We need to get rid of these, stat.
In order to get rid of them, we need to modify the .htaccess file on our hosting account. This file is quite 'dangerous' to mess with - one wrong character or symbol and your site can come to a screeching halt. So you've got to be careful, and you've got to run a backup before you even think about playing with it.
So now we need to make a list of sites that are causing this havoc on analytics, and filter them out (actually, block them) from our website. If I look at me analytics, I can see a few:
Now, not all of these could be spam sites. But we can pick out the bad ones pretty quickly with a look at the bounce rates and average session duration:
Armed with this information, I can pretty much tell that the first four are probably spam sites that I don't want in my analytics. The last one, even though it has a average session of zero minutes, I do see that the one visitor looked at more than one page, so I'm going to assume for now that it was probably a real visitor.
The Three Steps to Block 'em
Step One - Block via Google Analytics
This one's easy - just click the 'Admin' button at the top of the page in your Google Analytics account
Next, click on the 'View Settings' in the third column
Lastly, look for the checkbox letting you block known bots from your results. Check it and hit SAVE!
Step Two - Block via plugin or .htaccess
If you're using WordPress, just install and activate this plugin. If you're not on WordPress, continue reading this step.
So back to the .htaccess file - we need to make four entries in that file, one for each of the domains above. It will look like this:
# block referer spam
SetEnvIfNoCase Referer semalt.com spambot=yes
SetEnvIfNoCase Referer buttons-for-website.com spambot=yes
SetEnvIfNoCase Referer 4webmasters.org spambot=yes
SetEnvIfNoCase Referer buttons-for-your-website.com spambot=yes
Allow from all
Deny from env=spambot
Your .htaccess file can be edited in FTP, SSH, or, if you use WordPress, via the Yoast plugin (Tools, Advanced, File Editor)
There are a few silly rules you'll need to follow here - things like dashes and dots need to be 'escaped' by adding a backslash (\) in front of them. Once again, make sure you have a good backup before you do this.
Save this file and upload it to your root directory. Now those sites will be blocked.
Step Three - Annotate the Change
One last thing I'd recommend that you do is to annotate the change you made in your Google Analytics, so that a month or two from now, when you see that bump in traffic that went away just as fast, you'll know why that happened. To annotate something, click the little down-arrow in the middle of your traffic graph.
This will move the arrow down slightly, and on the right you'll see a link to create a new annotation.
Click that, make a note to yourself that you added some spam filters to the .htaccess file, and hit Save.
There are more than just the few sites you found out there doing this. It may be that you need to revisit this process once a month, or if you're obsessed with analytics, as you see them show up.