This tip is for anyone who has noticed a considerable amount of “visits” from browsers with various .xyz domains that all link back to Semalt.
The fix is relatively simple and uses .htaccess to deny the visitor.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http(s)?://.*\.xyz/ [NC]
RewriteRule ^(.*)$ [F,L]
SetEnvIfNoCase Referer "(.*)\.xyz$" bad_user
Deny from env=bad_user
</IfModule>
The first bit just sends the visitor to a forbidden page but that means it still shows up in your logs. So the second bit just slams the door in the visitors face.
Chances are you’ll have other rewrite rules in your htaccess so you’ll need to adapt accordingly but this has cut our spam referrers from .xyz domains to nil which makes the whole stats a lot less cluttered with cr*p.
Hope it’s useful.