Options

Google Analytics and Password-Protected Pages

greenbutterbeangreenbutterbean Registered Users Posts: 11 Big grins
edited April 25, 2016 in SmugMug Support
I use my site for sharing photos with a small group of family and friends. I have the basic Google Analytics on my site, which is password-protected. The galleries on the site are unlisted. I've received some hits on the unlisted galleries from unfamiliar cities. Does the fact that I have a hit on an unlisted gallery that is also password protected mean someone has hacked my password? Is there a way to track whether someone has successfully logged into my site? I appreciate your patience and your help!

Comments

  • Options
    Hikin' MikeHikin' Mike Registered Users Posts: 5,453 Major grins
    edited April 12, 2016
    Are you seeing hits on GA? If so, you may be seeing ghost referrals.
    - Mike
    Images in the Backcountry

    My SmugMug Customizations | Adding CSS to Your Site | SEO for the Photographer | Locate Your Page/Widget Number | SmugMug Help Desk
  • Options
    greenbutterbeangreenbutterbean Registered Users Posts: 11 Big grins
    edited April 12, 2016
    Yeah, the hits are in GA. Do I identify ghost referrals by looking at the source/medium page? If so, then I do have some ghost traffic that says "domain.com / referral" under source/medium, but their landing and exit pages are my homepage. Those hits also have a 100% bounce rate and a 0 second session duration.

    I'm concerned about the traffic that shows "(direct) / (none)" for source/medium and the landing and/or exit pages are unlisted galleries that have the inherited password for my site. Those hits show multiple pages/session and a few minutes for the session duration.

    Any thoughts?
  • Options
    Hikin' MikeHikin' Mike Registered Users Posts: 5,453 Major grins
    edited April 12, 2016
    Reporting > Acquisition > All Traffic > Refreralls
    - Mike
    Images in the Backcountry

    My SmugMug Customizations | Adding CSS to Your Site | SEO for the Photographer | Locate Your Page/Widget Number | SmugMug Help Desk
  • Options
    greenbutterbeangreenbutterbean Registered Users Posts: 11 Big grins
    edited April 12, 2016
    When I navigate there, the only source listed is my domain. When I select city as my secondary dimension, the cities I'm concerned about aren't listed. The referrals all have 100% bounce rate, 1 page/session, and 0 minutes as the session duration. It seems like these are the same hits as the "domain.com / referral" from the source/medium page.
  • Options
    Hikin' MikeHikin' Mike Registered Users Posts: 5,453 Major grins
    edited April 12, 2016
    I've never used the 'Secondary Dimension', so I really don't know.
    - Mike
    Images in the Backcountry

    My SmugMug Customizations | Adding CSS to Your Site | SEO for the Photographer | Locate Your Page/Widget Number | SmugMug Help Desk
  • Options
    greenbutterbeangreenbutterbean Registered Users Posts: 11 Big grins
    edited April 13, 2016
    Thanks, Mike.

    Anyone else have any ideas?
  • Options
    greenbutterbeangreenbutterbean Registered Users Posts: 11 Big grins
    edited April 15, 2016
    Can anyone else please help? Thanks!
  • Options
    rnrjoshrnrjosh Registered Users Posts: 266 Major grins
    edited April 15, 2016
    It's hard to say without seeing more data, but those hits are likely legitimate gallery views, based on what you've described here. A direct link would be the only way to access an unlisted gallery, so it may be that those are just normal views of your Unlisted galleries, for visitors you've shared those with. Someone may be traveling, or possibly using a VPN, which could show a different geographic location than you would expect. It's also possible that someone you shared a gallery with has simply forwarded the link/password to someone else to allow them to view as well.

    SmugMug will send out email notifications to you if someone tries to access a passworded area of your site and has 3 or more failed attempts to access the passworded area (whether that's a gallery, folder, or even your main account login). If you are not receiving emails from SmugMug about failed password attempts, that probably means that there have been no 'brute-force' attempts to access the passworded area.
    Josh
    SmugMug Support Hero
  • Options
    greenbutterbeangreenbutterbean Registered Users Posts: 11 Big grins
    edited April 18, 2016
    Thanks so much. This is helpful. I haven't received any notifications from SmugMug about failed password attempts, so your explanations are probably the most likely scenarios.

    Is there code I can add to my site to use Google Analytics to see if a user has entered a password? I read something about event tracking, but I have no idea to go about it.
  • Options
    TeachTeach Registered Users Posts: 320 Major grins
    edited April 19, 2016
    I am very sorry but there is not a way to add code to see if a user has entered a password. We also do not support event tracking with Google Analytics at this time. We only support the standard basic tracking at this time.
    Heather
    SmugMug Support Hero
  • Options
    greenbutterbeangreenbutterbean Registered Users Posts: 11 Big grins
    edited April 25, 2016
    Thanks so much for all of the help! I found an interesting article about the accuracy of GA location, especially with mobile devices that are not connected to wifi. For mobile devices in the US, the error may be hundreds of miles. I tested the location with a desktop and mobile device using the real-time feature. My mobile device location was about 400 miles off from my actual location when I turned wifi off. My "strange" hits were all from mobile devices. Anyway, I wanted to share the article in case any one else was encountering this issue.

    Here's the article: http://searchengineland.com/google-really-know-230001
Sign In or Register to comment.