Fix: Analytics Spam

This blog post is a master guide to block Google Analytics referrer spam. I’ve added various methods to block the referral spam and I’ll update the content accordingly.

You’re here because of the new referral traffic from,,,,,,,,,,,,,,,,,,,,,,,,,, or its variants are¬†spamming your Google Analytics data. Here’s how to block that¬†single referral domain and related multiple referrers.

Method 1: block referral spam using Google Analytics
Method 2: disable spam in .htaccess (for Apache servers)
Method 3: disable spam in NGINX
Method 4: disable spam using Cloudflare

10/05/2019: Added fix.
06/05/2019: Added fix.
24/04/2019: Added fix.
18/04/2019: Added fix.
04/04/2019: Added fix.
03/30/2019: Added fix.
03/19/2019: Added fix.
03/12/2019: Added fix.
03/11/2019: Added fix.
03/07/2019: Added fix.
02/26/2019: Added fix.
02/25/2019: Added fix.
02/19/2019: Added fix.
02/18/2019: Added fix.
02/15/2019: Added fix.
02/13/2019: Added fix.
02/11/2019: Added fix.
02/08/2019: Added fix.
01/31/2019: Added fix.
01/23/2019: Added fix.
01/18/2019: Added fix.
01/15/2019: Added fix.
12/19/1018: Added fix and NGINX method to block the Analytics spam.
12/06/2018: Added fix.
12/05/2018: Added fix.
12/04/2018: Added fix.
12/03/2018: Added fix.
11/29/2018: Added fix.
11/14/2018: Added fix.
11/07/2018: Added fix.
11/01/2018: Added fix.
10/27/2018: Added fix.
10/13/2018: Added the solution to fix Analytics spam
10/10/2018: Added the solution to fix spam.
09/27/2018 11:57 PM: Blimey! It seems like they’re targeting me¬†for writing this blog post.
09/27/2018 11:16 PM: Added the Cloudflare method to block servers that spam your website.
09/25/2018: This guide has the solution to fix¬†,¬†, and other domains that spam Google Analytics. Just change the domain name/URL accordingly. I’ve added a new .htaccess method also (future-proof).

Exclude a single referrer

How to Block Analytics Spam (September 2018)

  1. Sign in to Google Analytics.
  2. Click Admin, and navigate to the view in which you want to create the filter.
  3. In the VIEW column, click Filters.
  4. Click¬†+ New Filter. (If you can’t see this button, you do not have the necessary¬†permission.)
  5. Select Create new Filter.
  6. Enter a name for the filter. Let’s name it
  7. Set the Filter Type to Custom.
  8. Click the Select filter type drop-down menu and select Exclude.
  9. Now Set the Filter field to Campaign Source.
  10. Enter the Filter Pattern. In this case, add (the-spam-domain-name.tld) and click Save.

To Exclude multiple referrers

You can use the regular expression in the Filter Pattern field to exclude several referring sources.

i.e., If you want to add multiple URLs, make a filter pattern separated by a | (pipeline).



Visit this link to learn more about setting filters on different levels. You may also set the Language Settings Filter and Campaign Referral Path Filter as well.

Block Analytics Spam in .htaccess

Applying filters is more like a band-aid solution. The spam sites are still sending traffic to your website, and GA doesn’t show it.¬†Want to block the referral sites before they get to your site? There are two methods to block referral spam using .htaccess.

1. The Easy Method

You have to be careful when editing .htaccess files, as a small mistake can make your website stop working or throw a server error loop. So have a backup! Copy and paste the old content of .htaccess file somewhere safe before proceeding.

Usually, the .htaccess file goes to the root of your website (/public_html for example, the same location of¬†wp-config.php). If there is none, you can create a new file. But watch out not to create something like “.htaccess.txt” if you do it with notepad (which usually appends .txt to all files).

The location may vary according to where you installed WordPress inside the host. Edit the .htaccess file and add the following line:

RewriteEngine on
RewriteCond %{HTTP_REFERER} enter-url-1\.xyz [NC, OR]
RewriteCond %{HTTP_REFERER} wakeupseoconsultant\.com [NC, OR]
RewriteCond %{HTTP_REFERER} example-spam-website\.com [NC]
RewriteRule .* - [F]

(Copy and paste the code in the bottom of your .htaccess.)

Note: Check whether a RewriteEngine On line is already inside your .htaccess file. Then you don’t need to copy that particular line from the code I shared. RewriteEngine only needs to occur once in the file, preferably at the top.

2.¬†Find Spam Site’s Server IP Address & Block it

There are chances the spammer may spin up more domain names for this unholy practice. Solution? Deny their server to access your website. Proceed at your own risk.

GeneratePress Review: Best WordPress Theme in November 2022

Use a DNS lookup tool like to check spam domain’s (¬†in your case) IP address:

Find's Server IP Address

As you can see, turns out to the unique IP of the domain.

However, you’ve to¬†make sure the spammer is not using any CDN to hide their IP address. Look at for example:

Facebook CDN

Facebook, Inc. CDN uses specific IP ranges for delivering Here’s a list of¬†IP Ranges that Cloudflare use. Make sure that you identify the unique IP of spammer and not IP ranges of a CDN service.

Upon identifying the spam sever, edit the .htaccess file and add the following line:

# block spam referrer
Deny from

Make sure that you enter the correct IP address. Doing so will block all the spammy domains pointed to this server IP address.

