Google Analytics spam wave in late 2016

Towards the end of the year 2016 many users have been delighted to see a significan uptic in their Google Analytics visitors. You might think it's attributable to your marketing or simply the christmas season. But like many things, if it seems to good to be true - it probably isn't.

In November and December 2016 there has been a global increase in Google Analytics spam. This means that hackers have been stuffing analytics data with their own messages in a number of ways.

By far the most common form has been random referrer spam trying to get your reports to show that you had visitors from certain domains. These are obviously just bogus API calls and there was never any interest -links from these visitors.

Some of these use rarely used Unicode characters to fool users to visit, but some use more generic names - some even choose to spoof legitimate sites. Some common domains in referrer spam used are lifehacĸer.com, motherboard.vice.com, blackhatworld.com, abc.xyz, thenextweb.com, brateg.xyz and boltalko.xyz.

A bit more unconvetional form of Google Analytics spamming is the use of language codes, which is easy to get high visibility on Google reports. They're also more obviously just messages to whoever reads the reports. Some common language spamming messages in late 2016 have been:

Vitaly rules google ☆*:｡゜ﾟ･*ヽ(^ᴗ^)ﾉ*･゜ﾟ｡:*☆ ¯\_(ツ)_/¯(ಠ益ಠ)(ಥ‿ಥ)(ʘ‿ʘ)ლ(ಠ_ಠლ)( ͡° ͜ʖ ͡°)ヽ(ﾟДﾟ)ﾉʕ•̫͡•ʔᶘ ᵒᴥᵒᶅ(=^ ^=)oO

o-o-8-o-o.com search shell is much better than google!

Secret.ɢoogle.com You are invited! Enter only with this ticket URL. Copy it. Vote for Trump!

Most of this spam wave (both referre spam and language spam) seems to originate from Russia and the motivation is just messing around with reports. There is no direct challenge here, but since many businesses have built business analytics on the free-to-use platform.

Spam in your report is pretty easy to spot as unusual activity like:

Google is actively fighting against these spammers to remove the bogus report data. You can also choose to filter the spam data manually, but it can be a chore - so many will just let things go as is. This it will never be removed from your collection of data and years from now some may wonder what they did so right in Q4 2016 to give such a significant boost to visitorship.

There's little to gain in the spam, but it does make it worthwhile to remember there are valid alternatives to Google Analytics such as Piwik and Yandex Metrica, which might make these platforms more appealing as GA reports have become increasingly littered with bogus data.