How to block semalt.com referrer traffic using .htaccess

The short version

Block semalt.com from your site by adding these lines to your .htaccess file

# block visitors referred from semalt.com
RewriteEngine on
RewriteCond %{HTTP_REFERER} semalt\.com [NC]
RewriteRule .* - [F]

The long version

This is going to a massively geeky post compared to my usual rubbish but I hope at least a few people will find it useful.

A few days ago, I was checking the site stats on thechain.co.uk and noticed that a domain – semalt.com – kept popping up with a url that contained ‘competitors_review.php’. I took a look at the link (I’m deliberately not posting that up the link since I think that’s what these traffic spammers want) and there’s very little information: just a sign-up form. I did a bit of digging around and judging by what I’ve seen on other blogs and on Twitter, the general consensus is that semalt.com are best avoided and there’s a whole load of suspicion about why they’re trying to harvest information about people by getting them to sign up to whatever service it is they’re offering with their Facebook accounts. It’s kind of clever – playing on people’s curiosity and making it look like a ‘competitor’ site is gleaning information from your site – but it stinks. If anyone from semalt.com wants to put the counter argument, I’m all ears.

Update 21 Jan 2014: found a couple of other blogs with a bit more info about Semalt.com. See WTF is Semalt.com? and What is the website www.semalt.com about?

Anyway, onto the practical bit. I’ve now blocked semalt.com from appearing in my site stats by adding these lines of code at the end of my .htaccess file. Disclaimers: the .htaccess directives below are based on information in Media Temple’s knowledge base article: How to block a specific IP address from accessing your website. This works for my particular WordPress blog and its .htaccess file. I put them at the very end of my own particular .htaccess file. YMMV, and I provide no warranty as to what this might do to your own site. If you don’t know what your .htaccess file is or how to change it, I’d suggest you find some other way to block Semalt.com.

# block visitors referred from semalt.com
RewriteEngine on
RewriteCond %{HTTP_REFERER} semalt\.com [NC]
RewriteRule .* - [F]

129 comments on “How to block semalt.com referrer traffic using .htaccess”

  1. troy says:

    I’ve been getting referrers of “semalt.semalt.com” in my Google Analytics reports (I see them on the realtime reporting too).

    I’ve scanned my referrer logs on my server and it does NOT appear in the logs. Which is concerning for me.

    It almost appear that they are fiddling with how they interact with Google Analytics now and not even accessing my site.

    So I don’t think even doing rewrite to forbid *semalt.com” will stop these idiots.

  2. Jazmin says:

    Any idea if that code works on a webs.com website? And how do I find my .htaccess?

  3. BAZOOKA says:

    BLOCK THE ENTIRE IP: 217.23.11.15

    GOOD TOOL: INTODNS.COM
    (FIND CORE DNS ON MOST SITES)

  4. BAZOOKA says:

    SEMALT IS HOOKED INTO GOOGLE, APPARENTLY USING LINKS IN MAIL SO YOU GET A REFERER.

    20 alt1.aspmx.l.google.com 74.125.25.27 (no glue)
    30 aspmx3.googlemail.com 173.194.64.27 (no glue)
    10 aspmx.l.google.com 74.125.136.26 (no glue)
    20 alt2.aspmx.l.google.com 173.194.64.26 (no glue)
    30 aspmx2.googlemail.com 74.125.25.27 (no glue)

    GOOGLE SUCKS BIG BROTHER

  5. troy says:

    My guess is semalt is using google apps mail client, which is why you see them as their mail exchange servers in an MX nslookup.

    But still doesn’t explain why semalt.com (or any variant) doesn’t appear in my referrer logs, yest I see them in my google analytics as referers.

    My guess is their bot client fiddles with the page and alters the referrer field (document.referrer) before google analytics starts on your page.

    They have worked around the .htaccess rewriting fix.

    I have no clue which IPs they are coming from, and so I have since added a filter to my google analytics to ignore semalt.\com referers. At least my analytics shows a lower bounce rate now.

  6. Johnd847 says:

    I appreciate, cause I found just what I was looking for. You have ended my 4 day long hunt! God Bless you man. Have a nice day. Bye aagbekcfkafd

  7. […] adapted this from this website’s .htacesss block: # block visitors referred from semalt.com RewriteEngine on RewriteCond […]

  8. Eng.Arab says:

    Hello’
    i have added the .htaccess code above into my root .htaccess after 1month they come back i think they changed the algorithm of their program.

    i have found this code on WordPress.org Support

    SetEnvIfNoCase Via evil-spam-proxy spammer=yes
    SetEnvIfNoCase Referer evil-spam-domain.com spammer=yes
    SetEnvIfNoCase Referer evil-spam-keyword spammer=yes
    SetEnvIfNoCase Via pinappleproxy spammer=yes
    SetEnvIfNoCase Referer semalt.com spammer=yes
    SetEnvIfNoCase Referer poker spammer=yes

    Order allow,deny
    Allow from all
    Deny from env=spammer

    Reference link
    http://wordpress.org/support/topic/how-to-block-semaltcom-from-visiting-your-wordpress-website

    i just wanna know u that

  9. Dani says:

    Unfortunately they also added semalt.semalt.com. So I had to add that to my block list as well. I also added semalt.semalt.semalt.com because it seems like they are getting ready to use that one as well. Really annoying.

