While reviewing some of our SEO clients’ Google Analytics, I noticed a weird page showing up in them that read “/[the first for letters of their domain] Better than reCAPTCHA：vaptcha.net” recently. So, I am guessing if you are on this page, it’s because you saw the same thing in your Google Analytics reporting and were wondering what it was.
Some people have wondered if their website was hacked since a large majority of hacks involve the hackers using your site as a place to host their pages for medical drugs, CBD, and other various things. Hackers embed pages that aren’t readily noticeable to you or your visitors but might appear in search results.
Don’t worry… this is not that!
Spammers use an automated bot to send fake visits to Google Analytics, often without accessing the affected site at all. They do this to have their URLs appear in your site statistics, inducing the site owner to visit the SPAM URLs.
It’s their lame attempt at marketing, I suppose. As a website owner, they are hoping you will see this link and visit their URL (which is appended at the end), so they will have an attempt to sell you on their reCAPTCHA service. For this reason only, and I know nothing about this company, I would never purchase their service. It’s shady and underhanded, and a stupid way to get their name out. But, then again, it may be even more nefarious and another way to try to infiltrate your computer and/or steal your personal information.
Of course, those who know me get that I couldn’t resist and went there for you. So this is what you will see at that URL if you are wondering. I highly suggest you do not go there and click their links.
Stopping the Referrer SPAM Madness
Many are probably wondering how they can remove this type of referral SPAM from their Analytics or stop them from hitting your site. There are ways to do so. Some may be slightly complicated for the layperson; however, here are a few guides to help you through it if you want to attempt it. I will list them in order of complexity from most to least difficult to do on your own.
1.) Block them before they get to your site.
One of the most effective, albeit most technical and complicated, methods would be to block them from hitting your site in the first place. This is achieved by adding some code to your website’s .htaccess file (hypertext access file).
The .htaccess file is a configuration file is used to control your server. You can instruct this file to block SPAMmy visits by domain or IP address. It’s a pretty comprehensive solution because it blocks referral SPAM domains from your website and removes them from your server, helping prevent your website from being overloaded and slowing down.
Lists of suspect and SPAMmy websites are available online. However, they continue to grow, so be prepared to update the blocks in your .htaccess file as you encounter new ones.
But, I have to warn you that messing with your .htaccess file and not understanding how it works could bring your entire site to a crashing halt. Simply putting one character of the code in the wrong place or adding extra spaces can take your whole website down. So, tread very, very lightly with this. I would suggest hiring an experienced web developer to handle this for you.
2.) Filter them out of your Analytics reporting.
You can’t consider this artificial traffic as real visitors because they are not genuinely interested in your products and services. So you may want to filter them from your Analytics so they don’t show up in your reporting and skew your numbers. Here are a few guides for that.
- How to Filter Out Referral Spam in Google Analytics
- The Ultimate Guide to Stopping Spam, Bots, and Other Junk Traffic in Google Analytics
- Eliminating Dumb Ghost Referral Traffic In Google Analytics
- Definitive Guide to Removing All Google Analytics Spam
3.) Install a WordPress plugin.
One of the many joys of having a WordPress website is installing pieces of code quite easily via a plugin. If your site is a WordPress website, you can install a plugin that stops referrer SPAM. It is making some of the same changes your .htaccess coding would do but in a safer way.
4.) Just ignore them.
Others may choose to ignore it in Analytics. It will stop eventually.
There is not too much to worry about here, unless you are getting actual visits from the SPAM bots that are sucking up the resources on your server.
However, site security is not something to be taken lightly. I always suggest that WordPress website owners be on a WordPress Maintenance Plan with a reputable WordPress web design agency to make sure their site is backed up regularly and all of their plugins are updated to stop any security holes that arise over time.