How to Get Rid of Ghost Traffic in Google Analytics

Some of your site traffic may be fake. Learn how to remove this illegitimate data from your reporting.
IM_Ghost_Data

Ghost traffic (or phantom traffic) is fake traffic and data, particularly referrals, that hackers insert into your Google Analytics dashboard in order to get you to visit their (the hackers’) websites. In this article, we’ll look at how Google Analytics works, how hackers exploit it to insert malicious ghost traffic, and what you can do about it.

How Does Normal, Valid Data Get into Your Analytics Dashboard?

If you’ve ever implemented Google Analytics on a website, you know it’s done by placing a snippet of JavaScript inside your HTML. What the JavaScript snippet does, ultimately, is make requests to a special Google URL whenever anything needs to be sent to your Google Analytics dashboard. A pageview, an event, a referral — each one is the result of a request made to Google’s URL.

Every single website that uses Google Analytics sends its data by making requests to the same URL. To make sure only your data gets to your dashboard, you’re assigned a unique identifier which is sent along with every request. You might have seen one before. It looks like this:

UA-XXXXXXXXXXX-Y

Where the Xs and Y are numbers representing your user ID and your website ID, respectively.

How Do Hackers Send Bogus “Ghost Traffic” to Your Dashboard?

All a hacker needs is your unique identifier. Once they have that they can stuff your dashboard with whatever data or ghost traffic they want by using off-the-shelf software to make requests directly to the special Google URL using your unique identifier. It’s known as “ghost traffic” because it appears in your dashboard without a real visitor ever actually visiting your site.

So how do they get your identifier? Unfortunately, it’s very easy. Try this:

  1. Visit your website (or any website that uses Google Analytics) and view the page source. In Chrome, go to the main menu and select View -> Developer -> View Source (Firefox users select Tools -> Web Developer -> Page Source). You should see a bunch of HTML code.
  2. Now search for “UA-”. There’s your unique identifier. Anyone who visits your site can retrieve your identifier.

It’s not clear whether hackers get your unique identifier by using this simple method, employing a malicious web crawler to automate retrieving as many identifiers as they can; a “shotgun” method of randomly generating identifiers for ghost traffic spamming and hoping some of them happen to match real accounts; or something else entirely.

How Can You Stop Hackers from Getting Your Identifier?

You can’t. While it’s beyond the scope of this article, it would be possible to obfuscate it on your website so it’s not immediately visible, but there are a few problems with this approach:

  • You can only obfuscate it, not truly make it invisible. It might stop crawlers from seeing it, but a dedicated hacker will always be able to retrieve it.
  • If they’re using another approach to get your identifier then obfuscation might not be applicable at all.
  • Most importantly, if you’re already receiving ghost data then obfuscation will do nothing to stop it.

All that said, obfuscation is a potentially viable approach that might be worth experimenting with on new GA accounts. But, if you’re reading this, you’re probably already dealing with ghost traffic, in which case you’re likely wondering . . .

How Can You Get Rid of Ghost Traffic?

Again, what distinguishes ghost traffic is that its source is not an actual visitor to your site. So the only way to get rid of it is:

  1. Mark genuine visitors to your site with some identifier that ghosts won’t have.
  2. Use that mark to filter away all other traffic (i.e., if it doesn’t have that identifying mark, it’s not a human).

Step 1 can be accomplished in a number of ways, but the simplest approach is to use GA’s built-in “Custom Dimensions” to mark your genuine visitors.

Step-by-Step Instructions for Removing Ghost Traffic

Step 1: Mark Genuine Visitors

The simplest way to approach marking genuine visitors is to use a feature of Google Analytics called Custom Dimensions. These are basically little bits of data you can attach to certain users for whatever purpose you choose. To define our custom dimension:

  1. Log in to your Google Analytics account.
  2. Click “Admin” from the main menu.
  3. At the Property level, click “Custom Definitions” and then “Custom Dimensions.”
  4. Click “New Custom Dimension,” give it a name (I suggest “Ghost”), give it a scope of “User,” and make sure the “Active” checkbox is checked. Then click “Create.”
  5. You should now see a bunch of code snippets in different languages. Take a look at this line of the JavaScript snippet:
 ga('set', 'dimension1', dimensionValue);

Take note of the number in “dimensionX”. You’ll need to refer to it in a moment. In the example above it’s a 1; yours may be different.

Now you’ll need to locate the Google Analytics snippet on your site. It should look something like this:

(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');

ga('create', 'UA-XXXXXXXX-Y',’‘yourdomain.example.com’);
ga('send', 'pageview');

Of particular interest is this line:

ga('send', 'pageview');

You will need to modify it to look like this:

ga('send', 'pageview', {'dimensionX': 'false'});

Very important: Now you need to refer to the number you made note of in Step 5 above. Replace the “X” in “dimensionX” in the snippet above with that number. For example, if your number is 3, the snippet should look like this:

ga('send', 'pageview', {'dimension3': 'false'});

And you’re all set. Note that the “false” is the value we’re passing to our Custom Dimension. We called our dimension “Ghost,” so effectively what we’re saying is, “Is this user a ghost? No, false.”

Now for the hardest part: waiting. There’s a delay on the information that Google Analytics aggregates and you’ll need to give it time for your Custom Dimension to start showing up in your data. I’d give it about 24 hours.

Step 2: Filter Away the Ghost Traffic

OK, let’s assume it’s now 24 hours later. The first thing we need to do is make sure the Custom Dimension is being set and capturing the ghost traffic:

  1. Log in to Google Analytics.
  2. Select the Property for which you defined the Custom Dimension.
  3. We need to try filtering some traffic. Let’s do Referrals. Click on Acquisition -> All Traffic -> Referrals in the sidebar.
  4. In the header for the top Referral rankings table, click the “Secondary dimension” dropdown.
  5. Search for “Ghost” (or whatever name you gave your Custom Dimension) and select your Custom Dimension.

You should only see legitimate referrals now, and the value for “Ghost” should always be “false.”

The final step is to create a filter at the Property level to make it so only traffic that has the “Ghost: false” Custom Dimension set gets added to your dashboard.

  1. Click “Admin” in the Google Analytics main menu.
  2. At the Property level, select “All Filters.”
  3. Click “New Filter”
  4. Name the filter “Exclude Ghosts” and change the type from “Predefined” to “Custom.”
  5. Make sure the Exclude radio button is selected. In the Filter Field dropdown, search for and select your Custom Dimension (named “Ghost” in my example). Set the filter pattern to “false.” Everything should look like this:Ghost Traffic Filter Settings
  6. Save the filter.

And that’s it! When we implemented this solution for our clients, we immediately saw a dramatic drop in the amount of traffic their sites were receiving. That sounds scary, but it was a good thing since all of the excluded traffic was illegitimate (it was ghost traffic).

Enjoy your ghost traffic-free GA dashboard! And feel free to contact us with any questions.

Responsive Website Guide

About the Author

Cameron McDonald


Comment