URL Injections Into Site?

shauntir

Well-Known Member
Joined
Sep 11, 2013
Messages
457
Reaction score
0
Location
Durban
I've recently added some Google Analytics to a site I developed.

From Behaviour -> Site Content -> All Pages link, I see that there are multiple URLs shown that do not belong to the application/site. Such as: /somepornsite.com

I had a look at the html on the site by viewing source but could not find any references to these sites.

Any ideas on how to resolve this?
 
If it's WordPress, update it.

When you say you checked the html I'm assuming you went onto the server and checked the source file. What does the html in View Source look like? Is there a js file that you don't know about that gets included maybe?
 
It is a custom dev'd ASP.Net MVC site.

I checked the source as in looked through the view source on the final rendered html in chrome.

Couldn't find any references to any dodgy scripts. It just references my minified bundles. Will have a look at the server source razor files when I'm home.

I've been searching and some people seem to say that these are spam bots and not necessarily anything else. But I'm still cautious. Client has not complained that he has seen any dodgy things happen.

Think I will need to check request logging on IIS. If not, probably need to enable it...
 
I've recently added some Google Analytics to a site I developed.

From Behaviour -> Site Content -> All Pages link, I see that there are multiple URLs shown that do not belong to the application/site. Such as: /somepornsite.com

I had a look at the html on the site by viewing source but could not find any references to these sites.

Any ideas on how to resolve this?

Remember that this is recorded as part of the GA tracking, so whatever page-track event you sent will be recorded. I would search your content for the ga tracking code ga('send', 'pageview', '/somepornsite.com'); (this is GA Universal, you might use the older version). If you have dynamic content/user generated content, someone could have posed the tracking code as part of that.

Since it is tracked as "site content", this would not come from spam bots, but would be triggered on your site. I would perhaps also go through the GA settings and the GA tracking code to eliminate that your tracking is wrong.
 
It is most likely that the porn site is hotlinking to your images or content. That's why GA is picking up the source as the porn site?
 
Have a look at the .htaccess files. They got hold of our sites and put this line in
"RewriteRule ^(.*)$ http://cloud-security.ru [L,R=302]" for mobile sites. So when you go through a search engine on a phone you are redirected to porn sites. If you typed in the URL you are redirected to Bing.
I took that line out of all the htaccess files and it is working now hold thumbs.
Google adwords did stop my ads for a while as they said the site contained malware. So that is also a good indicator.

Good luck as we had htaccess files everywhere.
 
Top
Sign up to the MyBroadband newsletter
X