Block Analytics Spam Using in NGINX

Open your nginx.conf file located in /etc/nginx/nginx.conf

Proceed at your own risk. Contact your host to confirm the location of nginx.conf file. Make sure you have root access to the host. Always have a backup! Copy and paste the old content of nginx.conf file somewhere safe before proceeding.

Add the following lines inside the http block:

# Referer spam

map $http_referer $spam_referer {
default 0;
include /etc/nginx/;

Nginx’s map¬†(ref) module¬†lets you create variables in Nginx’s configuration file whose values are conditional ‚ÄĒ that is, they depend on other variables’ values.¬†The map command can only be used inside of the http block.

Create An Analytics Spammer List

Create a new file in the NGINX root directory (‚Äė/etc/nginx‚Äô) and name it ‚Äė‚Äô to save a list of spam referrers:

"~*" 1;
"~*" 1;
"~*" 1;
"~*" 1;
"~*" 1;
"~*" 1;

The “~*” means case-insensitive matching.

Now open /etc/nginx/sites_available/default and add the following lines to the server block:

# Referrer exclusions

if ($spam_referer) {
return 444;

444 Explained: Connection Closed Without Response is a non-standard status code used to instruct nginx to close the connection without sending a response to the client, most commonly used to deny malicious or malformed requests. This status code is not seen by the client, it only appears in nginx log files.

Verify & Restart Nginx Service

Run this command to verify the config:

nginx t

Restart nginx if the test is successful:

sudo service nginx restart

Block IPs in Cloudflare CDN

Cloudflare user?¬†The¬†Firewall¬†tab on Cloudflare provides you with an interface that you can use to block or whitelist IP addresses or entire networks. Based on the results from¬†, you can block spammer’s IP using Cloudflare. Here’s how to do it:

  1. Log in to Cloudflare.
  2. Go to the Firewall app.
  3. Add an entry to the Access Rules and select the action.
As seen on

Good luck!

Help someone else by sharing this article. Thank you.

Need a hand?

Need help optimizing your website analytics, speed and search performance? Connect with me now.

33 thoughts on “Fix: Analytics Spam”

  1. nice one thanks – you published an article today for exact thing I was searching for – remove the from showing up and effecting my analytics. Just started this morning.

    • You’re welcome, Phil. Came across this error last night and fixed it right away.

      I thought a lot of people would be looking for a solution online- so updated here.

  2. Hola: muy buen artículo, corto y preciso, me ha sido de gran utilidad.
    Era la primera vez que tenía tráfico de referencia de, no sabía que hacer y estaba preocupado. Gracias por la solución.

  3. It’s the Ukrainian SEO company Semalt that is behind it and when you contact them, they want to sell you their service. and send you in the dark about and some other referral url they have.

  4. Did you know this was going to happen? Thanks a million for this great article. It came just in time.

    I will check my analytics tomorrow to see if it disappears.

  5. Will GA stop counting these visits immediately or you need to wait e.g. 24 hours before it takes effect? I’m asking because I did today what I read here and I noticed that GA is still counting these spam visits. So maybe it will start blocking them in a few hours not immediately?

    • Hi Luke,

      GA Filters are usually reflected in the real-time reports, but not always, especially if you added the filter within the past hour or two.

      And it takes time (as much as 24 hours) before filter effects become visible in your data.

      I’ve updated the post and added the .htaccess method to block spammer’s IP directly. Doing so will make sure your website doesn’t welcome any “hits” from their server.

  6. I am having this same issue, but my analytics are blocking me from being admin…I know it isn’t the same issue, but I want to block these guys and now can’t do it. Any thoughts on how to get myself back into GA as admin?? UGH!

    • Hi Heather,

      I’d go with the .htaccess method because it’s the real deal. ūüėČ

      By the way, do you remember who has access to the master account? Did you hire anyone in the past to set up GA? The best method is to get in touch with the admin and sort it out.

      Or you can speak with Google and fix this issue. You will need two things before you talk to Google. You will need your AdWords Customer ID and your UA number from the Google Analytics.

      Please refer to this article for detailed info on this.

  7. hi there,
    2 days now I’m trying to block the unsuccessfully. I have read all the comments, I have block several IPs but nothing.
    Any idea pls?

    • Do you have the access to edit .htaccess file? If so, add these lines:

      RewriteCond %{HTTP_REFERER} my-seo-promotion\.com [NC, OR]
      RewriteRule .* - [F]
  8. Unfortunately, the .htaccess method did not work for me. It just created a server error and brought all my sites down. ūüôĀ Several hours of downtime before I realized it. Live and learn.

    • Sorry to hear that TJ.

      Yes, messing with the .htaccess = playing with fire.

      Try adding these lines next time (edit the domain name accordingly).

      RewriteCond %{HTTP_REFERER} my-seo-promotion\.com [NC, OR]
      RewriteRule .* - [F]
  9. Thanks for the article and documenting ways to deal with it. I tend to watch live stats as I’ve got an ad campaign running for a client and though I have filtered the referrers and blocked requests in Google Analytics I can still see requests on the GA Real-time overview. These “appear” to come from a number of locations including Italy, Brazil and the Philippines though probably only due to fake IPs. Great that people are onto this annoyance. I hadn’t seen anything significant in stats for some time, maybe due to good filtering ūüôā

  10. Thank you for your valuable information. I had the same problem and I was looking for a solution. Thank you so much.

Comments are closed.

Email [email protected] or wechat: mighil to work together. I can help you with content, product ops, scripting, strategy, and technology.

Random: something I've read, browsed, or watched.

*Previously Powered by DigitalOcean, GeneratePress, and BunnyCDN.