Reporting from unwanted sites

rbonifaz · July 3, 2012, 7:41pm

Hi,

First of all congrats for this great project. I might be searching wrong but I haven’t find the answer.

I was wondering what could happend if someone copy the javascript code on other web site. Would I get false reports? is there a way to protect from that?

So I did this test.

I have a low trafic site call xyz.midomain.com that is tracking stats with piwik and everything works great. I installed in my desktop wordpress and configure it to report stats. I do some browsing inside my wordpress to see if it reports and it does report.

How can I prevent this happening?

Regards,

Rafael

lesjokolat · July 3, 2012, 7:58pm

Hi you could exclude and IP or part of a URL.

Got to settings tab and there you will see the fields to enter.one or the other.

good luck

rbonifaz · July 3, 2012, 8:43pm

I don’t know if I am doing something wrong? I put “rbonifaz-desktop” in the exlude parameters, but it still reports.

Supposing that it works good and I can exclude some domains, this would work for my my original need. I have a site call www.mydomain.com and I have the development environment as dev.mydomain.com. So I could exclude stats from dev.mydomain.com or even remove the javascript from there.

However what could happen if someone else takes copy the javascript code and copy in other sites. Or even if someone creates a virus that could send false stats about my site from distributed locations. I don’t know if someone would do something like that, but just curious about the concept.

Best regards and thanks for the quick answer,

Rafael

lesjokolat · July 3, 2012, 9:06pm

ok if some is sending code from another server then Im guessing you are seeing it from a pages report where when you hover you see a foreign server. That main www.mydomain.com/notmypage would show up so you have 2 options

enter the URL paraemter or else lookup the domain and its IP via WHOIS for example and exclude that IP.

The “rbonifaz-desktop” i dont know ehre you are getting that from? Hard for me to guide you.

For a dev environment lets say www.dev.mydomain.com or dev.mydomain.com just use exclude URL portion.(yes you could remove teh JS from dev entirely but that would mean you are QAing on your live then at somepoint from an analytics viewpoint)

the JS code will in theory only send data based on the typical piwik requests and varialbles.(if someone hacks it to send or corrupt a login of some sort I cant say, though piwik did recently pay for a new security screening that they have now fixed as i understand it.)

People linking to your site is probably desirable as its showing your content is good or your a main refernce point. But linking only makes your site higher in google rankings.

regards

matthieu · July 5, 2012, 7:56am

excluding “fake” requests is a feature request: New setting: Piwik to track only ‘known’ page URLs · Issue #1918 · matomo-org/matomo · GitHub

rbonifaz · July 5, 2012, 1:54pm

Thanks matt and lesjokolat,

lesjokolat, the rbonifaz-desktop is just a fake domain I created in the /etc/hosts of my Desktop to install a worpdress site and test if I could report from a “fake” site.

Looking at the docs I found this http://piwik.org/faq/how-to/#faq_89

So I guess if I want to exlude dev.mydomain.com and test.mydomain.com. For example if I would have to use something like:


if (!window.location.pathname.match(/^/(dev|test)./))
{
tracker.trackPageView();
}

Best regards,

Rafael