I recently opened up my google analytics and looked at the behavior panel all pages in depth for the first time and I noticed some strange pages such as:
/amobee/a3d-ad-loader.html?a3dWebglBanner=https://cdn-production.amobee3d.com/__integration__/9cbea9d/a3d-webgl-banner.js&adName=canon_sp&bucket=cdn-production.amobee3d.com&creativeId=phone&tpt={"tpt-click":"http://r.turn.com/r/tpclick/urlid/14BFxPtiFHxrmUcNdR4QHN-0x-Yel1rNyX3oaT1U1nk4Xtdr-WJQO1XlpD1d2cgzm_yn98_nqu0l-H7-6TDbnFAVUaa81rE5Va5TPoJV_1Ntn4-ZNPeiesLCUWGi5Q0pMIlxWeHujtiWU4hIRmxZhGDbLcisF5vf52pYjnxx7sgLDq60qaLSM9lSDH_P7r3m2LfHLNhuhT3pi82fEsIKY-zMcLaIqUa9FRu7ru1ABYiMCtsmIp-lbv-0tHQ0QtXb2XvAslSEVQju5WCkGeXtYPPWcOXdh4wRx2g-XrBQLJqyt0vA7eW1L6lLODoYREs9OBPuTEypwnf63U3p8t5FBYUJmQbyMz4eKCUfVCW3oZA8XwQsSlpxKWOwnR4ICWD6Hv0vAV2VuhJR0Xs53RIHS3H9Tz63br3HTEa4ZY_kKFET9A_ftQbvMsRO4u41FP6SKbtlYbh9rP6ujKbOzAN8TRFll4D4qUWscfwlVaUN_u2u5E4Vy42t_bSnl21XJcaYEQEFVUTsKZNXtOXj9z5KcYao4xmdD4GUUWyryckAdVyWahvx4V_d16JvQHawx4X3ioQH0_wNdsrb3RVATpziopDFpbZaBPUHiKLZ-bIyufGmXpZmxg-3vX-zu1vvsZPbJNqcc9li1Ympbj3ShiZ1AiIxqUrWzljp1f1In7Z8Im-yg3_KM0J57D8-gUsHIZ-oX3ZGD89yOo93M3XBqtzuW2Hsic-itJBXhnJzspzQ4UqNbGQz9oR24Gk94As9pRznxJBPBDq4ETbqpQBtH7BoKHQ/3c/https://adclick.g.doubleclick.net/aclk?sa=l&ai=C4Uxke2G6WaDwNofbpAOzu7eoBf7D7ZRGiM-B9pQBwI23ARABIABgyabejOCk0BSCARdjYS1wdWItODQ0NTQ5NjI3NTYxOTU2N6ABjPe59APIAQmoAwGqBHxP0Hg-A8VrFKLhd4VPGK02nOSLdJlNn7XiRxtz6uzu19NuxGmz5enbVlB2iirq6fTo1Hjk0ggr3O7qFuCqnbrLdm_fi-5tala6iCF3bFK5yG40vufVOofQQ-0YefypkSbFeGdRzK6ke5XOGaI8UaVEAoiTfHwrtnGA6nyzgAbd2MidmYzBhAygBiGoB6a-G9gHANIIBQiAARAB&num=1&sig=AOD64_06gu58j3wZF6kAoqQM6TYyaPYIBQ&client=REMOVED&adurl=/url/"}
/flashtalking/ftlocal.html?ifsrc=https://cdn.flashtalking.com/xre/271/2711110/1979640/js/j-2711110-1979640.js&ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_ifb=1&ft_domain=REMOVEDft_agentEnv=0&ft_referrer=REMOVED&cachebuster=750934.4320502493&click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=Ce9A4rOjBWbK7BMnWkgP6w6nwB4GMv7JMitPArpwG-7idztoIEAEg0JjELWDJ5v6GgICgGcgBCagDAaoEuAFP0IwsQBfm1IhnAEcv-Kxde6xOfh27RXolPw6jRU8iIA8UyhMCIzdPsjzlztPIEk-d6gwfr438fNB4ptnk2O2-NRq8iKLUF9M4vcKS2aV9IoNcN3v5gcOhtR8Woojv_R8C-z6cDbensRSTTYYVM9RS8OIGbiXrVvsrHcU7kb8vlmMS0EIKD_5NwhCenv4gRE9-_U1Q1r05lJPI1RAJ1m2m_LPSflL_nb5m8BpwYhfJFdBGanLwgh7LwASLsqq1rgHgBAOIBd3Zs7sDkAYBoAZN2AYCgAefycxeqAemvhvYBwCgCP-hpwSwCALSCAcIgGEQARgCyBPg1p0C0BMA2BMDghQTGhF3d3cudm9sdW1lYm90LmNvbQ&num=1&cid=CAASEuRoTBJWebFR9Y_pZL7ze3vdCg&sig=AOD64_2PqRgxPypUSzjJHrRA4kFBwKQPZQ&client=REMOVED&dbm_c=AKAmf-BdHzMrPFTxYQj06utKwilI6E9GHRDztBNwp4NEhB2BuaayZ6JG_BcT226zfnDtdwABfZhe&dbm_d=AKAmf-BWr8_Qqd0y7BMDQPUfEaK5z_iR3KXo8wstJkrl5wytBRYlArCAOqS_TR4m5kPBDNYQmT520pL98pRp6u4h6seeuW53gXANeGvEaPqByEZTbKzlzs7zvX_HqjcevAzg0oDNVrcKyt6jc0SRG5LJGM-YrbtMWCm0-ceIau7y4qp_WK-X5-c&adurl=&ftimpid=35502EEB8067F1&ft_id=&ftcustom=&ftsection=&fttime=1505880237&ftcfid=6825920&ftguid=3165AF587F7584
I removed the client value and some other fields and replaced with REMOVED for anonymity purposes but I was wondering if anyone can tell me if it's malware.
