Dealing With Malicious Spam – Practice From Semalt

Bots do not have the best track record. They are fast and outstrip the number of human visitors to a website. Michael Brown, the Customer Success Manager of Semalt, warns that bots find it easy to fish out vulnerable sites with the intention of attacking them, spamming comment systems, and causing confusion in the traffic reporting systems. The influx of malicious referrals is becoming a serious problem, and Google trends indicate that the problem rises exponentially.

Googlebot is a good bot

A bot's main purpose is to automate tasks and disguise itself as a visitor. They scrape source codes, collecting data, and execute functions in response to what they find. However, as much as this sounds malicious, not all are bad. Google bot makes its presence known to users and helps queue websites on the SERP. Some bots take advantage of this and operate using fake agent strings making it look like they originate from this bot.

Bad bots and referral spam

Bad bots plagiarize website content, steal user information, click fraud on legal advertisements, and mess up reports generated by Google Analytics. The last item on this list has many implications for a website. It results from the different malicious applications of referral spam. For example, they distort traffic data from the inflation they create, trick users to visiting the sites that appear on Google Analytics reports, which allow them to create back links. Since they come concealed as legitimate traffic, they manage to hide the referrers.

Referral spam has 100% bounce rates, and limited on-page times, which tends to skew data on the reports. Consequently, the end product of these reports is mostly invalid. Over the years, bots have become more sophisticated.


Hackers use the botnets to perform complex attacks. A botnet is a network of robots which make it hard to trace and blacklist IPs. It becomes difficult to protect a website when they use the Distributed Denial of Service. When one uproots or blocks one, several others grow in place.

Ghost Referrals

Most websites currently have the Google Analytics code hard-coded into them. Referral bots can scrape the unique UA code from the source code and use it to track the site. From then on, it becomes possible to send information to GA, without having to visit. They take advantage of the Google Analytics Measurement Protocol, which does not discriminate any data coming to it.

Stopping Ghost Referral Spam

Users can ignore ghost referrals and restore the integrity of the data used in traffic reports. A Hostname Filter is one way to about this, as it ensures that it only takes into account information from valid websites. With such a measure in place, all ghost referrals, going forward, do not reflect in the analytic report. It is not a permanent solution, as hackers get wind of the counter measures put in place.

Blocking Normal Referral Spam

In most cases, websites report activity by automatic bots on their site. These are more controllable using traditional methods of blocking spam. If one chooses to use Google Analytics, the process can be long and exhaustive. An automatic blocking program is the Sucuri Website Firewall, with the option of custom rules to the user's preference.


The 21st century brought up the issue of layered security. It is sometimes annoying having to deal with spam. However, people should start getting accustomed to taking measures to ensure that they protect their data by all means.

mass gmail