My website statistics are filled with false referrers and dubious keyphrases from various search engines due to referrer spoofing. Some people use this technique to promote their sites. Although I don’t want you to encourage to do this too, this post describes an easy way to spam other people’s website statistics. I wrote a small tool that’ll generate the requests for you: have a look at it here.

Spamming statistics

The small tool I wrote lets you easily send custom referrers. It sends an HTTP request to a specified site and sets the referrer to:

• a custom address or
• the Google website with a specified search string

This way the request will generate an entry in the referrer or keyphrase listing of the statistics tool running on the target site. This are the two nasty ways to promote your website: send requests with the referrer set to the address of your website or to some Google search that led you to the target site.

You could also use Privoxy or Proxomitron for this purpose.

Counter measures

Three things come to my mind if we’d like to get rid of referrer spoofing:

1. block requests based on the referrer with your webserver
2. skip certain IPs or requests with certain referrers in your statistics software
3. use a tool that’s not affected by HTTP header referrer spoofing

I’ll discuss these options in more detail in the following sections.

Block certain requests with your webserver

If you’re running the Apache webserver you can use mod_rewrite to investigate the HTTP header and send the client a redirect to another page if he’s connecting with a dubious referrer. All you have to do is to add something like the following to your virtual host or .htaccess file:

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_REFERER} ^(.*)example.com(.*)$ [OR]
  RewriteCond %{HTTP_REFERER} ^(.*)some-evil-site.net(.*)$ [OR]
  RewriteRule .* http://some-other-site.com/ [F,R,L]
</IfModule>

Where example.com and some-evil-site.net are sites that send requests with forged referrers and some-other-site.com is a site that all this traffic will be redirected to.

Since there’s some performance hit I recommend to manually add more lines with hosts that send dubious referrers to you. If you don’t want to maintain this list of evil hosts manually but want to automate this step you should have a look at aStatSpam.

Configure your statistics software

Whatever website log file analyzer you’re using it should have a feature to ignore requests that came from a specific IP or with a certain referrer. If you’re using AWStats you want to have a look at SkipHosts or SkipReferrersBlackList.

On a Debian box it boils down to this:

# Skip records with these IPs
SkipHosts="127.0.0.1 1.2.3.4 [...]" 
# Skip records with these referrers
SkipReferrersBlackList="/usr/share/awstats/lib/blacklist.txt"

Records from the logs that match the configured criteria will be skipped.

Use another tool

Using a tool that isn’t vulnerable to referrer spoofing seems to be a good idea. Solutions like Google Analytics or 10³bees come to my mind. With these tools you might miss all the visitors who haven’t JavaScript enabled but at least you’ll have reliable information about the traffic generated from visitors with JavaScript enabled.

Of course these tools aren’t completely immune to referrer spoofing: the browser can fake the referrer as well. Although there’re several tools to do this, this doesn’t seem to be common practice.

Conclusion

There are some technical solutions that help you to eradicate referrer spoofing. You’ll have to implement one or the other to get reliable analysis of your website traffic. I think that a combination of the presented solutions might be a good idea. I recommend using a classic tool that analyzes the log files from your webserver as well as a tool that’s based on JavaScript. This way you should get fairly reliable information about your visitors.

If people are really spamming your site you should think about blocking their IPs or their requests based on the referrers with your webserver altogether. This should help you to minimize the traffic from spammers to your site.