To make it easier to follow I split this guide into 4 parts. The first 2 are practical, the last 2 are informative:

Author

GA4 & GTM Developer

Optimizer Troubleshooter

Follow me on
Category | Google Analytics
Difficulty |

Updated February 2024: List of the latest spam and bots detected.

Ghost spam:

news.grets.storeinfo.seders.websitekar.razas.sitegame.fertuk.site
ofer.bartikus.sitegarold.dertus.sitetrast.mantero.onlinestatic.seders.website
a.steambeard.topa.tronehammer.toptrast.manetero.onlinerida.tokyo
games.patlik.siteinfo.sederes.websiterida.tokyo

Although this traffic seems to originate from Warsaw, Poland, the IP addresses are primarily registered in Russia.

 

Crawler spam:

hiwpro.xyzjackonline.store

 


Do you want get notified about updates or new tips for keeping your GA4 data spotless?


Referral spam in Google Analytics 4

GA4 has done a great job keeping spam at bay since its introduction. However, it seems like spammers are back at it again as many users on the GA support forum are pointing out.

Unlike GA3, which had all types of filters, GA4 lacks that functionality, leaving us with no direct options to deal with spam. However, with a bit of help from Google Tag Manager (GTM) and Looker Studio, we can clean up our precious data.

Types of spam in GA4

To deal with spam properly, it is important to understand how it works:

Crawler spam:

  • Uses bots to crawl your site
  • Suggested solution: Filter it through GTM or at the server level (.htaccess, Cloudflare, etc)
  • Examples: hiwpro.xyz, jackonline.store

Ghost spam:

  • Likely sends data directly to GA4 via the measurement protocol
  • Doesn't visit your website so server-side solutions like .htaccess and Cloudflare are ineffective
  • Currently, user-side filtering options are not available.
  • Suggested workaround: Use Looker Studio to display your GA4 data.
  • Examples: static.seders.website, news.grets.store,  rida.tokyo   
Crawler vs Ghost spam in Google Analytics 4 (long explanation)

Crawler vs Ghost spam

Crawler referrer spam:

For a while, this was the only type of spam getting to GA4. It uses crawlers/bots that leave a referral URL as they pass through the website. This type of spam requires more resources to deploy by the spammer therefore it isn't a big problem unless you are directly targeted.

There is no built-in feature in GA4 to filter crawlers and bots, however, there are a few effective workarounds. If the spam is not too intrusive a filter in GTM will do wonders. If the intrusion is too big that it is draining your website resources (which is rare) then blocking it from your server (Cloudflare, .htaccess, etc) is the way to go.

Below in this guide, I show the GTM solution.

Ghost spam:

This term was coined by Mike Sullivan from AnalyticsEdge, and it refers to spam that is sent directly to GA4 without passing through your website.

How does Ghost Spam attacks Google Analtyics?

This type of spam can be a lot more widespread because it doesn't require as many resources as crawler spam. However, it was thought that Google protected GA4, because the feature abused by spammers in GA3, the measurement protocol, was now protected by a secret key. Without that, the spammer couldn't send spam directly to your GA.

Or that we thought!

In the past few weeks, a new wave of spam has been hitting GA4 with all the ghost spam trademarks. So, it's looking like these spammers might have cracked the secret key code. If that's true, we're in for a spam storm.

news.grets.store referral - news.grets.store and other spam from warsaw poland in ga4

And because GA4 doesn’t have filters for other than IPs, at this moment there is no way to stop it. So either we have to wait for Google to solve their issue on their part or give more tools to fight it back.

But hey, don't lose hope—there are a few things you can do to get a clean view of your GA4 data.

Some basics

If you're getting started with GA4 and GTM, it's essential to grasp a few fundamentals before you jump into the deep end with the solution.

What if I visited any of the GA4 spam links?

What if I visited any of the GA4 spam links?

Avoid clicking on unfamiliar referral URLs, as they could harbor malicious code. If you encounter a referral that seems suspicious, use a tool such as urlscan.io to investigate. This tool provides details about the website, including a screenshot of its homepage, without exposing you to potential threats.

