Isolate Activity from Hacking Attempts

begleysm · March 25, 2019, 1:20pm

Hello,

I’m new to Matomo and it is working well for me.

I run a small MediaWiki based site. Just a place to put things like HOWTOs that took me a while to figure out so that others might benefit. I get just a couple “real” people per day who find an article of mine on how to configure a software package or something similar.

However, my total traffic is 20-times my “real” traffic. This delta appears to be bots trying to login to my wiki. This is apparent because some (most) users access my site through the Main Page, then go to the Login Page, the fail to login, and repeat this process a few times before leaving. See attached screenshot.

Basically, anyone who visits the Login page for my site (https://mydomain.com/wiki/index.php?title=Special:UserLogin&returnto=Main+Page) is probably a hacker.

Is there a way to isolate these people from “real” users (who don’t try to login) for the Analytics? I’d like to supress the “junk data” from hackers on things like the Visitor Map, Visit Overview, & Visits Over Time.

Ideally I’d still like to have some access to the “hackers” data so I can, potentially, use it ensure my site is resistant to hacking.

Thanks,
begleysm

begleysm · March 26, 2019, 12:56pm

I was playing with Matomo today and, while in the Dashboard -> Behavior -> Pages I noticed this “All visits (default)” button at the top and, after clicking on it, saw the “ADD NEW SEGMENT” button.

This SEGMENT functionality pretty much does what I want. It allowed me to create a SEGEMENT with the following parameters that supresses activity from suspected hackers so I can see what “real people” are doing instead.

Name: Supress Hackers
Page URL    Is not    https://mydomain.com/wiki/index.php?title=Special:UserLogin&returnto=Main+Page
AND
Page URL    Is not    https://mydomain.com/wiki/index.php?title=Special:UserLogin&returnto=Main+Page&error=
AND
Page URL    Is not    https://mydomain.com/wiki/index.php/Main_Page