Blog Article:

Clean up your Google Analytics and help stop referer spam with this simple rewrite rule

by Joel Marshall on February 09, 2015

You may have noticed something like this popping in the referers list of your Google Analytics reports lately:

If you are suspicious, good; you should be.

Unfortunately, these hits on your website are not legitimate traffic. Semalt, ShareButton,, and other such websites are engaging in a nefarious SEO practice known as "referer spamming." Incapsula has a very nice writeup on just how referer spam works so we won't go into great detail here. In short, the spammers hit your site with a referer header that contains a link to a page in hopes that you've forgotten to make your access logs private and search engines are indexing them. The search engines see those urls as backlinks, and thus bump up the ranking of the page embedded in the referer header. This is black-hat SEO, and can actually have some nasty consequences against your legitimate site.

Typically IIS hosted sites wont fall victim to this as by default they don't store logs in the application directory. Maybe your situation is different, however, and regardless of where your logs are stored these requests are still cluttering up your analytics reports. So what do we do to get rid of them? It's pretty simple if you have UrlRewrite installed. Simply add the following rewrite rule to your application's web.config:

    <rule name="abort referer spam requests" stopProcessing="true">
      <match url=".*" />
        <add input="{HTTP_REFERER}" pattern="(semalt\.com)|(buttons\-for\-website\.com)|(success\-seo\.com)" />
      <action type="AbortRequest" />
    <!--The rest of your rules, if you have any-->

This rule is just telling IIS, "if the referer header of the request contains '' or 'buttons-for-website', abort it". It's important to note that this will match any part of the referer header, not just "" or "". In most cases that won't have any repercussions, but you should be aware of it nonetheless. You can test test this by using the web debugging tool of your choice (here we're using Fiddler):

Voilà! No more hits from these shady companies. If you find that additional referers are engaging referer spamming, simply add an additional capturing group to the regular expression of your match condition.

May '15 edit: These spammers change up the addresses they use quite often. Most recently we've seen referer spam in our GA reports from the "" and "" domains. You just have to stay on top of it, and add the new bad domains to your rewrite rule's input condition as they pop up. Annoying, but fortunately not difficult.


If you found this helpful, please share on Twitter or your favorite flavor of social media with the buttons below!

Joel Marshall


Joel has been developing applications with Microsoft ASP.NET and related web technologies for 15 years. He is passionate about software architecture, design patterns, and emerging web technologies.