semaltmedia.com

This one points to some odd 'portal' with search, not quite sure what they are up to.

First time we've seen one in non-latin characters. Also wondering, is it just us or is everybody being overwhelmed by referrer spam?

quit-smoking.ga

buttons-for-your-website.com shows up in my referer list.

so does best-seo-offer.com

http://piwik.org/blog/2015/05/stopping-referrer-spam/ even has buttons-for-your-website.com as an example of what is automatically blocked by piwik. But it shows up for me?

I'm not sure if this is where I am suppose to post something like this?

found yesterday in referrer list doko-search.com. By search on internet look like unwanted adware in user computers, but referrer itself could be valid.

Just opened for comments from others

Doko Search

from their web:

Doko search aims to provide the ultimate online search experience. Our advanced technology provides you with the best of what the web has to offer, and makes it easier than ever to find exactly what you are searching for. _Doko search has partnered with some of the most popular software packages in world, giving you the option to install our search settings during setup and giving them the opportunity to offer you their products for free_.

What algorithm is used for the alphabetical sorting? sort spammers.txt on Mac OS X has a couple of differences from the spammers.txt here in the repository.

Got 100dollars-seo.com (aka semalt) as Referrer-Spam since a few weeks..

http://webrobots.de/megaindex-ru/

Does not provide about information how to exclude it in robots.txt

I've seen alibestsale.com appearing in most of my client's accounts starting November, 3rd. Most accounts have just a few hits, some have many. Thanks!

According to the new 'peer review process' I'll add here as an issue rather than a pull-request and wait for a +1

webmonetizer.net - turned up few last week and over 3 days and caused 34 sessions with 100% bounce rate. Left it's mark in the Google analytics Aquisition -> All Traffic -> Referrals table. Cities of origin all Russian (Chelyabinsk, Krasnoyarsk, Volgodonsk, Yekaterinburg, etc.). The domain itself redirects to Adzos -> getyourprofit.net. Domain is registared in Nobby Beach, Queensland, Australia just like some other other referral spam domains.

I'd like to see in the README something about the frequency with which Piwik download the latest version of this list. I still see some domains that have been submitted since July 2 or ealier:

Also, if a domain is on the list but Piwik logged visits from before it was on the list, will all visits be cleared, or only the ones after the new version of the list was updated?

Using GitHub issues and pull requests to report new spammers is starting to show its limits:

• we want confirmation when adding new domains
• bulk pull requests can't be validated at once
• hard to find intersections between bulk pull requests to validate single domains (e.g. #96)
• pull request conflicts
• trouble with keeping the list sorted (some PRs ignore the sort)
• poor traceability (sometimes the person committing to the repo is not the one who opened the issue or pull request for many reasons)
• not so easy for users that are not very familiar with GitHub

How about we create a website dedicated to fighting referrer spam?

• the list would be exposed and downloadable on the website
• users could report new spammers very easily (a simple form)
• users could vote on domain already reported to confirm it as a spammer
• each domain would have its own page listing everybody who reported it/confirmed it as spammer (good traceability, hopefully would also pop up on Google when people search for it)
• domain with enough votes could be merged back into the list (still hosted on GitHub): it could be done manually at first, and automatically later

Users could log in using GitHub (at first) so that we are sure one person can vote once, and to avoid vote manipulation.

This would also be a good way to promote Piwik and it spammer blacklist initiative.

ping @mattab and ping @quba which whom we discussed the idea.

HI Friends,
I've received a new referrer which appears to be a search engine.

malaysia.search.yahoo.com

There's an faq (or at least used to be) explaining what to do, to get it identified as a search engine, but I didn't understand it. I'm not very tech-oriented. Actually I'm surprised that the basic domain (yahoo.com) wasn't enough for it to be recognized as a search engine. But that's a bit beyond my understanding as well.

So anyway, hopefully someone else can do whatever needs to be done.

