CombustionCreative
Forum Replies Created
-
Here’s more information on how to set up filters within Google Analytics to block this information:
https://www.ohow.co/stop-the-spam-from-guardlink-org-referral-in-ga/Something interesting in this is the idea that changing your Analytics ID to a higher number can stop a lot of this as well:
That information is in this link about creating a Valid Hostname filter: https://www.ohow.co/what-is-referrer-spam-how-stop-it-guide/#Valid_Hostname_Filter_MultipleChanging your tracking ID
This method doesn’t exactly block Referrer Spam, but it makes your Google Analytics less visible to them. Is a good option for fresh Websites.
Since this kind of Spam usually targets UA-XXXXXXX-1 ID’s, if you change your Google Analytics tracking ID for one that doesn’t end in 1 like UA-XXXXXXX-12 most of the Referrer won’t reach you.
Although there are some cases where Referrer Spam hits higher IDs, you will be still less susceptible to attacks.
I tested this solution with good results for Ghost Referral Spam. Here is a Screenshot of a test Inactive Google Analytics account with 3 trackings ID. As you can see the only one that got hit is UA-XXXXXXXX-1, the other 2 as expected, are untouched.
I would imagine Google is working on this.
Sounds like the recommended solution is to simply filter out that type of information when you go in to Google Analytics.OK, I believe I have found some relevant information on this problem. I found it on this link:
https://www.ads-software.com/support/topic/a-non-existent-page-is-showing-up-on-my-analytics/page/4?replies=126
Go to line 102
Briefly, these addresses can’t be stopped by blocking the IP address, because they’re not actually coming to your site. The aim of this type of attack is to trick Google Analytics.
Here is the explanation which I found helpful from the post cited above, courtesy of Samuel Wood (Otto) www.ads-software.com tech guy:This isn’t a WordPress specific thing. This isn’t even specific to individual WordPress plugins. Like you said, your “personal website is CodeIgniter” and you can see it there.
Here’s a quick primer on how Google Analytics works.
So, you get setup on GA and get a code from them. The code looks like UA-number-1 or some such thing. That number is your “account number” on GA. Now, this code and a bit of javascript go onto your webpage. Now, somebody visits your page, and their browser runs that javascript code.
That javascript code is what “records” their visit. It makes their browser talk to Google Analytics. Specifically, it makes certain types of HTTP requests that Google records information about, and then GA displays summaries of that information to you.
Pretty basic, right? Still with me? Okay, now, if all it is is this Javascript sending the “visit” to them, then anybody can fake that. Anybody at all. All I have to do to make your GA show false information is to send my fake information directly to GA.
I don’t need to visit your site at all. I don’t need to run javascript at all. I just need to reproduce those HTTP requests, which are public and so anybody can see them and how they work. They’re even fairly well documented, publicly, by Google themselves.
So, now, let’s say I’m a spammer jerk. I want to get people to see my spammy site. So, what do I do? I write a small bit of code to send thousands upon thousands of these fake requests to GA, and I simply cycle through all the UA numbers, in order, at random, whatever. I send a fake visit, with a fake referrer, and my spammy domain name. And guess what? It shows up in your Google Analytics screens.
You see this spam like any other normal visit. Because as far as GA is concerned, it was a normal visit. All they’re recording are those HTTP requests, which normally come from the GA javascript code. But a request is a request, and making a fake one is very, very easy.
That is what is going on. All I need is your UA number and with only a minor bit of effort I can fake a visit to your site without ever actually connecting to your site at all. That fake visit can have any domain name and any referrer in it that I choose.
This is an attack on Google Analytics, to promote whatever site is showing up. You cannot block it on your server, because your server is not involved at all.
This morning the two IPs that were getting in had no attempts, but 217.23.7.144 got to the site without a bounce.
OK,
This is from the .htaccess file:#AIOWPS_IP_BLACKLIST_START
Order allow,deny
Allow from all
Deny from 104.254.244.128
Deny from 217.23.7.144
Deny from 78.110.60.230
Deny from 82.80.221.158
#AIOWPS_IP_BLACKLIST_ENDAbsolutely,
104.254.244.128
free-social-buttons.com
This user still getting in on 5-20-1582.80.221.158
https://www.Get-Free-Traffic-Now.com
This user still getting in on 5-20-15Thanks
And just to clarify, the sites that have been successfully blocked are bouncing. The two that are not being blocked are NOT bouncing.
And none of the malicious IP addresses are getting caught in the filters set up within all-in-one.Thanks.