If you visited any of the spam URLs your antivirus/antimalware probably caught and stopped the page from loading. But if it didn't, and you ended up interacting with one of those sites, you might've caught some malware. If that is your case this post might help you: news.grets.store virus: what is it and how to stop pop-ups

Safeguarding your data against misconfigurations

Safeguarding your data against misconfigurations

To mitigate the risk of data loss due to misconfigurations or errors, particularly for those less familiar with the nuances of GA4 and GTM or for those who wish to proceed with caution, it's advisable to establish a secondary data stream. This allows for the safe testing of complex configurations, ensuring that your primary data remains unaffected by any potential missteps.

For comprehensive instructions on creating additional data streams and further details, visit this resource: Measure School's Guide on GA4 Data Streams.

Deploying GA4 through Google Tag Manager

Implementing GA4 through Google Tag Manager

To implement this spam filtering strategy, it's essential to use Google Tag Manager (GTM) for deploying Google Analytics 4 (GA4).

If you haven't integrated GA4 with GTM yet, I strongly advise making this transition. GTM does more than just facilitate the application of this spam filter; it also expands your tracking possibilities and enhances the overall management of your analytics tracking significantly.

A quick FAQ about this guide

A quick FAQ about this guide

To save you some time looking through the comments, here are the answers to some of the most common questions I get:

  • Which type of junk traffic does this guide cover?
    • This guide is designed to assist you in filtering any type of referral spam from crawlers and bots that may visit your site.
  • Do these solutions work in WordPress, Joomla, Shopify, Wix, Weebly, Squarespace, etc?
    • Absolutely. The methods outlined in this guide are applicable across any content management system (CMS) as long as you're utilizing GA4 and GTM.
  • How regularly do you review and update the filters for new threats?
    • I actively monitor for emerging bot and spam threats and revise the filtering expressions accordingly upon identifying new significant risks.
    • Consider this guide a handy reference tool, or opt to receive notifications for updates on new expressions.

Filtering referral spam in Google Analytics 4

Independently of the type of spam you are receiving, avoid using GA4's "List unwanted referrals" for spam filtering. It reclassifies spam as "direct traffic" rather than blocking them.

a. Filter Google Analytics 4 Ghost Spam using Looker Studio

a. Filter Google Analytics 4 Ghost Spam using Looker Studio

Unfortunately, we can't filter Ghost Spam directly in GA4 at the moment. However, there's a workaround using Looker Studio.

Looker Studio is Google's free reporting tool and it lets you take charge of your data in ways GA4 doesn't.

filter google analytics 4 spam in looker studio

You can decide exactly what to show, how to show it, and what to filter out, especially for spam. I've been a fan of Looker Studio for quite some time now—practically since its launch—and I hardly ever go back to the GA4 interface.

I highly recommend you customize your own reports – it's a game-changer! Imagine having the perfect report that fits just what you're looking for. But hey, if time's tight, Google's got some basic templates that can get you started.

Here is a short tutorial on how to connect your GA4 data to Looker Studio.

Once you've integrated your GA4 data into Looker, either by crafting a custom report or using a template, here are the steps to efficiently filter out spam from your reports:

  • Open the File menu and select Report settings.
    1 settings - how to filter ghost spam ga4 looker
  • A side panel will appear on the right. Scroll to the bottom and select 'ADD A FILTER' and in the next panel click 'CREATE A FILTER'
  • Now configure the filter
    3 regext - how to filter ghost spam ga4 looker

    • Name:GA4 - exclude source - spam
    • 1st dropdown - Exclude
    • 2nd dropdown - Session source
    • 3rd dropdown - RegExp Contains (make sure to select contains not match)
    • Textbox: insert the expression below (updated: March 5th 2024)
      rida\.tokyo|hiwpro|jackonline|(.*)?\.(grets|seders|razas|fertuk|bartikus|dertus|mantero)\.(store|website|site|online)$

      Note: I've made this expression as flexible as possible to catch all the spam we've seen in the last few days, and even some that might pop up later. If something sneaky gets through, let me know, and I'll tweak it to catch as much spam as we can.


