What is Digg?Sponsored by Activision
Introducing DJ Hero Game view!
djhero.com - Scratch and mix 102 songs in 93 original mixes from today's hottest artists. Available Now.
38 Comments
- squirt, on 10/12/2007, -2/+14heh... while(1) urchinTracker();
- dBLiSS, on 10/12/2007, -3/+13scew you.
..joke. - GrinningFool, on 10/12/2007, -0/+10I'm not seeing what you'd want to bother. "Gee, it sure is fun to ***** somebody else's stats for no apparent reason... Ha ha ha! For my next trick, I'm gonna light farts!"
- heyidiot, on 10/12/2007, -1/+10Sorry, hate to spoil the fun, but very trivial to counteract this type of nonsense....
From the Google Analytics FAQs:
Predefined filters:
Exclude all clicks from a domain (hostname): use this filter to exclude clicks that originate from a specific network, such as your internal work network.
Exclude all clicks from an IP address: this filter works to exclude clicks from certain sources. You can enter a single IP address, or a range of addresses
Include only traffic from a subdirectory: use this filter if you want a profile to report only on a particular subdirectory (such as www.example.com/motorcycles - farfromsubtl, on 10/12/2007, -0/+7Somthing fishy is going on here. I tried using the code from my Google Analytics across more than one of my many domains, and it unfortunately refuses to gather data for a domain that it was not registered for. Thus, I have to use multiple profiles for each seperate site, as opposed to getting a lump of statistics for all of my sites.
Because of said problem, I don't see how this "hack" would work. Any theories? - eyrieowl, on 10/12/2007, -0/+6skew. not scew. unless you meant 'screw'.
- janit, on 10/12/2007, -1/+5It's amazing what passes for "hacking" these days... sheesh.
- JW00000, on 10/12/2007, -1/+5Instead of visiting the site, you can as well open (one 7-line long URL, copy & paste):
http://www.google-analytics.com/__utm.gif?utmwv=1&utmn=1403218381&utmsr=1280x1024&utmsc=32-bit
&utmul=nl&utmje=1&utmfl=8.0%20%20r22&utmdt=terrill.ca%20%7C%20Hacking%20Google%20Analytics
&utmhn=terrill.ca&utmr=http://digg.com/programming/Hacking_Google_Analytics
&utmp=/posts/google_analytics.html&utmac=UA-132578-1
&utmcc=__utma%3D246568705.1770611825.1144778805.1144778805.1144779703.2%3B%2B__utmb
%3D246568705%3B%2B__utmc%3D246568705%3B%2B__utmz%3D246568705.1144779703.2.2.utmccn
%3D(referral)%7Cutmcsr%3Ddigg.com%7Cutmcct%3D%2F%7Cutmcmd%3Dreferral%3B%2B
That 1x1 pixel image tells Google Analytics someone visited http://terrill.ca/posts/google_analytics.html - inactive, on 10/12/2007, -2/+6Wow, very interesting. I'm surprised Google never saw this.
- tpimental, on 10/12/2007, -0/+4This is only after the fact. Google should have a simple filter in their code... "if site url does not match account url..."
- kook, on 10/12/2007, -2/+5So true. I lost IQ points reading that rubbish. Copy and pasting javascript code qualifys now as hacking your stats?
Wake me when someone comes up with something worthwhile. Thanks. - tpimental, on 10/12/2007, -1/+4If Google isn't already working on this, they will be soon. This is pretty simple to fix.
- NetJoe, on 10/12/2007, -0/+3the stats are already dubious at best. how popular is noscript? what about proxy servers with a minimum cache time? adblock for google-analytics.com? This is just a new twist on an old situation.
no digg - interiot, on 10/12/2007, -1/+4Actually, by detailing the steps, he shows 1) how darn easy it is, and therefore, how worried people should be, 2) gives people ideas about possible workarounds, and 3) gives a sense of how easy it might be to fix the exploit if Google chooses to.
