‘Voting for Trump’ and Spam Traffic in your Google Analytics!
Wednesday, 7th December 2016
What is it? It is described as “language spam” and you can see it on your overview reports (on the main page of your Google Analytics). In the column for Language you will see the following (or similar).
This column should contain language information that is sent to Google Analytics by browsers in abbreviated form - for example en-gb, en-us.
Can my users see it?
Rest easy. Your users can’t see this message and nor are their devices harmed in any way by the spammers.
Is it harming my site?
No. It is highly unlikely that any part of the spamming software has even touched your website. An HTTP request can be sent from somewhere on the internet other than your website, and as long as it contains certain information (for example, your widely available UA-ID), Google Analytics will register it as if a user has browsed the website.
So why is it a problem?
Well, it pollutes your statistics, particularly if you have a site with fairly little traffic (which is most sites). And it encourages you to visit sites where you will be subjected to adverts or bombarded with malware.
Why is it there?
The attackers are simply using the position of the language column on the homepage to draw attention to their message, and to the fake referrer domains listed as source/medium.
They create the appearance of traffic to your website that came from a domain that doesn’t actually link to you. They hope this will attract your curiosity and you will go to the domain in the message or a referrer url.
We would strongly advise you not to visit any of these URLs. At the very least, if you do, make sure you have a good and up-to-date antivirus.
How do I get rid of it?
Once traffic data is recorded by Google Analytics you can’t edit it. This means you cannot remove the spam data from your reports unfortunately.
However, you can block spam coming into your reports in the future, and you can filter out the spam in reports looking backward.
How to block spam data from being recorded
Step 1
We are going to stop the data coming in with a filter on your main view.
Before you do anything, you should make sure that you have a back-up unfiltered view.
This is important because if you create the filter on your one and only main view and something is wrong, then you can’t delete it and get the data back.
So create a backup unfiltered view.
Step 2
Choose Admin and then in the far right column, View, navigate to the Drop down that says ‘All Web Site Data’. Now create a new view called Unfiltered.
This view will remain untouched.
Step 3
Back on the Admin menu, make sure you select the All Web Site Data view.
In the far right column then choose ‘Filters’.
Step 4
Add a Filter with the specifications above.
Create a Custom Filter to exclude Language settings with the filter pattern: .{15,}|\s[^\s]*\s|\.|,|\!|\/
Click ‘verify this filter’ to see how the filter affects recent traffic - you should see it removing the offending line from the Language table.
Then save this filter.
From now on, this filter will be applied to all the data you look at in the ‘All Website Data’ view.
How to filter the data from reports in the past
We need to set up a ‘Segment’ to apply to reports in the past.
Step 1
From the Admin screen, in the far right column, choose Segments.
Create a new Segment as above.
It simply needs a Language ‘does not match regex’ .{12,}|\s[^s]*\s|\.|,|\!|\/
Save this segment.
Step 2 - Apply this Segment to reports
You will need to apply the segment to any retrospective reports you are looking at.
Back on your Reporting screen, next to All Users, click ‘Add Segment’.
Navigate to Custom Segments and choose ‘Language Spam Fix’.
Click Apply.
You can now see your report showing two sets of data - one which includes the spam, and one which filters it out.
Remember, you only need to apply the segment to data from before you applied your fix.
Good luck!
Why aren’t Google stopping it?
They have said that they are working on it. But it’s an ongoing battle against evolving spamming techniques. Google don’t say much about how their security measures in order to prevent spammers and hackers using the information against them.