      Do you want get notified about updates or new tips for keeping your GA4 data spotless?

    • Finally, click Save

And just like that, you're all set! This will sweep away all the spam that fits the expression you used in the filter, keeping every table, widget, and chart in your Looker dashboard nice and clean.

I'm putting together a handy guide complete with some tips to optimize your filter capabilities in Looker.

Stay tuned!

 

b. Filter referral spam in GA4 from GTM

b. How to filter Google Analytics 4 crawler spam using GTM

Note: this solution is effective against spam that targets your website (aka crawlers or bots)

If Looker Studio isn't really your thing, no worries! GTM has got you covered, however, this method only works for crawler spam.

These are the elements you will need:

  1. Variable Referrer: A built-in GTM variable.
  2. Variable 1: Contains a list of spam referrals in REGEX format.
  3. Variable 2: A JavaScript variable to verify if the current referrer matches the spam list.
  4. Trigger: A pageview trigger with a condition based on Variable 2's outcome.
  5. GA4 Tag: The standard GA4 pageview tag (or a test version) where you will apply the trigger above.

Here are the steps:

  • Open the Google Tag Manager container associated with your GA4 property, and proceed to the  Variables section.
    1 ga4 spam filter - variables section
  • Activate variable Referrer:
    • Navigate to the top right corner of the 'Built-In Variables' section and click on 'Configure'
    • Look for 'Referrer' in the list and check it to enable, if it's not already active.
      2 ga4 spam filter - variable referrer
  • Create variable 1:
    • Scroll down to User-Defined Variables
    • Click New
      3 ga4 spam filter - user-defined variables
    • Click  Variable Configuration
    • Choose 'Constant' as the variable type from the list on the right.
      4 ga4 spam filter - variable constant

    Configure variable 1:

    • Name:const_referral_spam_regex
    • Value: (insert the expression provided in the box below)
      rida\.tokyo|hiwpro|jackonline|(.*)?\.(grets|seders|razas|fertuk|bartikus|dertus|mantero)\.(store|website|site|online)$

      Note: I've made this expression as flexible as possible to catch all the spam we've seen in the last few days, and even some that might pop up later. If something sneaky gets through, let me know, and I'll tweak it to catch as much spam as we can.


      Do you want get notified about updates or new tips for keeping your GA4 data spotless?

    • Click Save
      5 ga4 spam filter - referral spam regex
  • Create variable 2:
    • Follow the steps outlined in "Create variable 1"
    • When choosing the variable type, select Custom Javascript

       Configure variable 2:

    • Name: cjs_is_it_spam
    • Value: (insert the script provided in the box below)
      function is_it_spam() {
      var referrer_name = {{Referrer}};
      var spam_expression = {{const_referral_spam_regex}};var regexp = new RegExp(spam_expression);
      return regexp.test(referrer_name);
      }
    • Click Save
      6 ga4 spam filter - js check variable
  • Create trigger:
    • Head over to the Triggers   section
    • Click New
      7 ga4 spam filter - trigger section
    • Click  Trigger Configuration
    • Choose 'Pageview' as the trigger type from the options available on the right.
      9 ga4 spam filter - pv trigger

    Configure trigger:

    • Name: pv_filter_referral_spam
    • Select Some Page Views from the "This trigger fires on" section.
      • For the first dropdown, select the cjs_is_it_spam variable.
      • In the second dropdown, choose does not equal'
      • In the text box type true
    • Click save
      8 ga4 spam filter - pv spam filter trigger
  • Update GA4 pageview tag:
    • Navigate to the Tags   section
    • Locate and select your GA4 pageview tag
      10 ga4 spam filter - ga4 tag
    • Click on 'Triggering' and remove the All pages trigger
    • Click 'Choose a trigger to make this tag fire... and select the newly created pv_filter_referral_spam trigger as the condition for firing.
    • Click Save
      12 ga4 spam filter - add conditional pv

      Note:

