Detect Fake CLicks and Impressions Ads Project - ip

I am creating a mobile ads project and I need to detect real ip/user_agent/os and all that stuff. I am able to track them down but my problem is I will give the publisher php code and will detect everything on their servers and then send a POST request to my server to store data but since I am giving the code to them they can modify it and send fake IP/os/user agent and impressions to earn more.
I can't encrypt my code. Can any one answer with best solution to stop this issue?

I found a way to do it
i am storing everything in cookies now so will be bit harder for publishers to flood

Related

I deployed a Meteor site about a week about and told no one. Google Analytics says I have 312 users & 345 sessions. Why?

I'm very new to online analytics. I just deployed a site a few days ago, told no one, and Google Analytics is saying I have hundreds of users and sessions all over the world.
Even if events are logging from my own development, there shouldn't be so many users (and so many sessions...I'm not developing THAT vigorously.)
Also, my server logs indicate the level of activity I expect: ~0. So it's not like I'm magically getting traffic somehow. It really is nonexistent.
What could be going on? I can understand seeing a few sessions here and there, for web crawlers, but I don't understand why the numbers are so high.
Any common gotchas?
I realize this is a vague question, but I'm not sure what other information to provide, so please let me know what I can do to help.
Traffic source
First check, if traffic comes through your website (through your analytics.js library). To do this, just remove analytics.js for a while and check, if traffic is still going into Google Analytics (e.g. Realtime report).
If is still going, maybe somebody use Measurement Protocol to spam your account.
To prevent this, add, for instance, custom parameter into your call and create filtered view only for this. All without this param, throw away.
Check sessions and returning visitors
Check, if the traffic is random (usualy one pageview per session) or if the behavior of users is normal.
Custom client ID
Check if you dont play with client ID in analytics.js configuration. IF you dont have random number generator there.
Check traffic source (referal), browsers
If there is one significant, or there is some pattern in versioning (absolute randomness is pattern too)
Preventing random access through website
For every visitor who is first-time on your page, set up a cookie with current timestamp. If cookie is not older than e.g. hour or day, do not track this user. Or buffer hits and fire them later after you prove the user is real.
Anyway, if you have some new hints or information from your analysis, we should help you better. This is still like reading a magic sphere :-)

hitCallback - Workaround if the Chinese Firewall blocks Google

I've researched but found some old information, and not exactly on topic. Also, my dev team is completely overworked and speak Chinese only, so I want to get as much work out of their hand.
We use universal analytics.
I have a multi-session goal. Users complete the sign up process, and an activation e-mail is sent to their account. After they click this link, they'll reach an ActivationSuccess page which immediately forwards them to the home center of the log in part.
Problem right now is that the forward goes too fast for GA to recognize the hit. I'm thinking about alternative solutions, and I think the hitCallback function is the best option.
My only concern is that if I add the hitCallback function and The Chinese Great Firewall blocks google, the Callback will never be made.
I'm thinking about different solutions, which will impact the user as little as possible, in order of preference:
Add the hitCallback, and know that Google will forward even if analytics.js can't reach the google page (this is my main question), or set a timeout.
Add the hitCallback + a 'click here' tag so that IF the callback doesn't come the user can manually forward himself, without sending the GA code.
Add a 3-second delay before auto-forwarding. This will surely fire the analytics.js script, but will impact the user experience heavily.
Add cookie tracking method: Add a cookie on the ActivatedSuccess page and retroactively send this in the next page. This is maybe the most elegant way, but requires more coding and a deeper understanding of GA than my Chinese dev team has.
So, I have three questions:
Will the hitCallback function still work if the host can't access Google?
Is it possible to create a timeout so that if users wait for more than 300 MS they get forwarded anyway?
Of my possible solutions, which one do you think would be the best, knowing that I have limited knowledge of coding and my dev team can't read Chinese?
(We don't use Baidu analytics, because that slows the page way down for users outside of China; up to 45 (!) seconds because they don't support asynchronous loading, Google works faster in China than Baidu in the West).
Thank you so much for your help!
Try This. It checks to see if GA is loaded. If not you can still place the redirect in the else.
https://www.domsammut.com/code/workaround-for-when-the-hitcallback-function-does-not-receive-a-response-analytics-js

Is there a way to track/record via Google Analytics visitors that visit my site via Flipboard?