  10. Gina R says:

    I have tried everything to get rid of the revolting referrer. My htaccess is:
    SetEnvIfNoCase Via evil-spam-proxy spammer=yes
    SetEnvIfNoCase Referer evil-spam-domain.com spammer=yes
    SetEnvIfNoCase Referer evil-spam-keyword spammer=yes
    SetEnvIfNoCase Via pinappleproxy spammer=yes
    SetEnvIfNoCase Referer semalt.semalt.com spammer=yes
    SetEnvIfNoCase Referer semalt.com spammer=yes
    SetEnvIfNoCase Referer poker spammer=yes

    Order allow,deny
    Allow from all
    Deny from env=spammer

    And less than 12 hours later I see this:

    ? Satellite Provider arrived from http://semalt.semalt.com/crawler.php?u=http://mywebsitename.biz and visited http://mywebitename.biz/
    1 hour 18 mins ago IP: 41.194.224.42

    Everytime it arrives at the website it is with a different IP and creates a 100% bounce rate for the visit.

    Does anyone have ANY ideas on what else I can do to stop this thing?

  11. Seth Miller says:

    You can go to their website and use their tool to request that they stop accessing your website. Not sure how new this is, but it appears to be the most common solution to the problem online (and apparently they honor requests)

    http://semalt.com/project_crawler.php

    • Gina R says:

      Hi Seth,
      I would not recommend going to their website and submitting anything. I have read numerous times that this does not work and some believe they are using that as a way to confirm websites and people that have done that have found the crawling to intensify. The people running this bot have no respect for webmasters. I read on Twitter where someone had managed to redirect the semalt crawlers back to the semalt server and then the owner of the bot accused this person of launching a DDOS attack against them, when it was actually their own bots coming back at them, #semalt on twitter will bring it up.

      • Seth Miller says:

        Cool. I’m a skilled WordPress chopmaster & SEO wiz kid. I’ll let you know if the inbound links stop, mmmk? ;)

        • tania says:

          I’ll be all ears Seth, I just happen to be looking for competitive analysis tools at the moment and fell for their spiel hook line and sinker today.
          I went in and cancelled the account but who knows if they’ll honour it.

          Now I’ve checked and this Semalt thing appears as a referrer in the analytics of a number of clients and if it is malicious in any way I want to notify my developers.

          • Seth Miller says:

            It’s probably not malicious except that it is convincing and they may are converting some people to customers. If they take care of their customers it’s actually a creative way to get your name out there. Not sure on the legal aspect of inbound linking like that.

            FWIW: Since submitting all of my websites through their removal tool, I haven’t seen any inbound links from Semalt.

    • Deborah says:

      Seth–Can you tell me where on their site you found the removal tool/link?
      Thanks!

    • Mariano says:

      I requested my site to be removed and they did honour it. For most unwanted visitors I use to add http://atma.es/deny.txt as well as some whole countries’ IP ranges to my htaccess file.

  12. Steve says:

    Does this still work for semalt.semalt.com or would that need to me a separate entry?

    # block visitors referred from semalt.com
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} semalt\.com [NC]
    RewriteRule .* – [F]

    Thanks for all the info. What a pain in the butt. All of my organizations websites analytics have been polluted by this bs.

  13. […] attendes who wanted information on blocking the referral spammer Semalt, I recommend Logorrhoea‘s how to blog […]

  14. […] when it gets to server side operating and have tried the various workarounds such as found on Logorrhoea or as discussed on WordPress. Nothing has worked for […]

  15. Al says:

    Why don’t we just ask Seth Miller (above) to stop his Semalt spam activities directly?

  16. Conrad says:

    Thanks for the helpful informations. All my German Websites are polluted yet.

  17. […] can also modify your .htaccess file to block any referral from Semalt.com: # block visitors referred from semalt.com RewriteEngine on […]

  18. Gina R says:

    I have managed to block Semalt through the referrer in htacess, but I noticed to day that after semalt receives a 403 from the server it drops the referrer and hits the website again and if the ip is not blocked it gets a 200 response from the server and the creates a 100% bounce rate. This thing is insidious, and the only way to completely block it appears to be blocking each individual ip address. It is definitely using a hacked botnet. I am getting hits from Europe, Brazil, Australia, Israel, India and more.

