How to block semalt.com from visiting your WordPress website…

I have tried:
Deny from env=bad_bot
RewriteRule .* – [F]
SetEnvIfNoCase Via evil-spam-proxy spammer=yes
SetEnvIfNoCase Referer evil-spam-domain.com spammer=yes
SetEnvIfNoCase Referer evil-spam-keyword spammer=yes
SetEnvIfNoCase Via pinappleproxy spammer=yes
SetEnvIfNoCase Referer semalt.semalt.com spammer=yes
SetEnvIfNoCase Referer semalt.com spammer=yes
SetEnvIfNoCase Referer poker spammer=yes
Order allow,deny
Allow from all
Deny from env=spammer

and it is not working. I am still getting visits from bots all over the world that have been hijacked by semalt.

They are now using another referrer kambasoft dot com but with subdomains. This has been traced back to the owners of semalt. Does not look like they are going to go away and I am finding the only way I can stop them is by blocking each visit through Wordfence.

I tried the removal tool a week ago and I’m still getting hit by them.

Any suggestions for someone (me!) running nginx rather than Apache? I don’t have an .htaccess file..!

Try this: https://gist.github.com/boogah/10151592

(Googled ‘block semalt nginx’ ?? )

NICE. Thanks, Mika.

@mika. Where do I add the code you mentioned in the gist link. Also should I add the first code in .htaccess file or just the code in gist would suffice enough.

I am experiencing the same with both semalt and kambasoft.

I don’t know anything about code.
Are both examples needed?

I added in the recommended code to my htaccess file and the hits disappeared for a few days.

Today they are back though with semalt.semalt.com

It’s not just the analytic they skew, but that must be messing with the sites CTR also which affects search engine rankings…

Hmmmm

Is it all of us, or is it something in common to all of us, such as the jetpack? Could it be buggy?

I believe it is common to every website out there, semalt are targeting sites with analytics to get visibility in there (then charge business to repeating the process for them).

This is a good overview: https://helloseocopywriting.com/9/post/2014/04/who-the-hell-is-semaltcom-and-how-do-i-block-them.html

I am giving up on the above suggestion as I have tried all of them and they are not working.

I am going to try blocking specific IP addresses through my iThemes security settings next…

FWIW, we were having a massive problem with Semalt (on a non WordPress site, MD.com) and tried initially to use the removal tool.

It worked fine, but you can only enter one subdomain at a time, and we have 600,000+ subdomains.

Anyway, a little Google recon and we found this page on their site… https://semalt.com/about#office … which lists a Skype contact.

Reached out via Skype expecting bupkis. Turns out the were very responsive and over the course of 24 hours were gone from our analytics.

I realize this company gets a really bad rap so figured I’d mention at least one positive (un)customer service experience.

TL

There’s no way I would contact them from the stories I have heard. You are just verifying/pinning a target on your back.

What seems to be working for me thus far is blocking their IP addresses in iThemes security which adds this to .htaccess:

SetEnvIF REMOTE_ADDR "^217\.23\.11\.15$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^217\.23\.11\.15$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^217\.23\.11\.15$" DenyAccess

SetEnvIF REMOTE_ADDR "^217\.23\.11\.108$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^217\.23\.11\.108$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^217\.23\.11\.108$" DenyAccess

SetEnvIF REMOTE_ADDR "^217\.23\.7\.112$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^217\.23\.7\.112$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^217\.23\.7\.112$" DenyAccess

order allow,deny
deny from env=DenyAccess
deny from 217.23.11.15
deny from 217.23.11.108
deny from 217.23.7.112
allow from all

I’m sure they will add more IP addresses as people block them, but I will keep adding them…

Spoke too soon

Got a WordPress Jetpack stats report saying I was visited by 81.semalt.com today – which resolves to 217.23.11.108, an IP address I already blocked.

So they are still getting through somehow…

I’ve also blocked both semalt.com and semalt.semalt.com and now today and yesterday I’ve been hit by 20.semalt.com, 49.semalt.com, and 94.semalt.com. It seems that everyone is blocking them so they just keep coming up with new ways to get through. Is this just an evil we’re all going to have to put up with or will there ever be a final resolution???

#IHateSemalt

Ditto Rissa7230
I’ve had varieties of semalt for weeks now…
My question is: Why hasn’t wordpress done anything????

What’s weird is the registered sub domains (81. 20. Etc) all seems to resolve back to IP address .108.

It’s like they are dynamically changing IP for each sub domain returning to .108 after so that nobody can block them.

Next thing I am going to try is blocking the whole subnet range.