A non existent page is showing up on my analytics.

Interesting technique!

Thanks for clearing this up Samuel! Good to know we need not worry about it ??

I’ve been getting the same for the last 2 weeks or so. I found this post on how to set up an .htaccess file to block it. I’ve set that on my site, time will tell if it helps.

I’ve noticed the same thing today, from Moscow. I did click the link from analytics and it referred to a Amazon page.

I read the wiki article … but its all Greek to me.

Hope there is no threat to my site.

Same thing on my site https://www.assetbytes.com and started happening in the last 2 weeks. Going through all the information definitely looks like referrer spam. The following link shows how to easily remove this data from Google Analytics

https://plus.google.com/+GoogleAnalytics/posts/2tJ79CkfnZk

Just happened to me too – I also use Yoast SEO. Is there a connection here?

I get the same thing, but I don’t use Yoast. I use Google Analytics Dashboard for WP.

Yes, thank you, to everyone who posted here.

…I’m still curious though, why the different forum numbers for each different website? If they are only sending out bots to trigger analytics to redirect to amazon, shouldn’t all the referral links be the same?

Just posting in case it helps someone.

I’ve been “attacked” by the 92.63.88.86 IP (seems to be from a Latvian Wi-Fi company, so untraceable). Apparently the attacker somehow managed to get one of the site’s admin credentials (I guess he brute-forced the existing admin username, but not sure), then used a script to automatically login and upload the WSO PHP Shell in my current theme folder through the Theme Editor in WordPress.

If the above paragraph is hard to understand to you, to check if the same thing happened to you, you want to:

• If it’s the same attacker, he used the gfeed.php filename for the WSO shell. Search for it in your installation
• If that doesn’t work, search text inside files for the string “wsoHeader”. It’s the first function in the WSO shell source code.

If you get results for the above searches, you might be in trouble. The WSO shell gives the attacker absolute control on everything the web server can get to. That means that apart from creating/editting files freely, he will also have access to at least the WP database.

Luckily for me, it seems in my case the attacker only managed to create a new Administrator user before I cleaned up. Still checking though.

To know if the attacker used the shell in your system, search for the filename you found on the above searches in the apache access log. If there’s more than 1 entry, the attacker has been using the shell in your system.

It’s not possible to know what he has done, so my advice is that you load a backup without the wso shell file.

Im also getting a visit from this site..

Also from russia.
My website https://www.bloem-creative-webdesign.nl
Im from Holland.

Other domains on my vps are currently hacked.
I Don’t trust it at all.!!

What happend is they keep accessing /wp-includes/png/config.bin..

Hope it Will help.

Correction i investigate this a litle..

On all of my domains are the same visite from the dadaro forum..

On Another website was recently created a New user on the wp admin.
I had 3 visitors this month all 3 from that forum. (That website is on hold so we Don’t use it right now.)

Sorry for my bad englisch..

Hope it helps!

And yes all sites running seo wordpress by Yoast.

I too see this.

I to have the ‘do not post this link’ that goes to Amazon. I see Moscow and Samara Oblast as source. I had 2 visits from Moscow and one from Samara Oblast so far (14-12-14).

I have co.lumb showing up.

And yes I have Yoast SEO installed.

If you’re seeing these as “Pages” and not “Referrers”, then it is possible that your site has been hacked in some manner. If somebody is running code on your site that causes a redirect to that other co.lumb site, then your analytics plugin may be picking that up and showing the redirect as a page on your site.

This likely isn’t the fault of the analytics plugin, it’s just showing up there because that’s where the links are redirecting to.

Check your site’s files and see if there’s anything amiss, just in case. Also look in the access logs to see where the links doing the redirecting are going.

It can also be a “noise” generated by a website, an extension or a bot (capable of running javascript) acting as webcache.googleusercontent.com and translate.googleusercontent.com does.

For example webcache.googleusercontent.com simply loads your page from cache (and of course that will include your analytics code generating a pageview with a different hostname) (@fraenk). And sadly there are more ways to achieve this …

I can eliminate this “noise” from reports but I would like a second opinion from GADWP users (@ljcriswell and @brucekaiwi what do you think? It will help?).

Also, a quick check as @otto42 mentioned won’t hurt!

Hi, so I found the link in my google analytics traffic sources like you guys and opened the link. How do I know if my website is at risk? An amazon page appeared when I clicked the link?

Any help would be appreciated I am not very html savvy,

Thanks