Intrusion attempt?


(ifthenelse) #1

Hi everybody, I’m new to the forum.
My compliments go to the development team! I’ve been using Piwik for about a month and I’m really satisfied of this tool, I’ve also twitted about it and suggested it to my friends as a valid alternative to Google Analytics.
Now I explain my problem: yesterday I recieved a suspicious visit, the incoming link is
www.mysitename.com/piwikfolder/index.php?module=CoreHome&action=index&idSite=1&period=day&date=yesterday
(‘mysitename’ and ‘piwikfolder’ are two generic replacement to the real domain and the real piwik folder in the server).

That was a direct access,and I’m 100% sure it was not me, because:

  • The browser is different from the one I use to browse and test my website;
  • The operatig system is different;
  • The IP shown doesn't include into the IP range that my ISP provides;
  • I use cookies to not track myself;
  • As "ISP", the GeoIP plugin returns "unknown";
  • As "City", the GeoIP plugin returns "unknown";
How did this guy retrieved the exact incoming link? I don't know, because I'm very scrupulous about not giving away my important data.

What do you think, should I take this a serious security warning?
I am really worried that this unknown user could find the password to my Piwik control panel or, worse, to the SQL databases (I suppose that Piwik stores them somewhere to write the analytics data).

What do you suggest me to do?

Sorry if my concern may seem poorly justified: I’m not an expert.
Also, sorry for my poor English, I’m trying my best to be understandable.
Thanks in advance for the help.


(vipsoft) #2

The tracking code in your web pages would tell someone where your Piwik installation is. It’s difficult to say whether the visitor is curious or malicious.


(CaseyS) #3

I’ve had 3 just like this today and had one yesterday. They are coming from different ip’s and different parts of the world. Very weird for these to be popping up all the sudden…


(vipsoft) #4

It suppose it could also be some program (e.g., malware detection) probing your site. The CoreHome url appears because Piwik responds with a redirect header (e.g., http ://example.com/index.php?module=CoreHome…etc…).