Whispers & Screams
And Other Things

The Latest Referrer Spam - Semalt and Buttons For Website


So, you manage some websites, you're a fan of Google analytics or even just use a local server log analyser to view your site stats. If this is you then you cant fail to have noticed that your sites have been getting visits lately from referrer bots called semalt.com and buttons-for-website.com. There are a couple of good reasons why you shouldn't ignore this traffic. In fact you should block it from your site and if you're using an Apache web server, which most people are these days, then I'll show you how to do it for yourself.

The Semalt and Buttons For Website bots dont seem to be harmful to websites per-se however their effect on SEO should not be ignored. If your website is getting 50 or 100 hits per month from these things it will affect your overall clocked bounce rate since these bots is always bounce. This will make it seem as though visitors to your site are not finding the material they were looking for and, to the search engines, may decrease the perceived quality of your site and thereby effect your ranking.

It should be noted that Semalt is not your typical bot. Analysis shows that the company uses a QtWebKit browser engine to avoid detection. Consequently, Semalt bots can execute JavaScript and hold cookies, thereby enabling them to avoid common bot filtering methods (e.g., asking a bot to parse JavaScript). Because of their ability to execute JavaScript, these bots also appears in Google Analytics reports as being “human” traffic.

Recently, substantial evidence revealed that Semalt isn’t running a regular crawler. Instead, to generate bot traffic, the company appears to be using a botnet that is spread around by a malware, hidden in a utility called Soundfrost.

“Botnets sometimes compromise computers whose security defenses have been breached and control conceded to a third party. Each such compromised device, known as a “bot”, is created when a computer is penetrated by software from amalware (malicious software) distribution. The controller of a botnet is able to direct the activities of these compromised computers” – Wikipedia

Their Botnet involves hundreds or thousands of computers and too many IP addresses to be able to effectively bloc the crawler via IP Exclusion in Analytics. To see a list of IP addresses associated with Semalt go to this page. It will return a long list of (at least hundreds) of IP addresses associated with Semalt.

Blocking these sites like you would other crawlers/spiders in your robots.txt file may not be effective either since compliance with directives in the robots.txt file is voluntary and those who are running something Black Hat certainly do not care about complying with the wishes of others.

Buttons For Website seems to be very similar in function (alleged to be a spambot/botnet) except that it uses a different delivery method. In this case the Buttons For Website site simply offers a handy sharing tool for you to install on your website. However, by installing the supplied code, you are potentially creating a way for a person to hijack (zombify) the web browser of visitors to your site.

According to one article I found javascript hijacking can also be used for nefarious purposes. Even though the article is about using javascript to create a botnet through online ads the same principle should work just as well with a permanent installation like sharing buttons.

“Adding arbitrary JavaScript to ads is easy to do and in the experience of the researchers wasn’t checked very closely by the ad network. To make it more convenient to change the malicious script, rather than placing the script itself in the ad, they put in the script source.” – NetworkWorld

Semalt And Buttons For Website Blocking

Since potentially both Semalt and Buttons For Website traffic is going to be coming from a large number of IP addresses (Semalt from infected computers and Buttons For Website from visitors to infected sites) the option of blocking this traffic by IP exclusion in Analytics would not be effective. An alternative, which is what I have used successfully on all of the WordPRess sites that I manage, is to block traffic from semalt.semalt.com and buttons-for-website.com in the .htacces file of each site.

To do this you have to have access to the files in the root directory on your web host that make up your WordPress, Joomla or Drupal site and be using an Apache system (most hosting providers do). If you have never worked with the files in the root directory of your site and/or are not familiar with editing the .htaccess file ask your webmaster to do it for you. If you make a mistake when editing your .htaccess file, the result can make the site completely unavailable.

If you are comfortable with editing your .htaccess file then adding the following code to it should block both Semalt and Buttons For Website traffic to your site.

# block visitors referred from semalt.com
RewriteEngine on
RewriteCond %{HTTP_REFERER} semalt\.com [NC]
RewriteRule .* – [F]
# End semalt block
# block referer spam buttons for website
RewriteEngine On
RewriteCond %{HTTP_REFERER} buttons\-for\-website\.com
RewriteRule ^.* - [F,L]
# End buttons for website block

At Rustyice Solutions we use this method to block Semalt and Buttons For Website traffic on many WordPress, Joomla and Drupal sites that we manage and so far it has resulted in the total elimination of all traffic from these two sites from all of the managed websites. If you do not have a webmaster and are seeing traffic from these sources to your WordPress website we will be happy to help you with the problem. Contact me using the contact form on this site (Click Here) and I will be happy to help for a very small fee.

Skye The Husky
GIMP plugins that stand out from the crowd

Related Posts



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, 27 January 2023
If you'd like to register, please fill in the username, password and name fields.