Sunday, February 15, 2015

How To Block Russian Referral Spam Using PHP Code

So you've just spent the past few days designing your own little perfect online world, and you've decided to invite the world to marvel at your creation. You add google analytics to your site to revel in your growing audience of website visitors. You're now seeing double digit visitors each day! Yay! 

...but then, upon closer inspection, you notice something troubling. Why is your site that's dedicated to adopting puppies have more than half of it's hits come from Russia of all places? You visit your Acquisition tab in google analytics, view all traffic, and click on referrals to see where all these Russians are invading from - it's one website - some random forum from darodar.com with some obscure title. It looks something like "forum.topic123456789.darodar.com" You cut and paste the referral site into your web browser, and are redirected to some online store. It turns out, you're the victim of 'referral spam', and it's negatively affecting your search engine rankings. 


Referral Spam

Referrer spam is known by many names. Referrer bombing, log spam, etc. They all have one insidious purpose, to build the search engine rankings of the referring site (which is why when you punched in the forum address into your web browser - you were redirected to an online store).

Referral spam works by unwittingly having your website link back to them to increase their site's rankings in search engines. But you don't remember ever putting any links back to forum.topic.darodar.com? Well, if you publish your website hit counter, as many websites do (including this one), you create a gateway for spiders to click your hit counter, and then follow the link to - you guessed it - the referral spammers site. Now comes the fun part - telling the spam artist where they can stick it...

PHP Code - The Spammer Becomes The Spamee

Let's turn the tables on the spammer. PHP has global variable included in it's framework that help you gather information about your website's visitors - namely the $_SERVER global variables. Used in conjunction with the HTTP_REFERER parameter, you can redirect traffic back to the spammer - making it look like the spammer is linking to themselves with a link farm. It just so happens that search engines don't look kindly on artificial means to increase website rankings, and a link farm is a big no-no. 

First, here's the code that turns the tables on the spammer. Copy and past this code into a new file named 'spamoff.php'.

<?php

if (isset($_SERVER('HTTP_REFERER'))
     {
     $spam = array('forum.topic<yourtopicnumber>.darodar.com', '<2nd spam site url>');
          foreach($spam as $value)
               {
                if ($_SERVER['HTTP_REFERER'] == $value)
                     {
                      $spamSpike = 'Location: http://' . $value;
                      header($spamSpike);
                      }
                }
     }
?>

Now, we simply use php's include function to include this code in any page we want to protect - meaning we only have to update the list of spam sites in spamoff.php should we find a new spam referrer link in google analytics. 

<?php include('spamoff.php'); ?>

Here's how the code works. 

1) We need to make sure the HTTP_REFERER variable is populated so PHP doesn't throw an error to any users that come directly to your website (in other words, not directly from a referring site). We accomplish this by using the 'isset' function to see if the variable is populated.

2) We build an array of spam referring sites. Trust me, there's more than just darodar.com out there, and you'll want to update your list occasionally by monitoring google analytics. An important step is copying the exact referring site that you saw in your google analytics stats. In many cases, this is something like forum.topic123456789.darodar.com - where the '123456789' is often your google analytics ID. You'll need to replace the '123456789' with whatever topic your spam artist assigned to you.

3) When our code see's that the user came from another website (that's what HTTP_REFERER does - it tells you the last website the user came from), it checks to see if the user originated from our spammers site using the if statement and cycling through the array of sites using a foreach loop. If the $value of the website we check matches our spam artist, it redirects the site right back to the spam artist. Their spamalicious website will eventually be delisted for violating search engines spam policies.

Presto, your site is now officially insulated from referral spam from specific sites!

Lastly, to the Russian c***suckers who see it fit to harm our websites for their own personal gain, let me just say, "Сосать это долго и сосать его трудно". In english, it translates to "Suck it long, and suck it hard" :)
Have fun,

~Hacky


No comments:

Post a Comment

Feel free to send along any questions, comments, or hacks you'd like to see :)