  19. kik forum says:

    I just noticed this in my analytics. Thanks for all the useful tips on how to get rid of Semalt

  20. j says:

    Do you think Spyder Spanker plugin could help with this ?

  21. marek says:

    Try to remove your website from their so called ‘search engine’ bot using their removal form. You got nothing to lose. I did that and it seems to be working. I can’t guarantee that it will work as aside from that I have also blocked all Brazilian traffic in my htaccess file as well. So far so good. Besides, there is a FREE plugin out there to help you keep unwanted spiders away from your website, bodi0`s Bots visits counter. Google it and you should find it. If the spider isn’t on their list it lets you add a new one. All the best !

  22. kwikspeak says:

    I will try to submit a couple of my sites to their “Removal Tool” as Seth Miller mentioned that all of his sites are now free from semalt inbound link.

    I will let you know if this method really works, in other word “If They are Really Respect & Honor Webmasters”

    Regards,

  23. Matthias says:

    I did use the removal tool on March 27. It “worked” for a couple days, but on April 11 they came back using the referer “semalt.semalt.com”. So the removal tool is just a trick to find out which sites might be blocking them. Bastards.

  24. Johnny27 says:

    Hi there all,

    I have tried all the methods mentioned here and on wp forum, but nothing seems to work.

    They keep coming back. I have visitors from Brazil, Colombia, Russia, and Ukraine.

    My wp site is less than a month old and I have not started doing any social media marketing. Therefore, the only way a visitor could reach my website is from organic search (using google, bing, yahoo, etc). Aside from referral traffic via semalt.com, I also see returning users from the above mentioned countries coming to my site. My site is very local-centric (for a particular state only, not for the countries mentioned above). I guess, they have kind of bookmarked my website’s link.

    Should I complaint to Google (Using Webmaster Tools) under webspam or phishing or malware?

    Any advice?

    • marek says:

      Try to block country domain. Insert this code into your htaccess file:
      RewriteEngine On
      Options +FollowSymlinks
      RewriteCond %{HTTP_REFERER} \.br [NC,OR]
      RewriteCond %{HTTP_REFERER} \.cn [NC,OR]
      RewriteCond %{HTTP_REFERER} \.gr [NC,OR]
      RewriteCond %{HTTP_REFERER} \.id [NC,OR]
      RewriteCond %{HTTP_REFERER} \.in [NC,OR]
      RewriteCond %{HTTP_REFERER} \.jp [NC,OR]
      RewriteCond %{HTTP_REFERER} \.kr [NC,OR]
      RewriteCond %{HTTP_REFERER} \.pl [NC,OR]
      RewriteCond %{HTTP_REFERER} \.ro [NC,OR]
      RewriteCond %{HTTP_REFERER} \.ru [NC,OR]
      RewriteCond %{HTTP_REFERER} \.se [NC,OR]
      RewriteCond %{HTTP_REFERER} \.tr [NC,OR]
      RewriteCond %{HTTP_REFERER} \.tt [NC,OR]
      RewriteCond %{HTTP_REFERER} \.ua [NC]
      RewriteRule .* – [F]

      You add more if you want.

    • marek says:

      Or you could use bill’s website http://incredibill.me/htaccess-block-country-ips
      to generate htaccess file code to block county IP’s. Which is more effective. However, his database is dated august 2013 so some of them may slip though.

  25. Johnny27 says:

    Why don’t all of us webmasters report this site to google? I am sure google can do something about it when they receive thousands of report against semalt.com?

    P.S. Do NOT visit their site and remove your page’s url. It is a scam by semalt to track your website and to know more about the whereabouts of the website and its owners.

  26. peter says:

    hi guys,

    just an idea:
    if semalt gets the 403 from the block and then adjusts to it (using other techniques), why not presenting them something to “crawl”, but nothing which disturbs us?

    I just created a subdir “trap” with an index.html in it (some nice content, too: “we are working on the site, more to come soon”)

    an now added in the .htaccess:

    RewriteCond %{HTTP_REFERER} semalt\.com [NC]
    RewriteCond %{HTTP_REFERER} semalt\.semalt\.com [NC]
    RewriteRule .* trap? [R=301,NE,NC,L]

    what do you think? could this work?

  27. peter says:

    update:

    changed RewriteRule to:

    RewriteRule ^.*$ /trap/index.html [R=301,L]

    (.htaccess Rules are not my speciality; if anyone sees a mistake, please give feedback).

    oh, and btw: of course in this index.html there is no analytics script or anything else. just a short sentence….

