Follow e-Communication on Facebook, Twitter, Pinterest, and eRavens.net! Student Resource: eRavens.blogspot.com!

Wednesday, November 30, 2016

Russian Hackers Attacked Our Website!!

Well, not exactly, but....


This purports to be a hit on our website from reddit.
A few minutes after reading about how Russian hackers broke into the computer systems of the San Francisco transit system, creating all kinds of headaches for commuters and cybersecurity experts alike, (Why weekend hack of San Francisco transit should worry Donald Trump), I checked the Google Analytics for our website. The live view showed visitor after visitor from various locations in Russia - all supposedly referred by lifehacker.com. A few also came from reddit.


After checking just to make sure that lifehacker.com really did not have any links to us, I decided to dig deeper - so naturally, I Googled the Google Analytics puzzle of our Russian visitors.

 

The Hack:


While we have had some issues with automatic bots hitting the login page of our site and attempting to log in to plant malware, those issues are under control. And it turns out that our newly found visitors to our site via lifehacker.com (allegedly), are actually not site visitors at all. Rather, they are instances of our Google Analytics itself being hacked! The idea being that a webmaster like me would see the invalid entries into our analytics and click on the associated links - thereby ending up at a dubious site that could possibly infect my computer with malware or make it vulnerable to hacking.

So, as long as no one tries to follow the nasty links these guys leave in our analytics, these false stats are actually doing no harm to our site itself. The problem is that these faux website visits are counting into our tally of visits (all to the home page) - which then skews all of our statistics.

 

The Solution:

There are ways to filter out invalid entries in the analytics. You have to be careful that you don't really mess things up, but following the instructions in this post seems to have done the trick:
Definitive Guide to Removing All Google Analytics Spam

The idea of this method is actually not to try to screen out traffic from certain sources or countries (like lifehacker.com or Russia). These hackers change up what they use for their supposed referring sites and countries. The idea is to come at this from the other direction and only allow stats to show up that are in fact visits on our host server. Since these invalid entries into our analytics are not actual hits on our website, this filters them out. Turning on Google Analytic's "spiders and bots" option with the check of a box also should help.

It's nice to know that for every hacker out there, there is also a helpful stranger, willing to share their expert knowledge with the rest of us!



Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)