What Is Blackhatworth Spam? (How To Filter It)

Google Spam Referral Traffic

If you are reading this chances are you are seeing something like this in your Google Analytics account and you are worried that blackhatworth is able to hack your site and/or affecting your SEO rankings. Read on to learn why a .htaccess rule won’t work, why you shouldn’t be worried, and a simple way to remove the referral spam from Google Analytics.

Google Spam Referral Traffic
Google Spam Referral Traffic

First lets see exactly what is happening with this referral traffic. There are two ways spammers are affecting Google Analytics data recently, if you understand these concepts you will have a better idea if these spammy site are actually hurting anything on your site. After that we can talk about either blocking them or filtering them. There is a lot of misconceptions out there right now about how to block referral spam. I was doing it wrong at first.

How does blackhatworth show up in referral traffic?

Blackhatworth.com is faking referral traffic to sites. What this means is they aren’t actually visiting your site but rather sending a HTTP request to random UA tracking IDs. A UA tracking ID (UA-xxxxx-1) uses JavaScript to report HTTP requests sent to your website. These spammers have figured out a way to send requests to tracking codes, which then sends data to Google Analtyics and then shows up in your Referral Traffic report. However, if you look at server logs, the hostname or IP never visited your website.

So why are the spammers doing this?

Because they can. It really is as simple as that. The spammers are hoping you visit their site after seeing the referral track. The catch is they actually redirect you to another site (usually an e-commerce site). I caught a glimpse of the url redirect in my browser and saw iloveitaly.com which suggests the same spammer is behind all of these fake referral spam domains. This is what you will see if you search blackhatworth.com

blackhatworth spam redirect
blackhatworth spam redirect

There is a blog post at blackmoreops.com that identifies the spammer, and the spammer shows up to leave a comment.

Vitaly Popov is behind all the refferal spam
Vitaly Popov is behind all the refferal spam

So some blogs are suggesting using a .htaccess rule to block the traffic. THIS PROBABLY WILL NOT WORK because you are blocking something that never came to your server. Instead you need to remove the data from entering your reports.

Here is why you need to filter blackhatworth.com spam

How Google Analytics works is summed up in 4 steps

  • Collection
  • Configuration
  • Processing
  • Reporting

When an HTTP request is sent to a website, it is collected, then put through any filter or rule, sent to the database so it can be called for data manipulation in the form of reports. The reporting function is what you see through dashboard after the other steps have been completed. So if you filter out fake referral traffic it will not be processed and therefore, not reported.The downfall of this is method is it does not work retroactively.

How to create filter to remove blackhatworth spam

Login to your Google Analytics account

It has been suggested by many Google Analytics experts to segment your views to safe guard against a filter ruining your data.

Go to Admin

Create Secondary View
Create Secondary View

Select View Settings

Click copy a view and name it. Now you have two views running side by side and if one is corrupted, you can fall back to the other. We are going to create a filter rule here and if it works well, we can copy it over to our main filter.

Creating A Second View Helps Keep Data Clean
Creating A Second View Helps Keep Data Clean

Google announced a new feature last year that will exclude known spam bots and spiders. Whether or not it captures the newest bots is questionable but we can now apply it on our secondary filter to test.

In your view settings go to the bottom and check the box that says “Bot Filtering”

Filter Annoying Bots
Filter Annoying Bots

Next, create a filter specifically for blackhatworth spam

This advice comes straight from Mike Sullivan at AnalyticsEdge who wrote a nice post on these spam bots and issues that arise from them showing up in Analytics. Mike suggests creating a filter that only let’s in known hosts and excludes the rest. This may sound counterintuitive and risky. You would be correct but he raises a great point in that,

All of your analytics reports are affected by the “spam” traffic, which is why they are so annoying. If all they did was list a fake referral, everyone would ignore them, but they affect site bounce rate, pageviews, total sessions and users, time on site….everything.

feel it is easier to create a filter that lets IN the good traffic and just locks out everything else. The fact that the traffic it is removing happens to be a referral from X or Y or Z is irrelevant to the filter – it is not “good” traffic, so ignore it.

