Participant

    Ok, thank you.

    #16823

    AITpro Admin
    Keymaster

    UPDATE 3-5-2015: Added a couple more Referer Spammer domains to the code below: ranksonic.info and buttons-for-website.com.  Also see Additional Notes below.  Added to the Bonus Custom Code tag/list:  https://forum.ait-pro.com/forums/topic/block-referer-spammers-semalt-kambasoft-ranksonic-buttons-for-website/

    1.  Copy the code below to this BPS Root Custom Code text box:  CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here 
    2.  Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    I did some testing with this code below to block/forbid semalt.com and a sister site kambasoft and I no longer see any semalt.com Referer stats being logged/tracked in Google Analytics.

    # Block/Forbid Referer Spam
    RewriteCond %{HTTP_REFERER} ^.*(ranksonic\.|semalt\.|kambasoft\.|buttons-for-website\.).*$ [NC]
    RewriteRule ^(.*)$ - [F]

    semalt google analytics

    Additional Notes: Originally when semalt was the only Referer spammer using this form/method of Referer spamming/phishing it was not such a big deal, but now there are other sites using this same form/method of Referer spamming/phishing so now you have a combined total vs just semalt doing this and of course expect more Referer spamming/phishing sites to spring up and start doing this. On a client site that gets a relatively low amount of traffic I noticed a spike in traffic on one particular day. It was the ranksonic.info Referer spamming site that made 1,473 visits in one day. The client thought this was great until I explained what it really meant and also showed the negative impact to the Google Analytics Bounce Rate and other GA Metrics. You can of course filter out data in Google Analytics to get actual valid GA data/reports, but it is at bare minimum a nuisance.
    ranksonic info Referer Spamming

    #16827

    bill
    Participant

    Thanks, AITpro. Very interesting…

    Quick question: which section of the custom code would I insert the code you’ve provided?

    #16829

    AITpro Admin
    Keymaster

    The code would go in this BPS Root Custom Code text box:  CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here 
    Click the Save Root Custom Code button.
    Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    #16837

    bill
    Participant

    Awesome. My sincerest thanks.

    #20229

    Tom
    Participant

    [Topic has been merged into this relevant Topic]

    In Google Analytics I can see a lot of sessions lasting 00:00:00 and coming from these sites (which have nothing to do with the topic of my web site):

    make-money-online.7makemoneyonline.com
    search.tb.ask.com
    semalt.semalt.com
    buttons-for-website.com

    I added the offenders to my root htaccess file:

    # DENY SPAMMER REFERERS
    SetEnvIfNoCase Via evil-spam-proxy spammer=yes
    SetEnvIfNoCase Via pinappleproxy spammer=yes
    SetEnvIfNoCase Referer adult spammer=yes
    SetEnvIfNoCase Referer baixar-musicas-gratis.net spammer=yes
    SetEnvIfNoCase Referer blackjack spammer=yes
    SetEnvIfNoCase Referer buttons-for-website.com spammer=yes
    SetEnvIfNoCase Referer cialis spammer=yes
    SetEnvIfNoCase Referer descargar-musica-gratis.net spammer=yes
    SetEnvIfNoCase Referer doobu.com spammer=yes
    SetEnvIfNoCase Referer poker spammer=yes
    SetEnvIfNoCase Referer casino spammer=yes
    SetEnvIfNoCase Referer cazino spammer=yes
    SetEnvIfNoCase Referer diet-pills spammer=yes
    SetEnvIfNoCase Referer evil-spam-domain.com spammer=yes
    SetEnvIfNoCase Referer evil-spam-keyword spammer=yes
    SetEnvIfNoCase Referer gambling spammer=yes
    SetEnvIfNoCase Referer kasino spammer=yes
    SetEnvIfNoCase Referer make-money-online.7makemoneyonline.com spammer=yes
    SetEnvIfNoCase Referer medici spammer=yes
    SetEnvIfNoCase Referer medica spammer=yes
    SetEnvIfNoCase Referer insur spammer=yes
    SetEnvIfNoCase Referer kambasoft.com spammer=yes
    SetEnvIfNoCase Referer levitra spammer=yes
    SetEnvIfNoCase Referer poker spammer=yes
    SetEnvIfNoCase Referer roulet spammer=yes
    SetEnvIfNoCase Referer savetubevideo.com spammer=yes
    SetEnvIfNoCase Referer search.tb.ask.comm spammer=yes
    SetEnvIfNoCase Referer semalt.com spammer=yes
    SetEnvIfNoCase Referer semalt.semalt.com spammer=yes
    SetEnvIfNoCase Referer slot-machine spammer=yes
    SetEnvIfNoCase Referer srecorder.com spammer=yes
    SetEnvIfNoCase Referer texas-hold-em spammer=yes
    SetEnvIfNoCase Referer texasholdem spammer=yes
    SetEnvIfNoCase Referer viagra spammer=yes
    SetEnvIfNoCase Referer virtuel spammer=yes
    SetEnvIfNoCase Referer pharma spammer=yes
    Order allow,deny
    allow from all
    deny from env=spammer
    

    Is this traffic doing any harm to my web site? Is it a virus redirecting to my site?

    My web site significantly dropped in Google search results and I am wondering if these semalt and makemoney sessions have anything to do with this.

    #20233

    AITpro Admin
    Keymaster

    @ Tom – This is known as Referer Phishing or Referer Spamming.  I believe the only impact these Referer phishing/spamming sites can cause is to affect your Alexa rankings or skew your Google Analytics info.  They cannot harm or affect your Google ranking.

    #20235

    Tom
    Participant

    Thank you AITpro! I think my htaccess generated with BPS Pro blocks Semalt.com et al. (they did not appear in my recent stats). Now that I understand referrer phishing I am not worried any more.

    #21228

    AbZu
    Participant

    Just installed BPS and would like confirmation that spammers can be added at the end of the root htaccess file. In my fresh install the last line is :

    # Use BPS Custom Code to add custom code and save it permanently here.
    would like to add a SetEnvIfNoCase Referer list after inserting the following after the above mentioned line:

    # DENY SPAMMER REFERERS

    TIA

    #21230

    AITpro Admin
    Keymaster

    Yes. That is correct.

    The code would go in this BPS Root Custom Code text box:  CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here 
    Click the Save Root Custom Code button.
    Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    #21231

    AbZu
    Participant

    Great. Thank you very much. Excellent and much needed plugin. Was trying to block buttons-for-website.com and consider this plugin to have been the easiest solution. Kudos.

Viewing 15 posts - 1 through 15 (of 15 total)

You must be logged in to reply to this topic.