Stolen Piwik Code Placed on Other Porn Sites

cqjb · January 6, 2015, 6:57pm

Hey guys/gals

I have some porn sites that are taking my tracking code as well as all my other site code and placing it on porn sites, is there any way to prevent my code from populating my statistics with porn sites? I dont want user data being pushed to my stats from porn sites.

Not sure what to do?

Thanks

matthieu · January 9, 2015, 9:46am

Hi Bruce,

That’s worrying. Would you mind emailing us the details to security@piwik.org ?

In general this issue would solve the problem: New website setting: Only track visits and actions when the action URL starts with one of the above URLs · Issue #588 · matomo-org/piwik · GitHub
feel free to comment there as well, maybe we should increase priority!

cqjb · January 9, 2015, 3:14pm

Matt, I just emailed you, this really is worrying me alot. Long time user, but I need this cleaned up and a solution to easily prevent this going forward, my data is corupted now, worthless to use Piwik with such an event in my account.

Thank you

BC

cqjb · January 11, 2015, 4:14pm

Matt

Did you guys get my email?

My account on Piwik is still poluted with keywords/bad-hits etc, need a fix for this, like removal of the bad data etc, best way to accomplish this please?

matthieu · January 12, 2015, 1:27am

Hi Bruce,

For now can you please contact the website owner and ask them to remove your piwik code from their websites? Likely they have put your code by mistake not knowing. Hopefully they will remove the code after you let them know.
Thanks!

cqjb · January 12, 2015, 3:16pm

Matt

Yes the pages are showing 404 now, but my entire Piwik database is polluted with http://www.streamcyclone.com visits, how do I get rid of these?
It’s pointless using Piwik when it’s completely polluted with false hits.

Please guys, what can I do to get rid of this pollution in my stats?

jlam · January 13, 2015, 3:20am

It’s also possible that people are using the tracking API and simply submitting false “hits” while changing the referrer to try and get you to go to their site, possibly downloading malware or worse. I would find it unlikely that someone would “accidentally” copy your code into their own sites.

dali · January 19, 2015, 2:55pm

I would find it unlikely that someone would “accidentally” copy your code into their own sites.

One possibility: Someone “stealing” a HTML theme-template for their own use and didn’t remove the tracking code…

And my comment is still valid: https://github.com/piwik/piwik/issues/588#issuecomment-48294427

“I can’t think of a more important feature than this one [whitelist website URLs or hosts allowed to tracked visits].
Data integrity is way more important than anything I can think of.”