Thank you very much :-)

It's a new semalt domain. They are notorious for referrer spam.

success-seo.com

(redirects to a semalt domain)

0n-line.tv
1pamm.ru
5forex.ru
afora.ru
allknow.info
allnews.md
allwomen.info
anapa-inns.ru
arendakvartir.kz
artparquet.ru
autovideobroadcast.com
aviva-limoux.com
azartclub.org
bif-ru.info
bizru.info
bluerobot.info
brk-rti.ru
budmavtomatika.com.ua
codysbbq.com
conciergegroup.org
escort-russian.com
forex-procto.ru
forsex.info
fsalas.com
glavprofit.ru
handicapvantoday.com
howopen.ru
imperiafilm.ru
investpamm.ru
knigonosha.net
konkursov.net
manualterap.roleforum.ru
mini.7zap.com
mirtorrent.net
mobilemedia.md
moyakuhnia.ru
muscle-factory.com.ua
online-hit.info
petrovka-online.com
portnoff.od.ua
pricheski-video.com
producm.ru
prointer.net.ua
promoforum.ru
qwesa.ru
rcb101.ru
reversing.cc
rospromtest.ru
sibecoprom.ru
siteripz.net
sledstvie-veli.net
solnplast.ru
sosdepotdebilan.com
steame.ru
taihouse.ru
tomck.com
uasb.ru
videos-for-your-business.com
video-woman.com
viel.su
viktoria-center.ru
vodaodessa.com
youporn-ru.com
профмонтаж-врн.рф
холодныйобзвон.рф

I have a domain that has very narrow content and has been a reference and external link to many popular English Wikipedia articles since ~2009. I read that you are soon updating, so I thought I would go through the last month's worth of referrers and find all of the ones not on the current spammers.txt file. I have painstakingly visited every one of these sites, and, so far as I can tell, there would be no legitimate traffic to my site from these sites.

Due to the nature of my site, it is very easy for me to identify referral spam. Here are some things that generally give away referral spam:

• Keywords in the domain, such as 'forex', 'sex', 'video', and 'porn'.
• The referral spam domain is not in English or does not use English characters
• The referral always comes from a straight home page (e.g. http://example.com, http://www.example.com, etc.). Pretty much no legitimate referral is from a home page (e.g. http://www.example.com/subdirectory/file.php?5=123456).
• The referral spam hits only one page, usually the home page, sometimes a major directory, several times in a few seconds and never visits any other pages. It is very unusual to load a page 5x in 3 seconds for normal users, and on my site, the majority of legitimate users actually go beyond just the home page or main directories.
• The referral spam nearly always comes from Russia or Ukraine

afora.ru and others not seem to have good controls over their domain. How to handle when a domain owner is blatantly allowing referral spam domains via subdomains? Perhaps an option for users to select within Piwik to turn on/off reporting of spam-identified domain owners, else we'll be bombarded with FreeDNS-esque referral spam.

There should be some method to auto-contact registered owner of domain via whois info to notify them they are on the blocklist, else there could be opportunity to create a bad reputation for competitive reasons by exploiting the referral list tool.

Brilliant idea guys.

What are the requirements for adding a bad referrer to the list? As @mnapoli mentioned in another thread - don't want to make it too broad.

I'm thinking of a process where new referral spammers are added to the list by peer review. Possibly by having other members with significantly large Piwik/Snowplow data sets to vouch for them.

Finding the next referrer spammer is becoming a daily routine :-(

This one created about 20% of a customers traffic over 3 days, 100% bounce rate, all traffic from various Russian cities, though the domain itself is registered in Queensland Australia.

It redirects to 'traffic-paradise.org' which then leads to adzos.com.

Redirects to semaltmedia.com.
Seen on several websites since august 13th.