      If your GA4 pageview trigger differs from the default 'All Pages' and includes other conditions, it's important to incorporate these conditions into your newly established pv_filter_referral_spam trigger to maintain consistency in your analytics tracking.
  • Review and publish the changes:
    • Before publishing your changes, make sure all new element names and settings are accurately configured.
    • Once you've verified that everything is correctly in place, click the 'Submit' button at the upper right corner to publish your changes.
      13 ga4 spam filter - publish and finalize

 

[DISCONTINUED] Filtering referral spam in Google Analytics 3

a. Filter - Campaign Source to stop crawler referral spam

a. Filter - Campaign Source to stop crawler referral spam

To block crawler spam you'll need a filter with an expression that matches the campaign source of all crawler spam.

To save you some time, I've created a set of optimized regular expressions (REGEX) with all the relevant crawler spam detected over the last years, you'll find them below in the instructions.

Here is how it works (test it yourself):

How to create a filter to block crawler referrer spam in Google Analytics

To block referrer spam in Google Analytics you will need to create an exclude filter using the campaign source:

  1. Again go to the admin section of your GA.
  2. On the last column "VIEW", select Filters  and then click + Add Filter
    Add filter button Google Anlaytics
  3. Enter as a name for the filter "Exclude Source - Bots #"
  4. Configure the filter as follows:
    • Filter Type select Custom > Exclude
    • Filter Field select Campaign Source (don't use referral field or it won't work)
      How to block referrer spam in Google Analytics?
  5. Filter Pattern > Paste the following crawler referrer spam expression.

    Create 1 filter for each expression

    Crawler Expression 1

    TOTAL CHARACTERS: 50
    (traffic|bot|website)-?(bot|traffic|website|4free)

    Crawler Expression 2

    TOTAL CHARACTERS: 249
    (axcus|dotmass|artstart|dorothea|artpress|matpre|ameblo|freeseo|jimto|seo-tips|hazblog|overblog|squarespace|ronaldblog|c\.g456|zz\.glgoo|harriett|webedu|barbarahome|verabauer|deirdre|ninacecillia|reginanahum|deniseconnie|firstblog|maxinesamson)\.top

    These expressions were re-built in February 2021. If you created your filter before then, replace all the old expressions and remove any extra filter.

     


    Get free notifications with the updated expressions whenever I detect new threats.

  6. After everything is set Save.

You can create an additional filter with the exact same configuration if you find other referrals that are not useful for your Analytics, for example, mobile test sites, project management tools (Basecamp, asana), monitoring services (uptime), or other spam that is not listed.

b. Filter - Valid hostname for ghost spam and development environments

b. Filter - Valid hostname for ghost spam and development environments

Nowadays, ghost spam is less frequent than it used to be a couple of years ago. However, I still recommend having it in place in case a new wave arrives.

Also, this filter will help prevent useless traffic from development/staging sites and scrapers.

Simple exclude filter vs Hostname filter for ghost spam in Google Analtyics

Here you will find detailed instructions on how to build a valid hostname filter.

c. Filter - Browser size (not set)

c. Filter - Browser size (not set)

The previous filter used to be great for ghost spam that was sent through the measurement protocol. However, spammers keep getting creative, now some of them crawl sites to grab their hostname and Analytics UA ID, and bypass the hostname filter. In those cases, this filter can help.

Important: If you are using 3rd party tools that send data to your Google Analytics through the Measurement protocol ie. call tracking tools like Callrail, don't use this filter, skip to the next one.

  • Create a new filter with the following settings:
    • Filter name: Exclude Browser Size - Spam
    • Filter configuration:
      • Filter typeCustom > Exclude
      • Filter field: Browser size
      • Filter pattern: enter the following expression as it is: Note: even though you see (not set) on your Google Analytics this value is not added until the hit gets to your GA, so creating filters for (not set) in any dimension won't have any effect. Instead what we will use is a REGEX that means empty like this ^$
        ^$
        How to Exclude Browser Size (not set) for Google Analtyics spam

You can use this same REGEX to filter any other (not set) dimension if you need i.e. Language, Browser version, etc

d. Filter - Language for sneaky crawlers and bots

d. Filter - Language for sneaky crawlers and bots

From time to time you may see weird languages showing in your analytics. I prepared an expression that will prevent any language that doesn't have a proper format like es-ESen-US, fr-FR, etc.