For the Bic-pen / bike-lock thing... would it have been nearly as well-known as it did, if there had been no accompanying video? No. Exploit details are useful, to the general public. - JW00000, on 10/12/2007, -1/+4You can change arguments as follow:
utmwv: Always "1"
utmn: Random number
utmsr: Screen resolution
utmsc: Screen Color
utmul: User Language
utmje: Java Enabled
utmfl: Flash (version number)
utmdt: Document Title
utmhn: HostName
utmr: Referer
utmp: Page
utmac: ID of the Google Analyticsaccount of Terril
utmcc: Cookies set by Google Analytics (__utma, __utmb, __utmc, __utmz and __utmv) - Monguisine, on 10/12/2007, -0/+2This is simple to overcome by adding a domain filter to your analytics settings.
Pretty useless hack really. - pussyWagon, on 10/12/2007, -1/+3Scewing your own stats is for liars hopefully trying to gain advertisers.
Someone else trying to scew your stats makes no sense since there is no outcome for them.
You can place script tags on other sites in case you want to manage multiple domains with one account.
I don't see this as a real problem. The software is based on Urchin which is one of the top web analytics software available. - hagrin, on 10/12/2007, -0/+1And exactly which of those predefined filters would solve the problem from TFA? Answer - none of them. The closest to solving the issue is the third one, but that's for only generating a subdirectory specific report. The first two options are related to the USER making the page and script request - not the HOST.
- TrueVox, on 10/12/2007, -1/+2Or, if you're lazy like me, just go to this tinyURL address: http://tinyurl.com/oa6b9
That seems like the cleanest solution to me... :D - JW00000, on 05/25/2008, -0/+1I wrote a blog post on this, at http://jw.x10hosting.com/blog/2006/04/11/want-to-h ...
- cctoronto05, on 10/12/2007, -0/+1along the same lines:
it's "site's" (possessive) not "sites" (plural) - crexor, on 10/12/2007, -0/+1it would certainly still be comical as the perpetrator for a few moments, before the opposing site admin realized what was going on, and filtered the traffic out.
- rhettnyedotorg, on 10/12/2007, -1/+2i multi-comment-dugg you, but i must say,
"Oh no. Here we go again." - sosuke, on 10/12/2007, -0/+1funniest thing, I get other domains in my analytics and i look all over there pages but there is 0 urchin info
- terrill, on 10/12/2007, -0/+0Scew was intended
- inactive, on 10/12/2007, -4/+4who cares? i could just as easily generate fake stats with curl or a scripted wget.
i don't see the point...? - macewan, on 10/12/2007, -1/+1someone should contact the lame ass webdev at the rental site to let them know also.
- Norseman, on 10/12/2007, -5/+5Marked as "Ok this is lame" for use of the word "hacking", outside of standard language conventions.
- accidental, on 10/12/2007, -2/+2Hopefully someone will screw his site. I hate people who post things like this and then are like, "Heh have fun wrecking havoc people"
Get a life. - issagh198, on 02/20/2008, -0/+0cooooooool
http://issagh.blogspot.com - n3il89, on 10/12/2007, -4/+4this supports terrorism
- oavil, on 10/12/2007, -5/+5Hurry up and fix this google.
- guitarromantic, on 10/12/2007, -5/+3Wow, the guy posting this sounds like a bit of a dick. It's one thing posting exploit code, but it's another to explicitly state how to ***** up someone's stats as much as possible (using the method call 200 times, in this case). Anyone want to put HIS google analytics code on their pages?
Also, "hacking" sounded like it meant the 'good' hacking, as in, changing the code to do cool new stuff. This is in fact the lame kind, ***** over someone else just to cure your boredom. Not cool, no digg. - pcgeek101, on 10/12/2007, -6/+3Haha that's awesome ... props to whoever had the idea to do that.
- yugiohdan6, on 10/12/2007, -4/+1i believe you meant
while (true)
{
alert(urchinTracker())
}
and to use it in firefox type javascript:while (true) { alert(urchinTracker()) } in the address bar - inactive, on 10/12/2007, -6/+1Very clever :)
- Potato, on 10/12/2007, -11/+2Google will get this fixed soon enough.
----------------------------------------------------------
http://www.techtruth.net - haochi, on 10/12/2007, -14/+2Digg
Looks like a great idea...
and this comment seems like getting bury up...
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is 