Marketing Entrepreneur. Day Trader. Business Contrarian.

Remove Google Analytics Referral Spam Using .htaccess

Posted on Feb 4, 2016 in Analytics, Marketing Estimated reading time: 5 minutes

wall-e-powering-up

This is a continuation from part 1 of the Google Analytics referral spam removal walkthrough. If you haven’t read the foundational tactics for cleaning up referral spam, I encourage you to start there first as those tactics should be sufficient for most applications. For those of us that are OCD, you may be willing to spend a bit more time working through the tactic we’ll discuss here.

As I alluded to in part 1, this will be more technical in nature so you may need to do some additional research outside of what I’ll cover. To recap, there are two types of referral spam. Ghost spam and crawler spam. Each type of spam needs to be handled differently, both for ongoing and retroactive cleanup. Ghost spam is generated by servers that never actually visit your site, but crawler spam does. Since crawler spam actually accesses your site, we can go to greater lengths at stopping this traffic outside the solutions we previously walked through within the Google Analytics platform itself.

 

.htaccess Method for Removing Google Analytics Referral Spam

.htaccess is a site access configuration file. Since crawler spam actually “accesses” your site, what better solution than to update the file that governs that access to your site? This file can be found in the root domain of your site’s web server, and will look like the example below once found.

Screenshot 2016-02-03 19.33.26

 

Step 1: Once you’ve found this file, save it to a local directory, then create a copy of it so you have a backup. Always store a backup so you have a quick rollback option in the event you make a mistake. After creating a local copy, I can see how mine looks. Note that yours will most likely look different. That’s okay.

AddHandler php5-script .php
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

 

Step 2:  Next, we’re going to add the following lines to whatever our original version looked like. Add these lines to the very bottom of your file. It’s important that line numbers 2 and 14 are included. However, each of the lines beginning with “RewriteCond” are optional because you may not actually be getting spam from the same sources that I am. Herein lies the rough – this solution isn’t fully automated and will take some manual work every so often to make sure your .htaccess is up to date with the latest sources you’re seeing spam from.

#Begin Referral Spam Exclusions
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://.*social-buttons\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*makemoneyonline.\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*traffic2money\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*success-seo\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*iloveitaly\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*priceg\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*savetubevideo\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*kambasoft\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*buttons\-for\-website\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*semalt\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*darodar\.com/ [NC]
RewriteRule ^(.*)$ – [F,L]
#End Referral Spam Exclusions

 

Step 3: Once finished, you’ll end up with a file that resembles the example below. If satisfied, re-upload the revised version and overwrite the original file on your web server. If everything went smoothly, your site will load just as it normally did and nothing will seem abnormal. If for some reason your site fails to load, don’t panic. Simply re-upload your original backup copy and order should be restored!

AddHandler php5-script .php
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

#Begin Referral Spam Exclusions
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://.*social-buttons\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*makemoneyonline.\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*traffic2money\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*success-seo\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*iloveitaly\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*priceg\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*savetubevideo\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*kambasoft\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*buttons\-for\-website\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*semalt\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*darodar\.com/ [NC]
RewriteRule ^(.*)$ – [F,L]
#End Referral Spam Exclusions

 

Going above and beyond with .htaccess

My personal opinion is that you should never modify the .htaccess file beyond what is absolutely necessary to meet your needs, but if you want to have some additional fun with handling referral spam using this method, we can go one step further by blocking spambots using an single IP address or range of IP’s. I’ll caution anyone who wants to use this method to be extra careful because it’s easy to potentially block valid, good IP addresses. If you do, people trying to access your site from those IP’s simply won’t be able to. To block via IP address, line 1 shows an example using a single IP, while line 2 shows an example using an IP range.

Deny from 134.23.11.15
Deny from 134.23.11.15/75

 

.htaccess Special Considerations

If you use WordPress as your CMS, they make .htaccess modification easier through the use of one of a number of available plugins. If you opt to use a plugin for the ability to process .htaccess edits, you’ll no longer need to log into your web server directly. Just know that backup capabilities with these plugins are limited so at the very least, you’ll want to copy/paste the original contents into a blank text file on your local machine before making any updates. Should you choose to go this route, look into WP htaccess Control or WP htaccess Editor. Last, some WordPress users may find they don’t actually have a .htaccess file. If this is the case, simply navigate to Settings -> Permalinks and simply click “Save Changes.” This will force WordPress to create one in the root directory of your site.

 

Wrapping Up

In most cases, the foundational recommendations made previously will be sufficient for 99% of cases. As a personal recommendation, I’d only pursue this path if you’ve already instated the filter solutions and you’re still seeing spam traffic come through. If you have any strategies not yet covered please share them for everyone in the comments below!