Possible Remote file inclusions (RFI) using Piwik Analytics

I have checked Piwik analytics. It showed me warning that there is possible Remote file inclusions (RFI) using Piwik Analytics like:
Attack: Off-domain Reference/Link.

After checking tracking code it uses actually login details for the statistics.

Can be solved this potential thread as it it pointed to the CP and statistics application?


Can you provide more details? Who or what is it that is showing the warning?

It is very simple issue. Any tracking code (Piwik) will be placed in the same manner like tracking this forum. If you see source code you see tracking code and also u element. This points to the the control panel or login page where is Piwik analytics. In this way all websites that are tracked from one login get warnings and there is possible remote file inclusion. If you control security and website where is placed application like Piwik you will notice possible warning. It is actually general warning as this kind of inclusions can be also malicious. If we are positive, developers do not like to place inclusions. but what happens when there is broken rule?

My guess is if there is just Piwik shortcode it will not show source of tracking where is application and warning will be eliminated. Google uses ga(‘create’,‘UA-XXX-X’,‘auto’);

There is any Google’s URL which points to the Google.com/controlpanel.