A non existent page is showing up on my analytics.

I have applied the lump dot co filter in GA and all referrals have been gone in my GA, hopefully that will prevent their random stuff for the future to show up in my GA. Glad that I never hit on any link I do not know to see from where it is coming from, I usually search first what it can be.
So that set, when there is anything out there to prevent this spammer right up front I am more than keen to know. I have to apply this filter to quite a sum of website of friends as well!
Thanks again IT geeks ??

Cheers Anette

The following code doesn’t work, just so you know…

SetEnvIfNoCase Referer darodar.com spambot=yes
Order allow,deny
Allow from all
Deny from env=spambot

I tell you this, this is very sophisticated spam, .htcaccess doesn’t work because they don’t visit your website. Filters work for an hour or so, then it comes back. Someone is having having a lot of fun, hope that someone will find a workable solution.

I got all the info from here, check it out, https://www.cradlecloud.com/ban-block-econom-co-spam-referrals/

Dan14, you can’t block them because they don’t visit your website. Anyway, I have reported them to google and set up a filter as per wm.hewson instructions and all fake referrals are gone.

Not sure if google has taken actions or the filter works, I’m just happy that they are gone.

If you want the short version, just block this ip address: 78.110.60.230

https://w3bin.com/ip_info/78.110.60.230

They are not gone Marek, that spam just visited my site after I sued the filters! I am trying the ip block now.

I just discovered this Marek:

“It came to our attention that the spammer is exploiting Google Analytic publisher codes and a few free WP plugins that have not been updated (one is a very famous SEO plugin which has not been updated for quite sometime now, sorry we cannot name them for fear of legal backlash). As a matter of fact, we are using them on this site too. ”

I bet we are all using that SEO plugin and/or these free plugins.

I know which SEO plugin it is and lucky for me I do not use them. I don’t know what the other plugins are. There were only 2 visits from the spam today after I used the filters so I am guessing it is doing something btw.

@dan14 i at first also suspected some vulnerability in wordpress or rather some plugins.

But after watching this unfold over the past 2 weeks. I am pretty certain it has nothing to do with local vulnerabilities at all, they might not even have visited our sites ever… they might just be guessing UA-ids!

All blocking attempts on our websites have been unsuccessful. I’ve checked several WP Installs for foreign code inserts or malicious file uploads -> nada!

They are really just spamming Analytics, I am surprised google has not reacted to this at all and blocked the host from analytics all together? … which i am still very concerned about because google can be a mean bitch in some cases (read P.S.).

So yeah… why would a wordpress plugin exploit be involved in this?

P.S.: My Google Experience:
Google has blocked me from ever using adsense again because of a russian script kiddy raiding my site with fake clicks, and google doesnt care… I appealed to it documenting how all these clicks came from the same city and in bursts, that i am not involved myself but rather some kid who for whatever “internetty” reasons decided to flame me… MY account was banned… FOREVER… and i am not even allowed to appeal to it again. The only comment from Google was that their Terms allow them to suspend any accounts for invalid click behavior. Needless to say a few months of legitimate Ad revenue were also never paid out after this…

Hello Everyone,

Honestly, I don’t think this is an unique attack on Google or Google Analytics or your personal UA-ID. As these spammy Russian domains are appearing as top referrers under JetPack’s Site Stats too. Has anyone checked their Bing and other analytics? My guess is that those spammy referral domains are there too. Moreover, JetPack does not request for any UA-ID in order to activate the Site Stats. Besides, I am also seeing one particular spammy referral on one of my client’s WP site that is yet to be associated with anything Google.

Well, on certain sites, I am able to block them with .htaccess file alone, but, on certain sites I have to block them by configuring the nginx.conf file as well. I am not sure if it has something to do with the server setups.

On another note, filtering these spammy domains via Google Analytics is temporary. Somehow, sooner or later, they will still spam-visit your sites. Tried it and it does not work. Well, it does work for a few hours, but, that is all.

Another thing that I have noticed is that, this particular attack is quite unique to PHP. Is anyone getting these spammy referrers in your websites coded in programming languages other than PHP like Ruby, Perl, Phyton, etc?

P.S. : Semalt was not as naughty as these spammy Russian domains isn’t it? But, Semalt seems to be routing via other names too…like the makemoney version.

Let me know if you guys have found another way to block them.

Thanks,
Daniel@CradleCloud

Quite a story. Google cane be very nasty, I know. Well. I can tell you that since I blocked the ip address no spam so far. I am very careful with Google.

@dan14,

Good for you. Don’t forget to deny this IP address too – 217.23.11.15 as it is linked to the Semalt spam.

Have a nice day ??

And, here is another WP plugin that is vulnerable to Russian Spam attacks and somewhat similar to the current spam attacks going around.

Check out the link below :
https://wptavern.com/100000-wordpress-sites-compromised-using-the-slider-revolution-security-vulnerability