Blocking .xyz referrer spam

This tip is for anyone who has noticed a considerable amount of “visits” from browsers with various .xyz domains that all link back to Semalt.

The fix is relatively simple and uses .htaccess to deny the visitor.

<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{HTTP_REFERER} ^http(s)?://.*\.xyz/ [NC]
	RewriteRule ^(.*)$	[F,L]

	SetEnvIfNoCase Referer "(.*)\.xyz$" bad_user
	Deny from env=bad_user

The first bit just sends the visitor to a forbidden page but that means it still shows up in your logs. So the second bit just slams the door in the visitors face.

Chances are you’ll have other rewrite rules in your htaccess so you’ll need to adapt accordingly but this has cut our spam referrers from .xyz domains to nil which makes the whole stats a lot less cluttered with cr*p.

Hope it’s useful.


Maybe use this:

RewriteCond expr "%{HTTP_REFERER} -strcmatch '*://*\.xyz/*'"

and make this correctly:
(you have a tab instead “-”)

RewriteRule ^(.*)$ "-" [F,L]

An another solution is to use the matomo config.ini.php like this:

[Tracker] # only add this line if it doesn't exist yet
exclude_requests = ""