A bad guy in Russia* seems to have collected a whole bunch of Google Analytics Tracking IDs (or more likely, he’s trying numbers sequentially), including your website’s Tracking ID. He uses those IDs to ping GA directly without ever visiting your website, and sends Google Analytics a specially crafted URL for the referrer. That URL gets listed in your Google Analytics reports, you see it and want to know who this is that linked to your site, and you visit the URL. BAM! You get redirected to an affiliate site the bad guy has joined, like Amazon or Alibaba. The bad guy’s affiliate ID is embedded in the redirect so if you buy anything at the merchant’s website the bad guy gets a commission. Most merchant sites will store the affiliate ID in a cookie for little while, so future purchases may earn the bad guy a commission payment.
- Some people are suggesting you change the .htaccess file on your website, but this will not help because the bad guy never visits your site.
- This has no effect on your website, so there is nothing to be fearful of. It only affects your analytics reports.
- The referral URL contains your Google Analytics Tracking ID. The bad guy is probably logging who has visited the referral URL before redirecting to the affiliate site.
- Only the first Property in your GA account is being hit right now–the Property with a Tracking ID ending with “-1”.
- The affiliate ID stored in a cookie poses no risk to you or your computer, but it may reward the bad guy with commission payments.
- For basic websites, you can block most of this spam using a predefined hostname filter in Google Analytics.
The only real negative is that your reports will be skewed because of the fake traffic the bad guy is spoofing to Google Analytics. An easy solution to the problem is to create a hostname filter in Google Analytics, and Google has already helped us out by providing a pre-defined filter for this.
Sometimes a picture’s worth a thousand words…
* Russia? The URL showing up in the referral reports can be traced back to a server hosted in Russia.