1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

darodar.com Analytics referral traffic is pure spam

Discussion in 'BlackHat Lounge' started by dsan996, Jan 6, 2015.

  1. dsan996

    dsan996 Regular Member

    Joined:
    Apr 18, 2014
    Messages:
    267
    Likes Received:
    128
    Location:
    Depends on the day
    I have noticed a new referral traffic source in Google Analytics for one of my sites coming from darodar.com. You may have also noticed, there are many people complaining about this in forums.

    What they seem to be doing is a very spammy way of making some cash by messing people analytics data: they are blasting hundreds of sites with requests using subdomain pages at darodar.com (also ilovevitaly.com and econom.co) as a referral. Those pages redirect to Amazon or Alibaba using an affiliate link. When people (like me) notice such a strange pattern we try to visit the referral page shown in Analytics to know what's going on and that's when we get redirected through their affiliate link.


    If you don't want affiliate cookies being placed in your browsr just don't visit referral pages being shown in your GA from darodar.com, ilovevitaly.com or econom.co.

    You can also block the spammy referrals via htaccess, as suggested by sudorank in his post:

    http://www.sudorank.com/guide-how-to-block-darodar-referral-spam-to-your-website/


    Or you can set Google analytics to filter them, as suggested by RightInTwo in the following thread:

    http://www.blackhatworld.com/blackh...ics-referral-spam-like-semalt-com-others.html
     
    • Thanks Thanks x 2
    Last edited: Jan 6, 2015
  2. lord1027

    lord1027 Elite Member

    Joined:
    Sep 20, 2013
    Messages:
    3,177
    Likes Received:
    2,238
    Now this is what I'd call thinking out of the box :) I'd also report them to Amazon, I'm sure they do not allow such methods of promotion.
     
    • Thanks Thanks x 1
  3. dsan996

    dsan996 Regular Member

    Joined:
    Apr 18, 2014
    Messages:
    267
    Likes Received:
    128
    Location:
    Depends on the day
    True, the method is quite creative :D

    By the way, I found another spammy source from the same guys: priceg.com. Also managed to block the referrals on a server-wide basis by setting a mod_security custom rule. If someone is running many sites on a dedicated server or VPS this may help to solve the problem without having to set each site one by one:

    Code:
    # Block referrer spam
    SecRule REQUEST_HEADERS:Referer "darodar.com|iloveitaly.com|econom.co|priceg.com" "phase:1,deny,status:403,msg:'Referrer spam blocked.',id:999999123"
    
    Then you can check if the rule is working by curling one of your sites setting the spammer domain as referral:

    Code:
    curl -e "http://darodar.com" http://www.yoursite.com
     
  4. dsan996

    dsan996 Regular Member

    Joined:
    Apr 18, 2014
    Messages:
    267
    Likes Received:
    128
    Location:
    Depends on the day
    UPDATE

    Spammy referrals still showing in GA. My above posts were wrong. I have checked my server logs and noticed that there are no requests made using the spammy referrals. It looks like they are not visiting my sites at all but making fake requests directly to GA codes.

    So no referral blocking on a server side will help here. The best we can do is filtering those referrals in GA so they won't mess the data.

    Source:
    http://www.blackmoreops.com/2014/12/19/darodar-com-referrer-spam/
     
  5. jmuller

    jmuller Registered Member

    Joined:
    Aug 15, 2014
    Messages:
    75
    Likes Received:
    2
    Got this too, very frustrating!

    So no need to modify htaccess? Only to change analytics filter?

    Any wordpress plugin we can get?
     
  6. dsan996

    dsan996 Regular Member

    Joined:
    Apr 18, 2014
    Messages:
    267
    Likes Received:
    128
    Location:
    Depends on the day
    As far as I understand you can not prevent this issue with any server side tweak since they are not interacting with your server at all. This is more like a Google Analytics hijack taking place against random Analytics codes. They don't even know what website does the code belong to, that's why they are using random hostnames to send the requests to your GA.

    You can check that by going to Acquisition -> All Traffic -> All Referrals, then click "darodar" referral and add hostname secondary dimension. You'll see that they are using random hostnames like co.lumb.co, apple.com, etc.

    I'll go for an Analytics filter to show only traffic using your website as a hostname:

    GA hostname filter.png
     
    • Thanks Thanks x 1