Again, we have a separate view set up so why not give it a try. Go to your account and select Acquisition > All Traffic > Referral to find host names that are currently referring traffic to your site. Now think about all of the host names you would like to have traffic come from. Facebook, YouTube, WordPress, etc. Copy that list down somewhere and then head back to the admin tab.

Click Filters and +New Filter

Name your filter, click custom and include. The filter field should be set to host name. The field that says “filter pattern” is where the magic happens. Read below to see the syntax.

blackhatworth filter include
blackhatworth filter include

To create the filter pattern you must use a vertical line to separate each entry. A wildcard may be used to include both www and non www redirects as well as http and https websites. So something basic would look like

[Updated]

www\.facebook.com|www\.twitter.com|www\.wordpress.com|www\.google.com

Remember to save your filter. Let this run for a few days and you can cross check the traffic with your original view. There could be some referral traffic you accidentally blocked but no matter, just update the filter pattern until it works.

Do I really need the filter? Can’t I use the referral list?

Unfortunately yes, you need the filter and removing the spam is easier done with a list of good host names then trying to select the spam. In the last 3 months I have seen 5-6 different spam sites (which actually all look like they orginiate from Vitaly Popov) enter my Analytics. I have had one referral site. So really, it is easier for me with a low traffic site to do it this way. If you are a big company with hundreds of people referring traffic to you, you might want to look for another solution. A regex could probably be found that is more direct. However,

Can I use the referral exclusion list in Google Analytics?

I would advise against using the feature because it can get confusing with how many sessions are created and what is counted in your data. From Google’s documentation about Referral Exclusion:

By default, a referral automatically triggers a new session. When you exclude a referral source, traffic that arrives to your site from the excluded domain doesn’t trigger a new session. If you want traffic arriving from a specific site to trigger a new session, don’t include that domain in this table.

Because each referral triggers a new session, excluding referrals (or not excluding referrals) affects how sessions are calculated in your account. The same interaction can be counted as either one or two sessions, based on how you treat referrals. For example, a user on my-site.com goes to your-site.com, and then returns to my-site.com. If you do not exclude your-site.com as a referring domain, two sessions are counted, one for each arrival at my-site.com. If, however, you exclude referrals from your-site.com, the second arrival to my-site.com does not trigger a new session, and only one session is counted.

Does the spam hurt my search rankings?

This is a question that I have seen many address in other blogs but I am not so sure everyone has thought holistically about the problem. The logic goes, if the referral traffic affects my page views, time on page, and bounce rate, by giving my site a hit and not staying then surely this is hurting my search rankings. I would definitely go along with that statement, if the traffic was actually touching your server. I believe Google understands the difference in an organic keyword search versus a referral hit. Especially if the hit is a known spammer. The search algorithm is complex and they are constantly making tweaks to help prevent this kind of activity. Also, numerous tests have been run and found that things like bounce rate and page views are only small factors for getting ranked. At the end of the day the blackhatworth spam is not hurting backlinks, social shares, good content, and other important SEO tactics.

If we remember how data is collected the referral hit is filtered out during the processing phase. This means it is not sent to an Analytics database for data manipulation in the form of a report. However, where does the search algorithm see traffic hits? I am not an expert but it is definitely worth noting that what we filter, and see is different than what Google crawler can see. Maybe someone with more expertise can chime in here.

All that to be said, it looks like this spam traffic is hurting a lot of people’s sites so more than likely a solution will come along and this will be like most other spam, a thing of the past.

One very interesting point to note outside of blackhatworth spam is darodar, which is also perpotrated by the same individual is when you see the forum.darodar in your reports it is the same number as your UA tracking ID. This is very interesting as the spammer now has a list of all active UA tracking IDs. A more nefarious plot could be at hand.

Got a comment? Question? Concern. Leave a comment.

You might also like...

Want to get email from me?

I promise to only send valuable content and updates. We all get too much email and I promise not to spam you with stuff you don't need to read.

  • This field is for validation purposes and should be left unchanged.