Recently, a peculiar trend has been spotted in Google Analytics 4 (GA4) data across various websites. A significant number of users have reported an influx of referral spam coming specifically from a domain in Poland. This post aims to shed light on this situation and provide some actionable advice for those affected.
Several webmasters have noticed a pattern: fake user traffic from Poland, specifically from news.grets.store, appearing in their GA4 real-time reports. This traffic occurs in a strangely regular pattern, roughly every 20 minutes.
This issue has become a talking point in numerous online forums, suggesting it’s not an isolated case. While Google is known for its regular updates and fixes, this issue seems to persist, indicating a more complex problem than usual.
Marking it as an unwanted referral won’t filter out the spam. The only outcome is that it will no longer be classified as referral traffic. However, the events will still be recorded, so this isn’t an effective solution. Additionally, creating filters appears to be unhelpful because the IP addresses of the attackers are constantly changing.
This attack is specifically targeting Google Analytics and doesn’t actually affect individual websites directly, as server logs can confirm. The traffic data isn’t originating from server levels; it’s more likely coming directly from targeted Google IDs.
Additionally, the use of varying domains and IPs, possibly spoofed, means traditional Analytics filters based on IP addresses are ineffective. It’s also worth noting that, as far as I know, GA4 lacks a country filter. As a result, only Google can effectively block or filter this kind of data injection.
Given Google’s history with Analytics security, it’s plausible that the attackers have developed methods to circumvent Google’s existing safeguards.
The responsibility to address this issue falls on Google. The impact of this attack, however, will vary: websites with a smaller volume of traffic might feel a more significant effect, especially if around 80 injected referrals represent a larger portion of their total traffic. Conversely, larger websites are likely to experience minimal impact.
Until Google implements measures to block this attack, direct intervention options are limited.
We will promptly update this article with new information as soon as further details regarding the GA4 attack become available.
Good to know
If you keep encountering spam or fake visits from Poland, it might be worthwhile to explore a dedicated real-time analytics tool.
For instance, realtime.li is engineered to immediately eliminate both bot and referral spam, guaranteeing more reliable and precise data (without data-smapling like GA4) for your analysis. You can start a free 30-day trial to experience its benefits firsthand.