I also added to the expression the Language "c" which seems to be left by bots too.

  • Create a new filter with the following settings:
    • Filter name: Exclude Language - Bots
    • Filter configuration:
      • Filter typeCustom > Exclude
      • Filter field: Language Settings
      • Filter pattern: enter the following expression as it is:
        \s[^\s]*\s|.{15,}|\.|,|^c$
        Languange bot filter configuration for Google Analytics
e. Filter - Static and dynamic filters for internal traffic

e. Filter - Static and dynamic filters for internal traffic

Not all junk traffic in Analytics comes from outside your company. In fact, a lot can come from within your team: developers, testers, marketers, support, curious employees, etc.

This type of junk traffic is often overlooked and if you don't filter it, it can easily get mixed up with the data of your real visits, and a difference with the spam, this is much harder to identify later.

f. Bonus - Enabling "Exclude all hits from known bots and spiders"

f. Bonus - Enabling "Exclude all hits from known bots and spiders"

This is a pre-built feature that will take care of known bots from the IAB bots and spiders list, it is not perfect but it may help.

How to enable bot filtering

  1. Again in the Admin section of your Analytics, select your Master view under the VIEW column. (Also for any other filtered view)
  2. Click View Settings
    how to block known bots in Google Analytics
  3. Near the bottom check the box Exclude all hits from known bots and spiders (Bot Filtering)
    Exclude all hits from known bots and spiders
  4. Save and repeat the process with all your Views

As you know filters only work forward. To clean spam and bots from your history, you will need to create an advanced segment using this guide:

Additional resources

Wrapping it up

Your Google Analytics is as good as the data it contains. If you don't filter it properly you can end up with inflated reports that don't represent the real performance of your site.

"Even on high volume websites were data spamming would be marginal, you still have to explain why there's such a discrepancy. As an analyst you can't dismiss it simply by saying "nah... we're not too sure what it is..."

-Stéphane Hamel

The filters and pre-built expressions in this guide will help you keep your Analytics data in good shape, so you can feel confident when you make decisions based on it.

I will be updating this guide as new threats appear so you can keep it as a reference.

Do you have any questions or feedback?

I've tried to cover all the important details in this guide, however, if there is any section where you are experiencing difficulties, please let me know in the comments section below.

If this article helped you consider leaving a comment below with your experience, it may help other people! :)

Need help setting up reliable and useful Google Analytics for your website/business?

  • Filters for data quality
  • User interaction tracking (events, goals)
  • E-commerce tracking
  • Conversions, Goal & Funnel Configuration
  • Sub-domains & Cross-domain tracking
  • Dynamic IP filtering
  • Google Tag Manager implementation
  • AMP tracking/integration
  • Integrations (Google Ads, Search Console, Facebook Ads, etc)
  • Personalized reports (Data Studio dashboards)
  • Monthly reporting
  • And more...

Latest spam: rida.tokyo / referral, news.grets.store / referral,  static.seders.website / referral

List of the latest spam and other possible combinations:

news.grets.storeinfo.seders.websitekar.razas.sitegame.fertuk.site
ofer.bartikus.sitegarold.dertus.sitetrast.mantero.onlinestatic.seders.website
a.steambeard.topa.tronehammer.toptrast.manetero.onlinerida.tokyo
games.patlik.siteinfo.sederes.websiterida.tokyo / referral

 

.grets.store.grets.website.grets.site.grets.online
.seders.store.seders.website.seders.site.seders.online
.razas.store.razas.website.razas.site.razas.online
.fertuk.store.fertuk.website.fertuk.site.fertuk.online
.bartikus.store.bartikus.website.bartikus.site.bartikus.online
.mantero.store.mantero.website.mantero.site.mantero.online
.dertus.store.dertus.website.dertus.site.dertus.online

Do you want to know about new threats and new ways of keeping your Google Analytics data clean and accurate?

Be the first to comment :)