25 Nov 2016

Trump fan is celebrating by hacking Google Analytics

A Russian Trump fan is celebrating by hacking Google Analytics

google anyalatic-A Russian Trump fan is celebrating by hacking Google Analytics

The spammer is using the Google Analytics Measurement Protocol to create hits and send those to your Google Analytics property. These hits seem like they’re coming from this page or another page on your web site, but they’re not.

spammer sending this spam message and is only changing the tracking IDs. Each Google Analytics property has a unique two-number tracking ID, so it’s super easy to automate.

The easiest way to get rid of this is to setup a filter that only includes your own domain — more info on how to do this can be found in this article

This was amazing. I felt so special for a second knowing that first of all, Google has a secret page, second, I was invited. And on top of that, they are “yuuuuge” Donald Trump fans.

Now, I know there are lots of things to grasp here but let’s start with the obvious one. What in world is wrong with that link? Here’s the full URL.

 http://money get away get a good job with more pay and you are okay money it is a gas grab that cash with both hands and make a stash new car caviar four star daydream think i ll buy me a football team money get back i am alright jack ilovevitaly com/# keep off my stack money it is a hit do not give me that do goody good bullshit i am in the hi fidelity first class travelling set and i think i need a lear jet money it is a secret %C9%A2oogle com/# share it fairly but dont take a slice of my pie money so they say is the root of all evil today but if you ask for a rise it’s no surprise that they are giving none and secret

Vitaly Popov, sir, you have a good taste in music. This is the first time I saw the lyrics of “Money” by Pink Floyd in a URL.

Ok, so this was obviously spam. The hacker is abusing a little-known Analytics feature called Measurement Protocol. The real purpose of this service is to allow developers to send data directly to Google Analytics Servers for testing different environment. However, as you already noticed, the spammers have another use for it.

After a bit of research, I found out that I’m not the only one affected by this spam technique. Chances are, Vitaly Popov is in your Google Analytics too.

So what is secret.google.com and how does it affect you?

Referral spam like Secret.Google.com basically creates false visits to your website. The idea behind this is that once you see the URL of the new visitor, you might be tempted to trace it back to its source. This would in turn generate real visits to the hacker’s website, thus pushing it up the rating ladder.

When the referral spam scheme was first created, the method it used to generate artificial visits to user’s websites was via spambots. However, Google has found a way to deal with that issue. Currently, most spambot views are getting blocked, their views are not included in the Analytics stats and so the URL of the hacker is not displayed. However, as of 2014, a new type of referral spam has been invented that instead of using spambots, it directly changes your website stats tricking you into thinking that you have received actual visits.

What surprises me is that Google hasn’t fixed this. This Russian guy has been reportedly hacking Google Analytics since 2015 and they still haven’t taken care of it.

You might think that this isn’t a big deal since getting rid of it is fairly easy, but it should be a concern and a priority for Google.

It comes without saying, until Google fixes this glitch, I’m using Vitaly’s search feature from his website. 



No comments :

Post a Comment