  28. Mariano says:

    Only efective way I see is a “deny from xxxxxx” in your .htaccess file. For up to date Semalt IPs, see
    http://urandom.us.to/report.php?ip=&info=semalt&

    • Gina R says:

      I have just identified that the new referrer spam I am getting is from semalt as well.
      Rio De Janeiro, Brazil arrived from http://11.kambasoft DOT com/2.php?u=http://xxxxx.xxx (removed the link to minimize their presence)
      : 187.105.22.168
      In the last few days I have had about 6 visits and all the visits had a different subdomain.

      • marek says:

        Blocking kambasoft’s ip will get you nowhere. I have had the same issue. They’ll keep switching form 11.kaimbasoft to 5, to 4 and so on. You’ll end up chasing a tail. What I have done is is to implement EVERY single technique I have learnt in this thread. Block semalt, semalt.semalt and all brazilian IPs. Block all the .ru, br, and so on domains. I don’t need them anyways. I even blocked yandex, as they were sending me a fake traffic. FKN bastards. Anyone who does that, will end up on my black list, sooner or later they’ll be cut off. It seems to be working. I don’t care how big my htaccess file gets. As long as it doesn’t slow my website, I’ll put in there whatever it takes to keep those cockroaches out of my site.It’s been over a week since I have had a visit from them. My bounce rate has gone down from 75% to zero and instead chasing them, I can focus on my website. Occasionally some will slip through, if they do, I use wordfence plugin to block the entire network.I’d rather deal with a cockroach once every few days rather then colony of them everyday. To get rid of the parasites, you need implement number of techniques, one will not work.

        • Gina R says:

          Marek, I am doing what you are doing – using Wordfence to block the network, but for some reason when you try to block a BR network it won’t come up in Wordfence so you can only block the IP.

          Mariana, very easy to work out. Same registrar, same MO and sitting on the same server in NL – check through Domaintools.com.

          They are using a hacked botnet and @vote4obama2012 on twitter put up an image showing that they were offering a firefox extension which infects computers – very serious.
          https://twitter.com/search?f=realtime&q=%23semaltcom&src=typd

          • marek says:

            Gina, seeing that Wordfence was not pulling out the network they came from I went ahead and blocked all Brazilian IPs using http://incredibill.me/htaccess-block-country-ips website. Two of them have slipped though. So I have added them manually to my htaccess file. Changing the last 2 sets of numbers. For example, if they came from 187-85-158-82 I’d change it to 187-85-0-0 – 187-85-255-255. Since I have implemented a number of blocking techniques to get rid of undesirable traffic I can’t really say which one most effective.

  29. Mariano says:

    Thank you for the info. You’re not the only one who suspects that “Kambasoft” is also Semalt, please see https://mobile.twitter.com/vote4obama2012/status/490294138458603520?p=v

    But I’d like to know how you’ve determined that they are the same thing, -let alone that the requests are quite similar-.

    On a side note, I’m afraid many of the IPs they are using are dinamyc, so the “deny from” method has to rely on updating the IP list quite often. Having said that, some IP ranges will emerge quite soon, so that “deny from 201.43.” for example, will be enough, althoug we could also be banning some legit visitors.

    As I had said, they honoured my request to remove a domain of mine and, so far, they haven’t returned, but someone said here that his story is different. I also asked them why they don’t request and obey robots.txt and they said they will do soon. If not the case, I’ll release all the IP ranges they use.

  30. Dennis says:

    My sites were not removed after repeated requests.

    I find that the .htaccess code below deters visits from the three most common semalt addresses completely. It may even load up their website server with unwanted visits – just as they do to mine.

    # BEGIN DETER semalt.com, semalt.semalt.com, crawler.semalt.com
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?semalt.com.*$ [NC]
    RewriteRule .* http://semalt.com [L]

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?semalt.semalt.com.*$ [NC]
    RewriteRule .* http://semalt.com [L]

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?crawler.semalt.com.*$ [NC]
    RewriteRule .* http://semalt.com [L]
    #END DETER semalt.com, semalt.semalt.com, crawler.semalt.com

  31. marek says:

    “But I’d like to know how you’ve determined that they are the same thing” Because on one occasion they came from the same IP. That’s good enough for me to put 1+1 together. As soon as semalt was gone Kambasoft was gone as well. Hope that I will not see them ever again.

  32. […] It seems simple, but if you don’t have access to or you are intimated by modifying your .htaccess file, use method 1 or 2 instead or contact your webmaster to make the changes for you. (you can view the long version of these instructions with a better description by clicking here) […]

Leave a comment