I have a site that uses wordpress in the cloud and I have scanned with wordfence saying that my site is clean.
Was wondering if I should look deeper, or if this behavioral page is normal.
Amobee and Flashtalking are both advertising platforms, so it looks somebody has configured advertising tags incorrectly. Probably those clicks should be routed through the respective platforms (e.g. to record data for bid management or something like that) and instead they go directly to your page with redirect Urls appended. If you do paid advertising then you should check with the people who configured this for you.
Related
Two days ago we posted a new blog on a site with the aim of being picked up for the search term "live comedy in chippenham". It’s been indexed by Google and we’re now 2nd in the results for the search query. The bad news is that for some reason the post has been indexed as a https URL so all browsers give a warning when the link is clicked.
Firefox gives this error:
The owner of www.neeld.co.uk has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
The host has confirmed that it's not a server config error and we have other posts and pages on the site that are being indexed correctly. We're using WordPress and the Yoast plugin. I can't see anywhere in Webmaster Tools that could be causing the problem.
Can anyone offer any advice please? If you search Google for "live comedy in chippenham" you'll see the issue (it's the link https://www.neeld.co.uk/live-comedy-in-chippenham/)?
It's a really strange one but something I've experienced before.
It has mostly likely been caused by an external link to the page using https protocol which Google has followed before indexing the page. Google are very keen to index https pages at the moment so we might start seeing this kind of issue more often.
There's not a lot you can do other than wait for Google to realise their mistake and list the correct URL in the SERPS. You can help speed this along with a canonical link (which I can see is there), XML sitemap (which you've got) and a server level redirect of https to http.
Do not try to remove the page in Webmaster Tools as this won't have the desired effect and will stop Google reindexing the page properly.
Hope this helps.
As the title says. I have an ASP.NET web application that I published to my azure account. I did a little SEO and it should show up somewhere on the search engines but it doesn't.
It doesn't even show up if I type in the address in the search field. It works fine when typing the URL in address field.
My azure subscription is "Pay-as-you-go".
Any tips or answers are appriciated!
Thanks!
My answer mainly pertains to Google. How long have you waited? It's my experience that it takes a few days to a week minimum to start showing up (if you're using Google sign up for their web master tools and when you submit your site you can see when it's indexed and what pages are indexed which is important because they may skip content they deem is duplicated elsewhere whether it is or not). It's also my experience (using Azure) that sub domains on "azurewebsites.net" end up with poor SEO but if I have a full domain on my site it ranks much higher.
I also assumed that you submitted the site to the search engines, if you haven't site up for a web master account and do that (Bing and Google both have these).
http://www.bing.com/toolbox/webmaster
https://www.google.com/webmasters/tools/home?hl=en
In Google you can also search specifically for your site to see what comes back which will indicate that others can get to your stuff (even if it's buried 100 pages deep in other searches):
site:[your site].azurewebsites.net
By checking the WordPress stats we get the idea that how many times a WordPress plugin is downloaded. But this is not the number of how many users for that plugin, right. Same user will download the plugin when a new version releases.
So do we have any tools or stats to get the total number of unique users for a WordPress plugin??
I did a research on the matter. And the answer is no.
Quotes from Otto comments in this 2010
article
about the stats charts in every plugin's page.
[...] the download count includes direct downloads as well
There is no “raw count” anywhere on that version number chart. The raw count is not data that will be made available.
For your own plugin, you can use tracking as #PeterVanDerDoes points out.
Curiously, the plugin I used as example in the research, WordPress SEO by Yoast, is the same that does this kind of tracking. And here's a nice discussion about it.
I'll reproduce the relevant part of the plugin development official guidelines:
7. No "phoning home" without user's informed consent. This seemingly simple rule actually covers several different aspects:
No unauthorized collection of user data. For example, sending the admin's email address back to your own servers without permission of the user is not allowed; but asking the user for an email address and collecting if they choose to submit it is fine. All actions taken in this respect MUST be of the user's doing, not automatically done by the plugin.
