The Customer Analytics Blog

Actionable advice on optimizing the customer lifecycle

Have Your Stats Been Hijacked?

Web Analytics - January 15th, 2009 by .

0 Flares Twitter 0 Facebook 0 Google+ 0 LinkedIn 0 0 Flares ×

Vladimir Prelovac was having an analytically bad day with Google Analytics. According to them, he was getting 10 visitors a day from Google searches for “bioenergoterapia” – a word not found on his blog.

In “Google Analytics might have a problem,” he reported on the detective work that led him to a fascinating discovery. His Google Analytics code was hijacked by a site in Poland.

I made a search on google.pl again found a site called psychoenergoterapia.pl. The site is using my theme, nothing wrong with that, but for some unknown reason they also decided to copy and paste the contents of my site footer, including the Google Analytics code.

And clearly it was working just fine in this alien environment.

…The case basically proves that it is possible to dramatically skew somebodies analytics data and potentially make huge damage to them. Who are them? Companies paying a lot of money for adwords and conversion campaigns for example…

He asked psychoergoterapia.pl to remove his Google Analytics code from their footer, and gave us something to think about.

What if someone is using your Google Analytics or Woopra code on their site because they not only copied your WordPress Theme or website design, but also your analytics JavaScript code? Prelovac admitted he thought this was impossible, that his code was protected. Clearly not.

We here at considered this security issue from the very beginning. Woopra automatically verifies that the domain name matches the member’s account. If it doesn’t match, it will not track the statistics on that site, nor impact your site’s traffic.

With Woopra, this security protection comes built-in from the start. However, Google Analytics also protects your site’s traffic, if you take the right steps.

Protecting Your Site With Google Analytics

Google Analytics collects data according to Web Property ID and not domain name or website, and you can set your Profile to restrict which sites data will be collected.

In your Google Analytics Profile Settings, create a predefined or custom filter that excludes all traffic from a specific domain or includes only traffic to a specific domain or subdirectory. There are a variety of Include and Exclude filters to choose from that use regular expressions to match the data, tracking only your site in your statistics.

See Google Analytics Domains & Directories, Managing Profiles and Accounts & Profiles, along with “How do I create a filter?” in the Google Analytics Help Documentation for more information on controlling where your stats come from.

0 Flares Twitter 0 Facebook 0 Google+ 0 LinkedIn 0 0 Flares ×