If you are using Microsoft Internet Explorer 5 or Later (for Windows)
  1. Open Internet Explorer.
  2. On the Tools menu, click Internet Options.
  3. On the Security tab, click Internet.
  4. Click Custom Level.
  5. Scroll down to Active scripting.
  6. Click Enable.
  7. Click OK.
  8. Close Internet Options
  9. REFRESH THE PAGE IN QUESTION

If you are using Mozilla Firefox 2 or Later
  1. Open Firefox.
  2. On the Tools menu, click Options.
  3. Click on the Content icon.
  4. Check the box next to Enable JavaScript.
  5. Click OK.
  6. REFRESH THE PAGE IN QUESTION

If you are using Safari for MAC
  1. Open Safari.
  2. At the top of the browser, click Safari.
  3. Click on the PREFERENCES link. (in the pull-down)
  4. In the pop-up, click the security tab (with the pad-lock).
  5. Under "Web Content", check the box Enable JavaScript.
  6. Close the preferences dialogue
  7. REFRESH THE PAGE IN QUESTION
If you are using Google Chrome
  1. Open Chrome.
  2. Click the menu icon on the browser toolbar.
  3. Select Settings.
  4. Click the Show advanced settings... link.
  5. Click Content Settings in the "Privacy section".
  6. Select Allow all sites to run JavaScript in the "JavaScript" section
  7. REFRESH THE PAGE IN QUESTION

Google Analytics (GA) spoof/ghost spam

The fix

What you're seeing is "referral spam". They are "ghost hits" sent to GA (or whatever analysis you use) via scrupulous scripts. The majority of those bots are not even visiting your site. The scripts are just/only 'spoofing' them to get the victim to visit the sites they 'say' they're coming from. So, do not visit them.

There is NO cure for this (yet). Google is aware, but haven't developed a fix. The only way to get rid of the spoofs is to set a filter in your analytics.

To see what’s what, follow these instructions…

In left (narrow) column: Acquisition > All Traffic > Referrals

Right larger column: Secondary Dimension > type “hostname” (and go there)

If the host name does not match yours, THAT is a 'ghost' and never went to your site ever. It was sent to GA by a malicious script.

The 'source' on left side is what you want to block in .htaccess of those that match your hostname.

Just copy & paste this into your .htaccess (and add to it at will)


(just, make sure everything before the last one has [NC,OR] at the end)

You'll see other ways of typing this on the net, but THIS is the most 'correct way', I have found.

• Admin > View > Filters > +NEW FILTER (button) >

• Filter Name = Hostname Filter

• Filter type = Custom

• Tick "Include" circle

• Filter Field = Hostname

• Filter Pattern =

• Click Filter Verification to see how the results will be (bad on left, clear on right)

• Save


This method will only record yoursite.com & www.yoursite.com (from now-on) and the spoof (ghost) bots should-not-show.

All the corrupt data from before you do this is permanent and nothing you can (really) do.


I just did this yesterday. So, I await the final results and hopefully, there will be no more corrupted data.

However... It is important to block the 'actual' badbots in .htaccess (you can find them by following my prior post)


The 2nd method to block them is as follows... (for .htaccess) This can be included with 1st method as well.

copy exactly this... (and add to it at-will)



Just, be sure to not block 'good' bots, unless you don't care about traffic.


Another thing I found (haven't tried yet) is to change the UA-XXXXXXXX-1 to something like UA-XXXXXXXX-32 but...

I haven't really researched this yet. So, don't do it unless you're sure!

See... The evil-people have taken your unique code and send fake hits to your analysis. The analysis people have to make a way to 'validate' the incoming data first! This world is becoming very bad for the Internet! ugh!