Hi there,

For some reason one of my websites is more prone to being a target for referrer spam than my other websites. I do run an outdated version of Piwik so will be upgrading soon to benefit from the updated spammers.txt, but I think I've seen some items in here that were not present in your blocklist:
Not in your list:

aetherwu.com
aosheng-tech.com
atmosphericwatergenerator.net
buypharmacydrug.com
compassoffices.com
make-money-online.7makemoneyonline.com
medispainstitute.com.au
moonstruck.co.za
musicas.baixar-musicas-gratis.com
musicas.kambasoft.com
screen-recorder.srecorder.com
turtleluck.com
www.barakaweb.com
www.star61.de
www.viandpet.com
youtube-downloader.savetubevideo.com

Not sure, but since I don't have RSS feeds on this particular website:

www.inoreader.com
newsblur.com

Already in your list:

best-seo-offer.com
best-seo-solution.com
break-the-chains.com
buttons-for-website.com
buttons-for-your-website.com
civilwartheater.com
semaltmedia.com
semalt.semalt.com
sharebutton.net
success-seo.com
video--production.com
videos-for-your-business.com

Variants of stuff you already have in your list:

103026.semalt.com
14.semalt.com
18.semalt.com
19.semalt.com
1.semalt.com
20.semalt.com
22.semalt.com
23.semalt.com
249.semalt.com
27.semalt.com
295.semalt.com
29.semalt.com
30.semalt.com
317.semalt.com
34.semalt.com
353.semalt.com
361.semalt.com
36381278.videos-for-your-business.com
36.semalt.com
409.semalt.com
419.semalt.com
428.semalt.com
43.semalt.com
44.semalt.com
479.semalt.com
499.semalt.com
505.semalt.com
51.semalt.com
52.kambasoft.com
54233248.semalt.com
57.semalt.com
61.kambasoft.com
63.semalt.com
643.semalt.com
65.semalt.com
696.semalt.com
74.semalt.com
750.semalt.com
766.semalt.com
76.semalt.com
78.semalt.com
7.kambasoft.com
822.semalt.com
831.semalt.com
83.semalt.com
85.semalt.com
86.semalt.com
87.semalt.com
89.semalt.com
9.semalt.com

Hi, can you give a brief description how to integrate this list into PIWIK best?
In this document it is written that PIWIK catches SPAM automatically, using info from this repo:
http://piwik.org/blog/2015/05/stopping-referrer-spam/

But I have currently spam turning up in PIWK, that I found listed on this list already (100dollar-seo, semaltmedia), so obviously something isn't working as expected here.

The following spam referrers have plagued my website - most of them are not in your current list.

Cheers and keep up the good work!
Andi

sitedomain.de
domain2008.com
videos-for-your-business.com
pizza-tycoon.com
remotepccleaning.com
closetcasevintage.com
gateauchocolat.net
gventouris.gr
pimababy.de
adf.ly
itcouldbelikethis.com
capstonesacramento.com
windowcleaning.com
echlinconsulting.com
appta.co
bonjourdefrance.es
elevateind.com
buysell8.com
meyer-hentschel.net
executivesecurityplan.com
ginsengtea.net
angeluci.com
wundur.com
electropeasant.com
kelleherfineart.com
yasabes.com
drl-products.com
furina.de
kalkulatorykredytowe.pl
website-errors-scanner.com
blog.ambmediadesign.com
aosheng-tech.com
aurikulomedizin.com
nutrex.com
capsafood.com
hosting.axton.cz
312wright.com
kiconsult.de
wfiu.org
lasisblog.com
fairandugly.ch
couponsnews.ru
atemgym.com
laupeus.net
capsafood.com
schiffsreisen-blog.de
funbookco.com
dennis-aogo.de
healthfitnesscenters.com
sites.brightwhistle.com
andreasjanson.de
hiero.biz
diekartegefunden.net
jaavedkhatree.com.au
blog.ambmediadesign.com
a-a-bau.ch
hvd-store.com
justprofit.xyz
pizza-imperia.com
mebel-alait.ru
android-vsem.org
ledstudio.org
aviapanda.ru
game-mmorpg.net
bookmaker-bet.com
mazal-shop.ru
gk-atlant.info
zaimhelp.ru
avtomatoff.com
valkiria-tk.ru
site.fliphtml5.com
horoshieokna.com
igrobuy.com
cinemaenergy-hd.ru
burgerinmac.com.ua
dlskype.com
tecspb.ru
worldhistory.biz
allcredits.su
finstroy.net
forums-de.ubi.com
downloadsphotoshop.com
porno.weprik.ru
expertnaya-ocenka.ru
labplus.ru
valkiria-tk.ru
blogos.kz
carswithmuscles.com
atlant-auto.info
pornotwit.com
plohaya-kreditnaya-istoriya.ru
virtuallawer.com
softtor.com
cruiseraf.net
gta-top.ru
angeladorer.com
bimatoprost-careprost.com
netpics.org
gta-club.ru
vkontaktemusic.ru
expertnaya-ocenka.ru
komputers-best.ru
nardar.ru
jaxcube.info
lenvred.org
womensterritory.ru
nagdak.ru
realnye-otzyvy.info
play-euro-lotto.com
shoppingmiracles.co.uk
android4fun.org
wormix-cheats.ru
vostoktrade.info
ccpfy.net
dimkino.ru
simplepooltips.com
magda-gadalka.ru
favoritemoney.ru
infazavr.ru
recsil.org
ost-alpha.ru
sarafangel.ru
doeco.ru
bodybuilding-shop.biz
o-factory.ru
vekzdorov.ru
pornogig.com
xn--80ahvj9e.xn--p1ai
berlininsl.com
mir-business-24.ru
ublaze.ru
brendbutik.ru
luckyshop.net.ua
na15.ru

