• Jose Uzcategui

    Thanks Andrew for the great tip.

    To my knowledge, we haven’t experienced any serious security threats or attacks. Either way, I think it’s a good alert to have just in case :)

  • Pingback: Détecter tentative de hack avec GG Analytics

  • Rat Mort

    Thanks for sharing this tips, but I don’t think analytics is the best tool to do such monitoring. It nice to understand how “Intelligence” works in Analytics, but from my opinion, hacking detection should be linked to a specific action to be efficient, like banning the ip, or redirecting the hacker to a temporary page for a while to limit bandwith. Analytics is not designed for that at all.
    When do you recieve the email? In real time, or once the data are processed, few ours to 24 h later?

  • Brian Clifton

    Nice lateral use of GA here :)

    One comment – if a bot doesn’t set cookies, Google Analytics will not be able to track/report on the visit – it needs *both* JavaScript and cookies in order to receive data.

  • Julien Coquet

    Nice post Andrew!

    Of course, you could complement this method with server-side GA tracking (with mobile tracking for instance) ;-)



  • Jason Smith

    Great advice and the useful email alert. Forewarned is to be forearmed. Thanks

  • Andrew Burke

    Glad to be of help! Hopefully you won’t need it but as you said good to have just in case.

    Thanks for the catch, I’ve updated the post to reflect this.

    You certainly could, this would help you detect non-JavaScript attacks as well.

    You are right; analytics isn’t the best tool to use to monitor hacking. However often times web analysts are consultants who either do not have direct access to a client’s server, or do not know how to the setup anti-hacking techniques you mentioned. This is just a way for a web analyst to detect an attack, further measures must be taken to stop it. You should receive the email alert sometime the next day once Google Analytics has finished processing the previous day’s data.

    You’re quite welcome!

  • SEO Brighton

    great article – I suspected one of my sites had been hacked and followed the Google analytics alert suggestion and it worked – thank you so much :)

  • Andrew Burke

    @SEO Brighton

    Glad to hear it was of help!

  • maurice

    well this is only going to detect trafic on port 80 – say a brute force attack to guess passwords or a DDOS.

    its not going to replace a proper ICE system

  • Iyabo

    This is so good to know. I have experienced some unusual spikes on some of my sites which i really cant explain. This makes it all easier Andrew thanks.

    I will have to do this and see how it works out.

    Thank you for this insightful post.

  • Hal1

    Hacking on site caused endless tech headaches but hijacked pages did not cache.

    beware the single client sign on. Turns out Drupal Open Source really is open source unless you change the setting.

  • acs

    Thank you SOO MUCH! I was wondering why I had so much direct traffic. Weird thing was my bounce rate stayed just under 2%. Which made no sense as they didn’t last longer than 1 second on my page.

  • Ice

    Thank you for the important insight! I would have liked to implement this PHP script to track non JS enabled bots . Hope I can find an version of this functionality!

  • AKSteve

    I had such a spike for the last two days. What are they after? What damage to my site should I be looking for? (I’m on Blogspot). What, if any are the long term affects to my blog?