A non existent page is showing up on my analytics.

I can confirm that blocking them in .htcaccess file doesn’t work.

Thanks Alin for the tips, I’ll go ahead and apply the filter.

Hey Alin, quick question , after I enter hostname do I select ‘all website data’ from ‘Available Views’ box and add it to ‘Selected views’ box or leave it empty ?

Have the same crap, they come as well from Moscow and Samara. By now I have quite a number. THis co . lump as well and website buttons too.
The filter you are referring too I have for my own ip that I do not see myself in analytics, but this does not block as far I see my website in all.

It’s not just on WP, my personal website is CodeIgniter and this is getting 20+ hits a day. I have tried everything possible via htaccess and nothing seems to work. I am very keen to resolve this once and for all and can’t believe for one second that it is in fact unbeatable. For those who think it’s harmless, you are very mistaken. There is no such thing as harmless or purposeless spam. Although nothing sinister has happened yet, it does not mean that nothing will. Furthermore if some @&￡! Is making money out of this (main motive for doing stuff like this), as a community must find a solution to put an end to it and fast.

I did find this which will(should) stop them based on if you’re happy not to get any traffic from Russia, you need NGINX, amend the codes as per your linux distro. https://www.howtoforge.com/nginx-how-to-block-visitors-by-country-with-the-geoip-module-debian-ubuntu

Danwhite1234: Nothing you do on your server will stop them, because they’re not actually visiting your server.

This is not an attack on you. This is an attack on Google Analytics. The entries in the data are fake. They never visited your site. You cannot block them like this.

Samuel Wood, when this is an attack on Google A, than why is not my integrated website effected, which is from a company and I have integrated that into my WP. So far only WP is affected and the one mentioned above! Is thee. Is there no other way to prevent such stuff, only to use the filter in GA?

You sure about that Samuel? It seems odd that I would have someone/thing/whatever “Samara” based able to be seen on the real-time view at various times, and occasionally staying there for more than 5 mins.

Looks like some of us really need some fundamental lessons about analytics, so here we go:

https://analyticsacademy.withgoogle.com/course02/assets/html/GoogleAnalyticsAcademy-PlatformPrinciples-Lesson3.1-TextLesson.html

https://analyticsacademy.withgoogle.com/course02/assets/html/GoogleAnalyticsAcademy-PlatformPrinciples-Lesson3.4-TextLesson.html

@danwhite1234 and @amossbacher before jumping into conclusions, have a little read.

Now, that we know what we are talking about, the Real-Time feature is hooked at the collection stage, so no filters are applied at that point. The filters are applied during the processing step.

And one more thing, the timeout is 30 minutes for sessions and 5 for Real-Time.

You sure about that

Pretty sure, yes.

This isn’t a WordPress specific thing. This isn’t even specific to individual WordPress plugins. Like you said, your “personal website is CodeIgniter” and you can see it there.

Here’s a quick primer on how Google Analytics works.

So, you get setup on GA and get a code from them. The code looks like UA-number-1 or some such thing. That number is your “account number” on GA. Now, this code and a bit of javascript go onto your webpage. Now, somebody visits your page, and their browser runs that javascript code.

That javascript code is what “records” their visit. It makes their browser talk to Google Analytics. Specifically, it makes certain types of HTTP requests that Google records information about, and then GA displays summaries of that information to you.

Pretty basic, right? Still with me? Okay, now, if all it is is this Javascript sending the “visit” to them, then anybody can fake that. Anybody at all. All I have to do to make your GA show false information is to send my fake information directly to GA.

I don’t need to visit your site at all. I don’t need to run javascript at all. I just need to reproduce those HTTP requests, which are public and so anybody can see them and how they work. They’re even fairly well documented, publicly, by Google themselves.

So, now, let’s say I’m a spammer jerk. I want to get people to see my spammy site. So, what do I do? I write a small bit of code to send thousands upon thousands of these fake requests to GA, and I simply cycle through all the UA numbers, in order, at random, whatever. I send a fake visit, with a fake referrer, and my spammy domain name. And guess what? It shows up in your Google Analytics screens.

You see this spam like any other normal visit. Because as far as GA is concerned, it was a normal visit. All they’re recording are those HTTP requests, which normally come from the GA javascript code. But a request is a request, and making a fake one is very, very easy.

That is what is going on. All I need is your UA number and with only a minor bit of effort I can fake a visit to your site without ever actually connecting to your site at all. That fake visit can have any domain name and any referrer in it that I choose.

This is an attack on Google Analytics, to promote whatever site is showing up. You cannot block it on your server, because your server is not involved at all.

Fair enough. So every time it gets hijacked, we need to create a new UA id to get around it then?

Until next time…

@danwhite1234

No, I do not believe Otto is saying you need to get a new UA id because the new Id will simply get spammed in turn as the nefarious Russos run their computer program that probably cycles through the 100000000 possible combinations of UA-abcdefgh-1 every single hour (on the hour according to my GA stats).

Your new UA id will get hit just like your old one.

Here is what a GA expert recommends:

Go into Admin for your Analytics property view, create a Filter – Custom – Exclude – field name Hostname, and use ‘lumb.co’ without the quotes.

That gets them and the others that appeared today (they seem to be rotating sources).

Doing the above will keep them out of your stats…for now, these referral spammers evolve as us site hosts are kept on our toes defending against their attacks ever changing tactics (first s’malt, then buttons, now co.lumb = coevolution). Whatever you do, just try to resist the temptation to follow their URLs because they *win* when you do that.

I’ve the same problem!

@alim Marcu thanks so much and everybody else in this forum for all your help. I set now the filters like I did for this stupid semalt for all 4 different spammers I have “collected” in the past 7 days so far. The lumb dot co also shows up in Pages Shared as lomb dot co. Not to forget the fancy button site as well. Thank you very much. Will apply the filters and see with what else they come up. And this forum dot topic UA, yes is my very own ID form GA. The funny thing so is that my integrated website from a company is not infected at all so far.
Cheers Anette