Referrer Spam from Rankscanner.com
On Wednesday, July 8, 2015, rankscanner.com appeared in my Google Analytics referrer list for the first time. Because of previous investigations into malicious referrer spam, I did not immediately go to the web site. I did a domain lookup with Tcpiputils and found that the site was registered in Denmark on September 15, 2013 and updated in August of 2014 by Rune Jensen. Most of the referral spam comes from domains that were issued in the last few days or weeks, and which are registered using domain registration privacy services.
I next did an IP address lookup on Tcpiputils and found out that the domain is hosted by Gearhost in Englewood, Colorado. The server is not on a block list for malicous domains and only has one host listed on an email spam blocklist; this is not unusual for a multi-hosting server. None of the domains look to be associated with other referral spammers.
Next, I looked at the referral path in Google Analytics: /Domain/mooresoftwareservices.com which is a URL that does not exist on my web site. Clearly, this is not a real referral, and is a machine-generated URL intended to get past some of the basic referral spam checking, since most referral spammers point to the root page of a web site.
Next, I went to the web site in FireFox’s private mode, and was presented with a data entry box where I could enter my domain name and sign up for search word analysis or something like that.
I decided to filter the domain out of my Google Analytics.
Removing rankscanner.com from Google Analytics
I added rankscanner.com to my Google Analytics filters as described in Removing Referral Spam from Google Analytics, the best article on the topic that I have found. There are a number of articles about adding redirects or allow/deny code to .htaccess. These don’t necessarily work and can open some serious security holes if incorrectly implemented.
Trends
There is no way to really tell how many sites are getting hit by this referral spammer, but you can use Google Trends to get an understanding of how frequently web masters query Google looking for information on this site. The figures below show the relative frequency for searches on “referral spam” and “success-seo.com” respectively. At this writing, the second figure does not have enough data to be populated, but experience shows that about a week after this writing, Google will have enough queries to populate it.