⛔️ Self-updating PHP library which blocks referral spam from ruining your website statistics
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.


Latest Stable Version Build Status Coverage Status Scrutinizer Code Quality StyleCI Status Dependency Status Packagist Downloads License


Self-updating PHP library which blocks hundreds of spammy domains from ruining your website statistics

Bad domains Last updated
2433 December 1st, 2016

Block referral spam with a single line of code. Originally started to stop the nasty Semalt botnet from visiting your site and ruining your stats (of course their domains are still included), the blocklist now contains hundreds of spammy domains. The library will try to self-update every week, so you don't have to worry about composer update's.


Looking for the blocklist only? No problem:


The blocklist is compiled from several sources. Currently:

Source Raw source file Number of domains
sahava https://raw.githubusercontent.com/sahava/spam-filter-tool/master/js/spamfilter.js 417
piwik https://raw.githubusercontent.com/piwik/referrer-spam-blacklist/master/spammers.txt 483
stevie-ray https://raw.githubusercontent.com/Stevie-Ray/apache-nginx-referral-spam-blacklist/master/generator/domains.txt 1071
ar-communications https://raw.githubusercontent.com/ARCommunications/Block-Referral-Spam/master/blocker.php 376
flameeyes https://raw.githubusercontent.com/Flameeyes/modsec-flameeyes/master/rules/flameeyes_bad_referrers.data 936
semalt-blocker ../domains/additional 1
desbma https://raw.githubusercontent.com/desbma/referer-spam-domains-blacklist/master/spammers.txt 1700

debug console

We've added a tool to check whether your site blocks spammy bots. You can find it in the repository and online at: nabble.nl/semalt

composer setup

This is the easiest method, but requires the use of Composer. Add semalt-blocker to your project by running the following in your terminal:

composer require nabble/semalt-blocker:~1

Then in your project add (but you probably already have this):

require "vendor/autoload.php";

legacy setup

Not using composer? No problem, copy the files domains/blocked and compact/semaltblocker.php to the same directory in your project and add this line:

require "/path/to/semaltblocker.php";

basic usage

It's as easy as:

use Nabble\SemaltBlocker\Blocker;


// ... your app

Make sure you add it somewhere at the beginning of your code, it will save you!


In order for the self-update mechanism to work, make sure the domains/blocked file is writable by the webserver:

$ chmod a+w vendor/nabble/semalt-blocker/domains/blocked


Blocker::protect(); // default, serve a 403 Forbidden response
Blocker::protect('http://semalt.com'); // return them their own botnet traffic
Blocker::protect('Hi, bot'); // displays a nice message when blocked

All calls to the protect function will trigger the auto-updater at a regular interval.

If you want to stay in control even more, use this:

$blocked = Blocker::blocked(); // returns true when a blocked referrer is detected

If you want an explanation for why a referer is blocked, use:

echo Blocker::explain();

The self-updater runs every 7 days by default. To force updating the domain list, use this:

use Nabble\SemaltBlocker\Updater;



Yes, please! Feel free to open issues or pull-requests.