I've shared a custom report template for Google Analytics that has immensely helped discover referral spambot domains (and hostnames they use).

https://www.google.com/analytics/web/template?uid=MEsjTogmTgWfOeeYm-Liyg

I've been keeping my own gist for spambot blacklisting, but now that I've discovered this repo it looks like I'll probably start contributing here instead.

52583998.videos-for-your-business.com

Dear colleagues,
i have issues with these domains:

1. www2.free-social-buttons.com
2. www3.free-social-buttons.com
3. www8.free-social-buttons.com
   I use Referrer Spam Blocker plugin for WordPress by Tomasz Tybulewicz. But these three domains they are still present in the list of referrals google analitycs.
   Do you have any ideas about this?
   Thank you for your assistance.

please add

• sharebutton.to and
• site2.floating-share-buttons.com (redirect to http://sharebutton.to/)

I'm not sure if it was mentioned, but I've been seeing t.co recently.

Does anyone know if it's possible to remove the old spam referrers from database? For busy sites the spammers could alter the statistics excessively.

Just started showing up today in my referrals.

qualitymarketzone.com

Just made WordPress plugin for this list.

GitHub version : https://github.com/rolandinsh/wp_referrer_spam_blacklist
WordPress.org: https://wordpress.org/plugins/wp-referrer-spam-blacklist/

www.event-tracking.com

Points to a gambling site. 100% bounce rate. Location not set. Limited who is info:

http://mxtoolbox.com/SuperTool.aspx?action=mx%3awebsites-reviews.com&run=toolpage#

These spam referrer links appeared in my GA account at my domain msinterim.se.
The first 3 addresses are versions of the already blacklisted floating free share buttons in order to fool the blacklist.Other reasons for that these are spamlinks are a 100% bounce rate, a weird name and a unusual high session rate and number of users for a non trading website/domain. These are spam links. Thanks for blacklisting these links and making my life easier.
site4.floating-share-buttons.com
site1.floating-share-buttons.com
site3.floating-share-buttons.com
www.Get-Free-Traffic-Now.com
www1.free-social-buttons.com
www4.free-social-buttons.com
www5.free-social-buttons.com
www.event-tracking.com

Redirect to http://semaltmedia.com/

Subdomains of copyrightclaims.org have started to appear in some of my client's Analytics accounts.

Here are two samples:
claim381811.copyrightclaims.org
claim53705310.copyrightclaims.org

The redirect to alibestsale.com

Anyones seeing this, too?

100dollars-seo.com
Looks like another semalt variety.

