Homeless in Vancouver: Referrer madness—WordPress finally flags Semalt
By now, most WordPress.com bloggers will have found they now have the ability to flag a referrer link as spam.
WordPress.com, the free service that hosts WordPress blogs, quietly rolled out the new feature on February 21 in response to a two-month deluge of referrer spam, all generated by one website.
The website, semalt.com, was raining spam disguised as post views down on thousands of blogs, not just those powered by the WordPress content management system (CMS).
It wasn’t exactly a reign of terror but it still left bloggers curious, worried, and ultimately pissed off—the spam hits were skewing everyone’s traffic stats!
What’s a referrer link and what isn’t?
Referrer links are records of visits to your blog that have identifiably come from another website, perhaps a search engine such as Google or another blog that linked to one of your posts.
They are both a measurement of traffic to your blog and a kind of breadcrumb trail you can uses to check out the original referrer websites.
Not all referred page views are recorded. Visits by the software agents used by search engines to index websites are deliberately masked so they don’t increase the legitimate views of your blog by actual human beings.
What’s a Semalt—a Russian phish?
Semalt has been hijacking the referrer link system to seed the blogosphere with a daily shower of junk “referrer links” that look like views of actual posts but are actually just links to the same login page of semalt.com. The page features a headline to the effect that it’s easy to understand what was going on with your rankings on Google. To learn more you need to register.
Semalt is selling some manner of search engine optimization (SEO), the Holy Grail of Webdom: how to be number one in Google’s search results. If you sign up, you can get a free, seven-day, trial of their services.
Beginning in late December 2013 a curiously named referrer link began showing up in bloggers’ traffic stats:
I received 30 of them one day at the end of December 2013. Each was pointed at a particular post. Then it seemed I was getting an unusual amount of what looked to be Russian search engine hits within that group of 30 posts. Some days I received a Semalt competitor review link, other days it was as Semalt crawler but it was still Semalt day-in, day-out. Annoying.
Soon the web was full of questions, then concerns, and then anger. No one could prove there was any danger to Semalt’s shenanigans but there were concerns.
One blogger who followed the breadcrumbs back to the spam semalt.com page noted how the page loaded “counter.yadro.ru.” Yadro is a Russian adverting company that is closely associated by some Internet security firms with spyware. They have also been directly connected to trojan malware by Symantec.
It was often suggested that Semalt was phishing—trying to suss email addresses or any other user information it could glean from unsuspecting bloggers who followed the referrer link.
Every blogger wanted to complain to someone. WordPress.com users were looking to WordPress for a solution and WordPress explained they were working on it.
Some bloggers pointed out that Semalt’s methods of apparent self-promotion went against Google’s rules—that they were using a so-called black hat technique to increase their Google page ranking. We bloggers could complain to Google. Through their Webmaster tools we could report “misbehaving” webpages.
The blogger who was smitten, then bitten, by Semalt
In the midst of all this, one blogger who’d written an open letter to Semalt and signed up for the seven-day free trial, received a reply from Semalt. The blogger posted the letter, which began:
“To begin with Semalt (http://semalt.com/) is not a phishing or spam site, but a professional keyword ranking monitoring service that has nothing to do with CIA, NSA, Snowden, Masonic conspiracy or the World Evil.”
Apparently Semalt was sugar and spice and all things SEO. That was that, right?
The blogger’s site was subsequently and mysteriously shut down for a week by WordPress.com. No word on why, but when it came back to life the site header included the tag line “…Oh yeah f**k you semalt.com.”
I didn’t bother complaining to WordPress.com and I pointedly didn’t post anything about Semalt (as if I wanted to give them more publicity). Instead I emailed Alex Andrianov (firstname.lastname@example.org), senior sales manager at Semalt, and asked to be taken off their merry go ’round (fat lot of good that did; I think their visits to my site actually increased). I also filed a report with Google accusing Semalt of using referrer spam.
Too late to make a long story short but…
It turns out WordPress was working on it. I don’t know what happens if I click the flag to designate a URL as spam but I do know I’m no longer seeing semalt in my stats—at all. Either WordPress had a “chat” with semalt, called in a drone strike on them or—more likely—they are filtering them; either blocking their traffic from entering WordPress.com airspace or just masking their visits.
Either way, thanks WordPress. No thanks, Semalt!
Mar 4, 2014 at 1:17am
Semalt is referrer spam.
If you are not on WordPress.com and have your own hosted site, its just as bad.
Fairly simple to block in your htaccess file I posted that here on my blog
if it helps
Mar 5, 2014 at 5:39pm
What Alan posted is just another stupid site just like semalt. If someone wants to post the solution then don't ask for like before you show the solution. How stupid!
If you want to block semalt.com from visiting your site and making havoc with your statistics add this to the end of your .htaccess file….
(this will work for WordPress site)
SetEnvIfNoCase Via evil-spam-proxy spammer=yes
SetEnvIfNoCase Referer evil-spam-domain.com spammer=yes
SetEnvIfNoCase Referer evil-spam-keyword spammer=yes
SetEnvIfNoCase Via pinappleproxy spammer=yes
SetEnvIfNoCase Referer semalt.com spammer=yes
SetEnvIfNoCase Referer poker spammer=yes
Allow from all
Deny from env=spammer
Mar 9, 2014 at 8:46pm
I do not see any option to flag a referrer as spam. I'm using the latest version of WordPress. What am I missing?
Stanley Q Woodvine
Mar 10, 2014 at 8:33am
The flag option was added to the free WordPres.com hosted by Automatic, the makers of WordPres.
For self-hosted blogs using WordPress.org you need to edit your .htaccess file as Seth shows above.
Alan may have the same solution but I have to agree with Seth, even if you're only asking for a like you're charging too much. I won't link my posts to sites that have "toll gates" and popups, no matter how informative.
As for WordPress.com the flag option appears when you mouse over a referrer on your Stats page under "Referrer > Search Engines."
Mar 19, 2014 at 2:56am
Is it safe to fill out the form on their website to eliminate our site from their list?
Mar 20, 2014 at 6:49am
If you have thousands of sites and new every day ?
- Would Semalt pay for the job ?
I don't want this king of "crawling" and they are
not able to block it using IP (shared)
Report / blackmail it ?
Responding to Anonymous
May 23, 2014 at 9:59am
No, I have tested their domain removal form with a few test sites. It does in fact NOT stop them.
Jun 17, 2014 at 3:49pm
I have also noticed that every time I get a Semalt visit I also get a mass of spam comments, coincidence? I don't think so.
Jul 18, 2014 at 12:29pm
If you use Google's (beta) "Universal Analytics" to track your website stats (and you don't want to mess with your .htaccess file) you can enable "Referral Exclusion Filtering" and simply add (or remove) domains as they become problematic. According to this anyway:
Feb 5, 2015 at 1:18am
I find Semalt to be the best for small webmasters like myself. They gave me an 0.99$ a month offer (two months ago) and my site is near page 1 on a 660.000 searches keyword. Who in this world gives you some help like that when you need it? You can find the offer and
screenshots of my rankings here http://semaltreview.blogspot.com/.