: Could somebody hijack my Google Analytics for a site? I track many websites in Google Analytics. Recently I accidentally added tracking code for site A to site B, which I noticed a couple of
I track many websites in Google Analytics. Recently I accidentally added tracking code for site A to site B, which I noticed a couple of weeks later. By then, one website had two weeks of no visitors, and the other website had tons of traffic, relative to the other.
It completely messed up my analytics data for the site, adding data for the other site.
This made me think, since it's easy to view the source of a site and its Google Analytics code, could somebody take that code and add it to their own site(s) and completely mess up my site's analytics data?
A lot of very big name websites use Google Analytics, I wonder why this hasn't been thought of or mitigated; wouldn't be too hard for Google to check if the source domain matches the site that it's meant to be tracking.
How can I mitigate against this?
UPDATE: So sadly this has become a new way to spam websites (http://www.analyticsedge.com/2014/12/removing-referral-spam-google-analytics/) and the below answers are more relevant than ever. Still don't know why a default filter isn't in place to filter out fake analytics hits from bots.
More posts by @Welton855
1 Comments
Sorted by latest first Latest Oldest Best
since it's easy to view the source of a site and its Google Analytics code, could somebody take that code and add it to their own site(s) and completely mess up my site's analytics data?
Yes, Google Analytics code and Property ID's can be hijacked, as covered here.
The motivation might be just that, to mess up your analytics data, or an attempt to get you and others looking at your data to visit their sites (for spam or other malicious purposes, like malware).
How can I mitigate against this?
You can add a Filter to your profile:
1.) Go to:
Home -> Select Site -> Admin (in the top right-hand corner) -> Filters (under "All Web Site Data")
2.) Click New Filter
3.) Add a filter name like "Mitigate Hijacking"
4.) Click Custom Filter
5.) Click Include
6.) Select "Hostname" in Filter Field
7.) Add your domain with escape character for the dot, like: example.com
8.) Select "No" for Case Sensitive
The result should look something like this (Google Analytics interfaces change periodically):
*Note: it's strongly recommended to test this first on a test profile, as covered here.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.