I saw this one appear today in my Piwik. Waiting for +1 from others before adding it to the list.

black-friday.ga
cyber-monday.ga

new spammer

mypoints.com

sanjosestartups.com

This probably would have been better via a pull request, but I'm not exactly use to using GitHub. I really like the list and update frequency you guys have going. We use Piwik on a regular basis, but we also wanted to stop wasting server resources on serving the requests as well. I thought the info might be useful to others.

The info below shows how configure Apache to redirect the requests back to the referring site to avoid wasting your server resources serving the requests. Alternatively, you could simply make the requests fail.

In your httpd.conf, add the following to each VirtualHost:

<VirtualHost *:80>
....
RewriteMap    ref-deny  txt:/PATH/TO/spammers.map

# two part domains in file, possible subdomain in request
RewriteCond %{HTTP_REFERER} !=""
RewriteCond %{HTTP_REFERER} ://(?:[^/]*\.)?([^\./]+\.[^\./]+)(/|$)
RewriteCond ${ref-deny:%1|NOT-FOUND} !=NOT-FOUND [NC]
RewriteRule .* %{HTTP_REFERER} [R,L]

# three part domains in file, possible subdomain in request
RewriteCond %{HTTP_REFERER} !=""
RewriteCond %{HTTP_REFERER} ://(?:[^/]*\.)?([^\./]+\.[^\./]+\.[^\./]+)(/|$)
RewriteCond ${ref-deny:%1|NOT-FOUND} !=NOT-FOUND [NC]
RewriteRule .* %{HTTP_REFERER} [R,L]
...
</VirtualHost>

Be sure to set the appropriate path to spammers.map which will be created below.

If you would prefer to have the request simply fail instead of redirecting back to the page that is creating the referer spam, simply replace [R,L] with [F] in the two lines above.

Next, you need to create spammers.map from spammers.txt. Just make sure to have a space and hyphen on each line after the domain. Here's an example:

semalt.com -
buttons-for-your-website.com -
success-seo.com -

Save the config files and restart Apache.

This one points to an Alibaba site

It is not clear to me how I update Piwik with the latest list.

My experience with spam is that spammers tend to redouble their efforts when encountering resistance, and I am seeing 100dollars-seo.com more than I saw any previous spam domain. I do see this domain is on the current spammers.txt maintained here, but it is not clear how I manually update Piwik, as the current instructions seem more geared to developers.

I see this is new. Does anyone know more about this referrer?
It looks it hit my server this morning, complete website, all the pages in under 15 minutes.

redirect to http://semalt.com/

justprofit.xyz

Picked this one up yesterday in my logs.

Some domains in the list are dead.
They have no DNS record and so can not be reached. A lot of others do not respond to ping, but they may be temporarily down or block ICMP, so I can not say for sure if they are dead.

Since the domains are dead, I doubt the spammers still send them as referer. They should probably be removed from the list.
It is also good to clean up the list, since the domains can change to a legitimate owner who does not use referer spam.

Dead domains:

alpharma.net
anal-acrobats.hol.es
blackhatworth.com
chinese-amezon.com
connectikastudio.com
edakgfvwql.ru
iloveitaly.ro
iloveitaly.ru
ilovevitaly.info
ilovevitaly.org
myftpupload.com
sexyteens.hol.es
slftsdybbg.ru
sohoindia.net
solnplast.ru
trafficmonetize.org
webmonetizer.net
ykecwqlixx.ru
грузоподъемные-машины.рф
наркомания.лечениенаркомании.com
непереводимая.рф
профмонтаж-врн.рф
снятьдомвсевастополе.рф
холодныйобзвон.рф

Note : I have a script to check the list and can do a pull request if it's easier for you.

Hello,
I've received a referred website: bing.com. It appears to be a search engine. I've read the instructions for submitting a referred website which should really be a search engine. But unfortunately, I don't have the tech know-how to do it. So if someone would be so kind? The whole url: https://www.bing.com/.

Other issue is symbaloo.com. I'm not sure what to call it, but I think should probably be identified as a Direct Entry. It looks like some kind of special homepage, for members.....like a favorite or bookmark. Whole url: http://www.symbaloo.com/home/mix/13ePBd7C0R

Thank you very much :-)