on Friday, June 26th, 2009
There is an article out right now that’s sending companies around the world into a frenzy. The article covers accounts of company websites with the default Google Analytics implementation script, being replaced with a string of characters that do not belong.
We must stress that this hack is not a Google Analytics security issue, it is not an Apache or PHP issue either. It is a server security & maintenance issue.
How to determine if your GA code has been exploited:
- Go to your website, view the source code of a page containing GA code.
- If the typical GA code contains a string of code that does not normally belong, your site has been infected. Look for something like:
“document.write(<”+”i”+”f”+”ram”+”e”…
For more specifics on the actual exploit visit: http://blog.immeria.net/2009/06/google-analytics-targeted-by-hackers.html
Although the explanation of the exploit has been discovered, there is still uncertainty about how the code is being altered. The injection of the exploit is on weak security settings on Apache HTTP servers and unencrypted FTP passwords being used on tools used for editing sites. Once a machine is infected, all commonly used tools are harvested to collect more unencrypted passwords.
Google suggests the following resources to look at if your site has been hacked:
1 Comment
Pingback by Google Analytics Hacked? | 6S Marketing- SFWEBDESIGN.com — July 3, 2009 @ 11:33 pm
[...] post: Google Analytics Hacked? | 6S Marketing Tags: around-the-world, article-covers, article-out, Google Analytics, sending-companies, [...]
RSS feed for comments on this post. TrackBack URL
Leave a comment