And I HATE it!
What is referer spamming anyway?
It’s gonna make webmasters red hot angry as this link building tactic spams your log files with fake referers that links back to the spammer’s website.
Analytics like Webalizer and Awstats that offer public display of stats are its main target – specifically, analytics that rank referer stats. With over thousands of fake hits they send to your website, there’s no way their site wouldn’t rank high in your logs. After ranking in your log, they get an easy free link.
Referer – that’s a single “r” by the way.
Referer spamming is not new at all, it’s been round for ages! It just so happen that the monster bit this lil’ blog. Not an ordinary spammer though, pretty tricky and well planned – although I’m not surprised at all, because spamming has also developed well over the years!
By morning today, I checked my WP stats dashboard for a quick view of my stats. Surprisingly, under the search engine traffic tab, x-rated keywords bombarded me. I checked Google Analytics for a detailed view and have a look on some of my keywords…
What this scum did was to spam me with fake referers from Google. Why? Well, to get my attention. His site (I’m not mentioning it) is on the first page of most these keywords. If he spams thousands of blogs with these then most likely webmasters will check if they actually rank for these keywords. The webmasters would eventually end up to his website if they google for that keyword. Pretty smart eh?
The solution
We don’t want people to mess up with our records, we need it to be as accurate as possible.
So to stop these kind of spam, you will have to add these few lines of code in your .htaccess file…
# Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammerdomain1.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammerdomain2.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammerdomain3.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammerdomain4.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammerdomain5.*$
RewriteRule .* – [F,L]
That will give the spammer a forbidden error when visiting with a referer of the listed domains.
In my case however, the spammer faked their referer as Google – obviously I won’t block that! I’d be a pure douche if I did 🙂
Here’s the code to block results by their keyword…
# Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?keyword1(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?keyword2(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?keyword3(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?keyword4(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?keyword5(-|.).*$
RewriteRule .* – [F,L]
Sneaky link building tactic but can be blocked by one click. Bye fake referers!
Update: A guy emailed me asking if faking referer can be done via browsers. Well yes of course, here’s a Firefox plugin called Refcontrol. The risk is up to you 😉