Google Analytics is a free Web analytics service that displays the changes in data on a particular website over time. The features of the service include custom reports, email-based sharing/communication, integration with other Google products, and more. Google Analytics is available to anyone with Google account; however, it’s not very useful for ordinary netizens. The service is geared toward the owners, admin or webmasters or small and medium-sized websites who seek to keep track on the traffic sources, the occurrence of unique visitors, the length of sessions, and similar activities/changes of their site. However, recently a doubtful activity has been spotted happening on Google Analytics, which induce the users to question the reliability of the statistics. Over the past few months, the owners of small websites (mainly) have noticed an unusual increase in their traffic numbers. While, initially, that’s a good news for all of them, there is nothing to be glad about if the traffic is fake. Lots of Google Analytics users have noticed a huge visitors’ traffic coming from a website called social-buttons.com. In addition, doubtful referral sources, substantial changes in the metrics, unusual values in various dimensions (e.g. language and hostname), and similar bizarre things have been noticed. It has been revealed that behind all of this lies a Russian spammer Vitaly Popov with his innovative spamming technique referred to as Ghost Spam (aka. referral spam, language spam, ghost traffic, blackhat SEO, etc.). It is used for a sole purpose – to trick Google Analytics’ users into visiting the spammer’s domain and, therefore, increase its traffic and rank in Google search.
Referral spam is implemented using the Measurement Protocol, which sends fake traffic to various properties of Google Analytics. In contrast to crawler or bot spam, referral spam targets Google Analytics account directly, meaning that no real visitors have been landing on the website. Having in mind that the fake traffic displayed by referral spam indicates a high number of new sessions, unique users and (usually) a 100% bounce rate, the chances that a not sufficiently experienced user of a Google Analytics service will draw his/her attention and prompt to visit the doubtful URL.
Most users of Google Analytics who have already witnessed referral spam instances are mainly interested in such activity has a negative impact on their website and its ranking in Google search. Luckily, ghost traffic does not affect the website and its rank directly. That’s why Vitaly Popov, the developer of Google Analytics Referral Spam, claims that technique is just a “creative marketing” rather than a crime. However, we would like to disagree with such proclaim as sending fictitious referrals to random Google Analytics accounts, messing up the statistics that is crucial for the owners/admins of the websites, promoting doubtful websites, targeting legit websites, and performing other fraudulent activities does seem like a crime for most of Online security experts.
If your Google Analytics account got littered by referral spam, such as budilneg.xyz, Buketeg.xyz, Washingtonpost.com, and similar, you will see distorted/inaccurate statistics, so it cannot be treated properly and will fail to carry out its purpose, i.e. to help the owner manage his/her website. Besides, there is no guarantee that the website that is promoted using a shady technique is secure. Thus, if you have noticed source/medium dimension as social-buttons.com / referrals, language dimension as Secret.ɢoogle.com You are invited! Enter only with this ticket URL. Copy it. Vote for Trump! and similar, these are clear signs indicating that your Google Analytics is polluted with referral spam. In order to block it, you have to create an exclude filter, block the spam using .htaccess file, and modify the language filter. In addition, to prevent your Google Analytics account from being affected by referral spam in the future, keep the log files protected by password because leaving it in public can lead to further spamming attacks.