如何谷歌分析prevent交通欺骗 [英] How does Google Analytics prevent traffic spoofing
问题描述
我们希望嵌入AJAX风格的服务为我们的一些每一个独特的API密钥的网站。我可以看到的问题是,因为API密钥存储在JavaScript文件,用户可能会带钥匙,欺骗HTTP引用,使数以百万计的请求下该API密钥的API。
We want to embed an ajax style service into a number of our websites each with a unique api key. The problem that I can see is that because the api key is stored in the javascript file the user could potentially take the key, spoof the http referrer, and make millions of requests to the api under that api key.
所以,我想知道如何谷歌prevents分析欺骗?由于这采用了几乎同样的想法。
So I am wondering how Google prevents Analytics spoofing? As this uses almost the same idea.
我也开放给其他的想法,基本上这里是过程。
I'm also open to other ideas, essentially here is the process.
站点A - >用户< - >阿贾克斯< - > SiteB中
SiteA -> User <-> Ajax <-> SiteB
编辑 - 有什么办法来防止API被滥用,而有它通过AJAX名为
EDIT - is there any way to protect the API from being abused while having it called via ajax?
推荐答案
我不相信有在地方进行任何这类保护措施。交通欺骗是其他谷歌服务,如AdWords一个严重的问题。例如,一个恶意的个人谁是竞标的AdWords会产生许多假的点击他们的竞争对手的广告来驱动他们的广告费用,因此谷歌的股票价格。反过来也是如此,人们会产生在其网站上假货的点击来获得额外的钱在其网站上PayPer点击广告。
I don't believe there are any such protection measures in place. Spoofing of traffic is a serious problem for other Google services, such as Adwords. For instance a malicious individual who is bidding on adwords can generate many fake clicks for their competitor's ads to drive up their advertising costs and thus Google's stock price. The inverse is also true, people will generate fake clicks on their site to get extra money from a PayPer Click ad on their site.
在这一天结束黑客可以聚敛的10000匿名代理服务器列表中没有太多的困难,没有什么可以做这件事。黑客还可以利用僵尸网络,其中一些是数以百万计的大小。从僵尸网络产生的流量可以表现为一个合法的谷歌的Cookie合法的机器,因为他们在那里被劫持。
At the end of the day a hacker can amass a list of 10,000+ anonymous proxy servers without too much difficulty and there isn't much you can do about it. A hacker could also use a botnet, some of which are millions in size. Traffic generated from a botnet can appear to be legitimate machines with a legit Google Cookie, because they where hijacked.
许多代理和bonet'ed机由实时黑名单(RBL)如所述一个运行列举由 http://www.spamhaus.org 和许多合法的IP地址也在此列。也有代理不能用于垃圾邮件,但可用于点击欺诈,因此它们不会在此列。
Many proxies and bonet'ed machines are enumerated by Realtime Black Lists (RBL) such as the one run by http://www.spamhaus.org , and many legitimate ip addresses are also on that list. There are also proxies that can't be used for spam but could be used for click fraud and thus they won't be on that list.
这篇关于如何谷歌分析prevent交通欺骗的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
