Flood and attack control


Does piwik have any flood and /or attack control? I’m not talking about protection against ddos attacks or similar, just preventing someone can use the http API to create false calls to piwik tracker.

For instance a hacker may try to create 1,000 page views by calling the action tracking API programmatically, he can even change _id parameter in order to simulate different visitors.

Hello, I have been looking for the very same answer for several hours.

How come nobody thought of this? I made this test:

site A, id: 1
site B, id: 2,

I can track visits from A with id 2 (reported on site B visitor panel) and vice-versa (B with id 1, reported on site A visitor panel).

Unfortunately, I couldn’t find anything to (say at least) reduce this issue, and discard URLs other than those associated to current site ID.

Having just started to learn Piwik, maybe I miss something…?

I really need to avoid our users manually entering another ID to alter someone else’s data.

Thanks to whoever can make some light on this…

Hi there,

We are actually working on this feature, check out this issue: New website setting: Only track visits and actions when the action URL starts with one of the above URLs · Issue #588 · matomo-org/piwik · GitHub