I'm trying to block spam referer domains with web.config. I have it (mostly) working.

Here's the code I'm using:

<rule name="abort referer spam requests" stopProcessing="true">
                <match url=".*" />
                <conditions>
                    <add input="{HTTP_REFERER}" pattern="(semalt\.com|Darodar\.com|Priceg\.com|7makemoneyonline\.com|Buttons\-for\-website\.com|Ilovevitaly\.com|Blackhatworth\.com|Econom\.co|Iskalko\.ru|Lomb\.co|Lombia\.co|hulfingtonpost\.com|cenoval\.ru|bestwebsitesawards\.com|o\-o\-6\-o\-o\.com|humanorightswatch\.org|forum20\.smailik\.org|myftpupload\.com|prodvigator\.ua|best\-seo\-solution\.com|Buttons\-for\-your\-website\.com|Buy\-cheap\-online\.info|offers\.bycontext\.com|website\-errors\-scanner\.com|webmaster\-traffic\.com|guardlink\.org|www\.event\-tracking\.com|trafficmonetize\.org|traffic\-paradise\.org|simple\-share\-buttons\.com|sharebutton\.org|s\.click\.aliexpress\.com|social\-buttons\.com|site12\.social\-buttons\.com|anticrawler\.org|adcash\.com|adviceforum\.info|cenokos\.ru|cityadspix\.com|edakgfvwql\.ru|gobongo\.info|kambasoft\.com|luxup\.ru|4webmasters\.org|get\-free\-traffic\-now\.com|Best\-seo\-offer\.com|Theguardlan\.com|www1\.social\-buttons\.com|netvibes\.com|webcrawler\.com|www\.get\-free\-traffic\-now\.com|sanjosestartups\.com|100dollars\-seo\.com|resellerclub\.com|savetubevideo\.com|screentoolkit\.com|seoexperimenty\.ru|slftsdybbg\.ru|socialseet\.ru|superiends\.org|vodkoved\.ru|websocial\.me|ykecwqlixx\.ru|76brighton\.co\.uk|paparazzistudios\.com\.au|powitania\.pl|sharebutton\.net|tasteidea\.com|descargar\-musica\-gratis\.net|torontoplumbinggroup\.com|cyprusbuyproperties\.com|ranksonic\.org|Googlsucks\.com|free\-share\-buttons\.com|securesuite\.co\.uk|securesuite\.net|www3\.free\-social\-buttons\.com|free\-social\-buttons\.com|sitevaluation\.org|howtostopreferralspam\.eu|symbaloo\.com|acads\.net|addons\.mozilla\.org\/en\-US\/firefox\/addon\/ilovevitaly\/|aliexpress\.com|anal\-acrobats\.hol\.es|brakehawk\.com|domination\.ml|event\-tracking\.com|forum69\.info|ilovevitaly\.co|ilovevitaly\.ru|iminent\.com|kabbalah\-red\-bracelets\.com|makemoneyonline\.com|masterseek\.com|o\-o\-6\-o\-o\.ru|o\-o\-8\-o\-o\.ru|ok\.ru|pornhub\-forum\.ga|pornhub\-forum\.uni\.me|prlog\.ru|ranksonic\.info|rapidgator\-porn\.ga|sexyteens\.hol\.es|smailik\.org|youporn\-forum\.ga|youporn\-forum\.uni\.me|.*monetiz.*|semaltmedia\.com)" />
                </conditions>
                <action type="AbortRequest" />
            </rule> 

It is blocking all the domains except webmonetizer.net.

my question:

How is webmonetizer.net getting through? In the code above I've included

.*monetiz.*

I've tested this in fiddler too, and it's being blocked. It gets a 504 response when I test my site (www.myirelandtour.com), so I thought that would have stopped it?

User-Agent: Fiddler

Referer: webmonetizer.net

Host: www.myirelandtour.com

I'm still seeing webmonetizer.net as a referer in my google analytics, any ideas why or how to stop that? Thanks!

Most of the spammers in Google Analytics never access your site so any server solution like web.config or the htaccess file won't work

This type of spam is known as Ghost because it never reaches your site, the only way to stop it is by using filters in GA.

You may get confused and think the web.config rules block it because Ghost spam usually shows only for a few days. Sometimes it comes back sometimes it doesn't.

The other type of spam "Crawlers" can be blocked from there, but there are just a few of them compared to the Ghosts, from your list only semalt, buttons-for-website and few more.

You can find a guide to create the filters and more information on this related answers

https://stackoverflow.com/a/28354319/3197362

https://webmasters.stackexchange.com/a/80927/49561

Hope it helps,

I use the following code in my web.config (well I imported my .htaccess file into a Windows server, and it converted it to this):

                <rule name="Imported Rule 1">
                <match url=".*" ignoreCase="false" />
                <conditions logicalGrouping="MatchAny">
                    <add input="{HTTP_REFERER}" pattern="^http://.*semalt\.com" />
                    <add input="{HTTP_REFERER}" pattern="^http://.*buttons-for-website\.com" />
                    <add input="{HTTP_REFERER}" pattern="^http://.*7makemoneyonline\.com" />
                    <add input="{HTTP_REFERER}" pattern="^http://.*webmonetizer\.net" />
                </conditions>
                <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
            </rule>

I did this in January, and the referers still don't show up in Google Analytics.