All images and scripts shown should be part of the plugin. These should be loaded locally. If the plugin does require that data is loaded from an external site (such as blocklists) this should be made clear in the plugin's admin screens or description. The point is that the user must be informed of what information is being sent where.
In general, things like banner or text link advertising should not be anywhere in a plugin, including on its settings screen. Advertising on settings screens is generally ineffective anyway, as ideally users rarely visit these screens, and the advertising is low quality because the advertising systems cannot see the page content to determine good ads. So they're best just left off entirely. Putting links back to your own site or to your social-network of choice is fine. If the plugin does include advertising from a third party service, then it must default to completely disabled, in order to prevent tracking information from being collected from the user without their consent. This is the method commonly known as "opt-in".
Note that if you do include what we consider to be "advertising spam", or attempt to game somebody else's advertising system, then we will not only remove your plugin, but also report your code to the advertising system's abuse mechanism as well. We do not react kindly to spam. Don't try it.
The only way I can think of that you could track something like this is by having the plugin phone-home with some stats to your own server.
Just make sure users can select to opt-out of tracking.
An issue was brought to me involving malware on a WP environment. When I search the brand in Google and click the corresponding link, I'm redirected to a 3rd party spam site.
This has been happening for a while (over a week), but my site hasn't been put on Google's blacklist. Additionally, site scanners like , Norton Safeweb, etc. all claim the site isn't compromised.
Additional details:
I found and deleted some suspicious PHP eval() functions and then did a search and replace in my pages and database for any remaining code. After the site cleared into un-blacklisted status with Google I thought it was all over, ran updates and took numerous measures to protect the site from future infection.
However the issue still persists.
Were the nameservers ever changed by the malware or attackers? Google could have the wrong DNS information for your domain and thinks its hosted at said spam site? Resubmit your site to Google or report the issue to them to resolve (may also be resolved automatically next time Google tries to crawl your domain)?
It is a strange issue I have not seen before either, have you looked at your .htaccess file in the root directory? It is also possible that this has a rewrite condition that if the referrer is Google to redirect you to the spam site.
Solved this issue. At the time when this happened, this redirect attack was fairly new.
HTTP requests from visitors who passed referrer data from Google Search or Bing were being redirected, some of the time.
By targeting only those coming in from search, the webmaster or site owner is less likely to see the issue (until informed by a third party), while still manipulating a decent amount of the traffic (50% of traffic for most sites comes from search engines).
When I originally posted this question in 2012, this attack was new and because the redirect was being served server-side (directly in a lone PHP file, not via .htaccess), malware signatures from scanners didn't detect this.
Running Maldetect (with an updated database) was the best way to quarantine this issue and analyze the extent of the damage caused by malware.
This issue seems due to wp-vcd Malware that creates rogue WordPress admin users and injected spam links. I faced the similar issue and it got resolved after following these steps.
The files you should check for and delete:
wp-feed.php
wp-vcd.php
wp-tmp.php
Multiple copies of class.theme-modules.php, and
remove a bunch of code from the start of all the functions.php files.
For details you can find on this issue at following links...
https://wordpress.org/support/topic/wp-feed-php/
http://labs.sucuri.net/?note=2017-11-13
http://labs.sucuri.net/?note=2017-11-13
I want to track traffic for mysite.com/current-campaign/ and careless about traffic on mysite.com in general.
Is it ok to place the GA tracking code in the files inside the /current-campaign/ folder or does it HAVE TO be in the root of the server for tracking to work?
GA will only track on the pages you actually put the tracking code on, regardless of where the page is located (unless you start messing with things like domain settings or filters etc..).
So IOW yes, it is okay to do that. If you don't have tracking code on mysite.com/somePage.html then it's not gonna track that page (though it might show up as the URL in some reports like referring URL or exit link or whatever, same as any other page you don't track)
In Google Analytics, you can add a filter to the profile and filter all but the chosen directories. Go to Analytics Settings > Profile Settings and look for "Add Filter" link.
In addition to Crayon's answer, you can limit tracking to a subdirectory by using _setCookiePath() function in your tracking function. See Analytics documentation on single subdirectory (note the link anchor is not resolved to a correct header, at least for me).
This is advised in the documentation to use when you only want to track a subdirectory and avoid clashes with Analytics trackers possibly in use in other subdirectories.
I work for a department in a large university.
The department's web page resides at www.some-uni.com/department-name/.
I only have FTP access to the sub-folder /department-name/ and nothing else on the site.
It was quite easy to get Google Analytics to track traffic within the subfolder /department-name/, ignoring the rest of the site. All I did was create a profile in GA, setting the default url to www.some-uni.com/department-name/. I then pasted the tracking code into the pages I wished to track.
It took about eight hours for anything to show up in GA, but after that it worked just fine.