I’ve setup piwik and it works great but i wonder about tracking security. I’ve tested on 2 domains to track a site with the same Javascript tracking code, eg both have idSite 2.
In Piwik i’ve set only 1 domain in the URLs (eg domain1.tld) but it tracks pages from both domains.
Shouldn’t the tracker be protected by the URLs setting and above all shouldn’t the tracker be protected by server that can write to the piwik tracker?
Maybe it’s idea to introduce ip filter for the server the tracking is coming from and filter the tracking by URLs?
There’s no way to authenticate the tracking site because the request is made from the visitor’s browser. #588 only makes it harder to misconfigure/spoof. All JavaScript trackers have this inherent weakness.
If you want to protect against spoofing, you’ll have to use the server-side tracker.
What are the pros/cons of server side tracking? Isn’t this more reliable?
I don’t agree on the security issue, i would encounter a piwik tracked website i can copy the code including the idSite from the website and paste it in a fake website to generate a lot of fake traffic. This way i can make it look like the site has a lot of visitors. This is especially dangerous with internet ad/marketing company’s who sell their services to generate more traffic.
Maybe it’s an idea to make an php track communicator that resides on the server with the website that needs to be tracked, which holds a secure version of the idSite code (e.g. 92asdl#30as39). The piwik.js file sends it’s data to the php track communicator, which sends the data to the piwik tracking website. This would make it a lot harder to generate fake tracking data because the secure idSite code can’t be copied.
I’ve looked at the Tracking API but it indeed have these cons. Both Method 1 (image tracking) and method 2 (http request).
I think it would be great if there is a third method, Javascript tracking. This method would not have these cons and use a local php file to send the idSite to piwik.
Sorry, but i was thinking this doens’t make a difference because one could use the local php file to send bogus traffic to piwik. Maybe there’s another way…
It could be possible to let the piwik.php file check a file exists on the sending server, but this would generate a lot of traffic. This is the same way Google checks if your the site owner.
If not, it would be great if piwik filter the incoming URLs like i’ve configured in the website settings. Spoofable or not this prevents misconfiguration from my side. Why is this setting in Piwik if it doesn’t do anything by the way?