Russian Spam traffic from darodar.com & co.lumb
The spammers strike again.
What this is & how to get rid of it.
Interest piqued by an increase in web traffic on our own & clients sites originating in Russia (Moscow / Samara) I decided to dig a little further and was not surprised to find yet another spammer corrupting the veracity of our analytics data.
First I looked at the referrals traffic to see why we were receiving such volumes from Russia and found the culprit immediately. This forum.topic darodar.com
Following the link I found it redirected to various shopping websites – an important clue in what the spammers were trying to achieve. Digging still further, I examined the Pages report and found a page not hosted on our website. I found this same page in almost all of our clients reports also. Note: you will only see this in the Page Title report as the spammers simply use the page uri “/” which is likely to be the same as your home page.
Piecing this together, this is what I think is happening:
The spammers are sending data to all Google Analytics (GA) accounts. Now this is much easier than you would think, all you need is the UA number of an account and the data analytics code, all freely available. This code & account number can then be used on the spammers site – but instead of the data being recorded in their analytics – it’s recorded in yours. Simple automation could reproduce the analytics account numbers for all Google Analytics accounts – hence the ubiquitous nature of the attack.
(Update 23rd Dec) I’ve checked to see whether this is just a Google Analytics problem as some people are saying that this is real traffic. We run Webtrends analytics on some of our website as well as GA. Webtrends is not reporting the spammy traffic – so my conclusion is that this is an attack on Google Analytics.
Why would they do this?
I suspect that they are doing this so that innocent GA users click on the referral to see what is is (as I did). This links through to shopping sites for which the spammers are paid a referral fee.
How do I stop this?
Well, you can’t. As the data created is not being hosted on your web-server there’s not really much you can do about it. But you can remove the data from your analytics so that your stats accurately match real performance.
Here’s how to do it.
If you haven’t already, create a Filtered View in Google Analytics.
Head over to the admin section in Google Analytics and click on filters. Make sure you are using your “filtered” view rather than your “All website data” view.
Next – add a new filter to your “Filtered View” – you can call it something like Co Lumb – but it doesn’t really matter as long as you can identify it.
Create the filter so that it excludes traffic to the hostname co.lumb.co as shown in the image above. Click on verify the filter to make sure it works – you should see that the filter excludes traffic to the hostname co.lumb.co.
Press save – and that’s it. But while you are at it, why not click on View Settings in Admin and check this box to exclude all known bots & spiders.
Hopefully these instructions are simple enough to follow and will result in a cleaner set of Google Analytics data. If you have been affected by this or need any help or support with this, why not contact us and see how we can help?