Google Analytics Hacks

Summary

This is a current, active hack being run, mostly it seems, out of Russia. Virtually every Google Analytics account has unwanted data in it which seriously undermines the value and usefulness of the Google Analytics on your website.

Symptoms

From around the beginning of November 2016 spurious traffic appears in users’ Google Analytics information which

1. Appears to come from sites other than your own
2. Appears to be for a non-existent language
3. May appear to be an offer or other incentive to click (e.g. “Congratulations to Trump and all americans”)

Severity

Medium

Effects

• Information from Analytics is unreliable
• Traffic figures are inflated
• Location information is incorrect
• Analysis reports are skewed
• Drilling down on Google reports drives traffic to the spammers (and lets them know that someone is monitoring the account so it becomes more valuable to them)

Solution

We, at Positively Online, have been affected by this hack ourselves and have recently fixed our own sites. We would like to do the same for you, if that would be helpful, and can do so for just a nominal charge.

Alternatively, you could try to undo the damage done by the hackers yourself but you will need to do this via your Google Analytics account and you will need to do this without affecting the good data held in the account.

How are the hacks being done?

In one instance, spammers are using the Google Analytics Measurement Protocol (a service intended to allow developers to send data directly to Google Analytics Servers for testing different environments) to create hits and send those to your Google Analytics property.

These hits seem like they’re coming from your page or another well respected page (a favourite is Fox News) but they’re not. The hackers are sending the spam messages and only have to change the tracking IDs to achieve this effect. As each Google Analytics property has a unique two-number tracking ID, this is super-easy to automate on a mass scale.

Another type of hack is to use “referral” spam like Secret.Google.com that basically creates false visits to your website. The idea behind this is that once you see the URL of the supposed new visitor in Google Analytics, you might be tempted to trace it back to its source. This would in turn generate real visits to the hacker’s website, thus pushing it up the rating ladder.

When the referral spam scheme was first created by unscrupulous people, the method it used to generate artificial visits to users’ websites was via spambots. However, Google has found a way to deal with that issue.

Currently, most spambot views are blocked and any views that they do make are not included in the Analytics stats and so the URL of the hacker is not displayed. However, as of 2014, a new type of referral spam has been invented that, instead of using spambots, it directly changes your website stats tricking you into thinking that you have received actual visits. What surprises us is that Google hasn’t fixed this - the Russian hackers have been reportedly attacking Google Analytics in various ways since 2015 and they still haven’t taken care of it.

Please use the contact form below to order Google Analytics spam removal.