For the third month in a row, I am getting referrals to domains I manage from web-based statistics packages with the full username and password in the URL. This allows me to access the site’s web statistics as if I am the admin. How did this happen? The admin sees a referral in their log from one of my sites, clicks on it in the web based admin to view my site. Sounds simple enough, right? Well, the problem is, the stats package contains the username and password in the URL, and when they click on the referral, the URL is passed to MY log and it is recorded. This is a major security hole.
Instead, if you are reviewing your web stats online, do NOT click on the referral link to check out the site, instead, copy and paste into a new browser. This will protect you in case your web stats admin panel can be compromised.
Recommendation: We’ve used Web Stat for years, and have been very pleased with the accuracy, layout and price.
Leave a Reply
You must be logged in to post a comment.