I've been sniffing through my Apache log files and noticed hits which mention
FlipboardProxy/1.1; +http://flipboard.com/browserproxy
Is there a way to track/ID these users via Google Analytics so that I can understand what percentage of my visits are via Flipboard?
From what i read on flipboard:
Flipboard uses a proxy service to fetch, validate, and prepare certain
elements of websites for presentation through the Flipboard
Application.
Retrieving parts of your website to present it in flipboar, they are not actually real visits to your site.
But if you still want to track those requests in analytics then you would need to write a php that sniffs user agent and trigger a gif request to analytics.
IF they're not showing up in the Browser & OS Report; they're probably not running javascript and/or block GA.
Something along those lines might end up here. Right now it shows data at a snapshot only though.
http://ripl.io/flipboard-analytics/

Google Analytics posts monitoring addon for WordPress

I'm assigned to create a WordPress plugin that displays recent visits graph under each post in WordPress. I'm struggling with the authentication of the data and general structure of plugin. My first question would be whats the most efficient way to authenticate with Google API for this kind of task?
I was looking into the AuthSub but i cant understand the concept of next parameter in the query. It should be the landing page after authorization, but how can i make it work dynamically with all the different posts?
In OAuth i'm getting a bit lost in terminology.
Second question is how often should the Google API be queried for the results. I mean is it rational to make smaller request every time visitor opens a page or maybe its rater optimal to download the data for the pages once and keep it in local xml and refresh it on some intervals?
As an idea of the plugin overall structure i was thinking of making a php file which would generate the graph out of the GA feed and would do it so when called from post hook via ajax. This would be controlled by passing parameters of the post to that php file.
Would that structure make sense or there is an easier way to preform the task?
I would really appreciate if someone pointed me in right direction especially in authentication problem.
The most important thing to do first is to lay out your design. You don;t want the user of your site to authenticate on the GA API. Because he doesn't have access to your data. So you'll have to login with your own credentials on the backend. And just cache the metrics you want to display on the screen. So, from the user perspective, there's no way to tell if you're using Google Analytics or any other web analytics product.
Since you're working with Wordpress and you'll need to do the data pull on the backend you probably want to do that using PHP.
You should take a look at this PHP library.
http://code.google.com/p/gapi-google-analytics-php-interface/
Even though it's not google officially supported it's pretty good and you won't have to worry about the process of authentication.
It doesn't make sense to query GA every time the user visits your site. Besides impacting the load heavily the GA API has some latency and GA is not a real time tool. The data freshness on your GA data depends on how much data you get. If you are a small blog it can take 2-4 hours to process the data. If you're a big blog it can take up to 48h. So for that reason I'd query the API every 4 hours or so and just cache the data for all your pages. When you render the page it's just a matter of getting it from the cache/db.
To plot that data there are plenty of options around there. I'd suggest you to start with Google Chart Tools.

How does google-analytics guarantees that the tracking record is coming from the real site

When you sign up to google analytics it instructs you to use a javascript snippet on every page you want to track. This code includes an API key, which is visible to everyone who views your source code.
How does it guarantees that the request is coming from the real site, and not from a third-party who wants to mess with your statistics? Does it check the HTTP Referer header? Even that is not safe, as it can be forged.
GA doesn't (to the best of my knowledge) attempt to verify that the site ID (the UA-XXXXX-XX code) matches a domain specified in the GA setup - I think this is a good thing, as you can track a bunch of related sites as though they were a single site (think single-product minisites, for example). However, this does leave the GA profile open to accidental or malicious use of the UA code on other unrelated sites.
The easiest way to fix this is to add a filter onto the GA profile which restricts reported data to a specified referrer hostname set. This will clean out the accidental typo problem, but malicious types would be able to work around this if they were really interested (but they'd be more likely to grief your PPC campaigns instead).

Resources