Ty the Web Guy

Everything Web™ Since 1995

Dissecting darodar.com and ilovevitaly.ru Referrer Spam

By

what-is-referrer-spamMany website owners have recently checked their Google Analytics account and found referrals from darodar.com, ilovevitaly.ru, and other unfamiliar domains. If you try visiting these domains you’ll be redirected to a shopping site–often Amazon or Ali Express (Asia’s equivalent of Amazon). This is referral spam, being distributed by deceptive affiliate marketers (I like to refer to them as “bad guys”). This new wave of spam is a little different because the affiliate marketer is not visiting your website to get themselves listed as a referrer. Instead, they are passing along fake information directly to Google Analytics, which can make it difficult for website owners to block.

how-darodar-referral-affiliate-spam-worksLet’s walk through what’s happening.

  1. First, the bad guys use your Google Analytics Tracking ID to tell Google they just visited your site–even though they didn’t–and send their website as the referring domain. This gets them listed in your reports.
  2. Next, you take a look at your reports and see the bad guy as a new referrer. You naturally want to understand who linked to your website, so you visit their domain to learn more.
  3. When you land on the bad guy’s website you’re browser receives a “404 Not Found” status and a snippet of HTML that redirects you to shopping.ilovevitaly.ru. This is the HTML you receive: 
    <html><head><meta http-equiv='Content-Type' content='text/html; charset=UTF-8'><meta http-equiv="refresh" content="0;url=http://shopping.ilovevitaly.ru"></head></html>
  4. When you get to ilovevitaly.ru, your browser is sent another redirect to aliexpress.com, with the bad guy’s affiliate ID included. This earns him a commission on anything you buy from the shopping site. Here’s the actual HTML that comes back from ilovevitaly.ru: 
    <html><head><meta http-equiv="refresh" content="0;url=http://s.click.aliexpress.com/e/zV3VvBIEu"></head></html>

How can you stop this referral spam? Google Analytics gives us a predefined filter that makes it pretty easy. You should create a new View for this filter so your data isn’t ruined if you do something wrong. Here’s a screenshot of what the filter will look like:

google-analytics-hostname-filter

In the Hostname field, enter the domain name of your website. Click Verify this filter to see how the filter will affect your data.