A couple of days ago, I was checking my Google Analytics data and I noticed a sudden spike in traffic on one of my hobby websites, which hardly gets any traffic usually.
Naturally, I presumed that some wonderfully creative post of mine had gone viral (ha ha).
This euphoria was short-lived and soon turned into panic (as always, when it comes to website security issues).
When I looked into it some more, I realised it was from some obscure source – news.grets.store.
I hate to break it to you – but when you see such unnaturally high traffic from a unrelated website, it is usually referral spam.
nOTE – Do not Visit This Website – news.grets.store
What is referral spam?
Referral spam ( or referrer spam), involves high volume ‘fake’ traffic from a website that ‘tricks’ Google Analytics into counting them as visits. It is usually generated using automated bots – there are no actual users visiting the website.
Why? Because the spammer wants you (and other website owners like you that are spammed) to go back and visit their website to generate more traffic.
How I tried to block traffic from News.Grets.Store (or other such referral spam sites)
The first thing I did was to block it via Cloudflare using a Firewall Rule.
If you don’t have a Cloudflare account, you can sign up for a free one and add your website. A free account allows you to create up to 5 firewall rules.
Here’s how –
- Login to your Cloudflare account
- Select a website, if your account has multiple sites.
- Navigate to Security –> WAF –> Create a firewall rule
This worked and stopped all hits from ‘news.grets.store’.
But then I noticed some more spam traffic from these other sites –
| Session source / medium | Country |
| kar.razas.site | Poland |
| trast.mantero.online | Poland |
| info.seders.website | Poland |
| game.fertuk.site | Poland |
| ofer.bartikus.site | Poland |
| garold.dertus.site | Poland |
[February 24, 2024 – Update] 12 hours since I implemented this firewall rule, and it seems to be working so far. My website’s traffic is back to its regular volume.
[February 26, 2024 – Update] The spam traffic from these sites seems to have gone down and I can see that Cloudflare is blocking some hits too, but Google Analytics shows that some traffic is still going through. More on this when I investigate it some more.
[February 27, 2024 – Update] This does not seem to be working at all, because it looks like the website is not actually receiving these visits. The spammer is simply manipulating Google Analytics using the Tag id.
Am now looking into how to filter it out.
In Conclusion
Will keep updating this post sharing my attempts to handle this referral spam.
Did you try something that worked? Do leave a comment and share.