Menu
We want to embed an ajax style service into a number of our websites each with a unique api key. The problem that I can see is that because the api key is stored in the javascript file the user could potentially take the key, spoof the http referrer, and make millions of requests to the api under that api key.
So I am wondering how Google prevents Analytics spoofing? As this uses almost the same idea.
I'm also open to other ideas, essentially here is the process.
SiteA -> User <-> Ajax <-> SiteB
EDIT - is there any way to protect the API from being abused while having it called via ajax?
416
In this Google Analytics web traffic report, you can see which channels are driving the most traffic to your website. For instance, you can see in both examples that Organic Search has the highest number of visitors. These are the people that come from search engines. You can already see the medium in your GA4 report.
Use Google Analytics' Robot/Spider Tool A starting point to delete traffic useless to you is to check off Google's pre-made filter called “Exclude Hits from Known Bots and Spiders.” Head over to Admin > View Settings > Exclude all hits from known bots and spiders.
In Google Analytics you can see how people are getting to your website by checking the Traffic Sources reports. These reports will tell you the medium (generally one of three – organic/search, direct, or referral) and the source (Google, Twitter, carleton.ca, etc).
The short answer is Yes! Google Analytics is a reliable tool that gives accurate results in most cases.
I don't believe there are any such protection measures in place. Spoofing of traffic is a serious problem for other Google services, such as Adwords. For instance a malicious individual who is bidding on adwords can generate many fake clicks for their competitor's ads to drive up their advertising costs and thus Google's stock price. The inverse is also true, people will generate fake clicks on their site to get extra money from a PayPer Click ad on their site.
At the end of the day a hacker can amass a list of 10,000+ anonymous proxy servers without too much difficulty and there isn't much you can do about it. A hacker could also use a botnet, some of which are millions in size. Traffic generated from a botnet can appear to be legitimate machines with a legit Google Cookie, because they where hijacked.
Many proxies and bonet'ed machines are enumerated by Realtime Black Lists (RBL) such as the one run by http://www.spamhaus.org , and many legitimate ip addresses are also on that list. There are also proxies that can't be used for spam but could be used for click fraud and thus they won't be on that list.
140
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
