Google Analytics 4 如何查看 Referrals 流量來源,以及建立報表
Google Analytics 是一個網站流量統計程式。我覺得對於一般人來說,Analytics 的功能太多了,裡面有一些名詞也不是很好懂,導致進到 Analytics 網站後很難找到想要查看的資料!
本網頁的教學要帶你查看 Analytics 裡記錄的「Referral」資料,這 Referral 資料可以讓我們了解訪客是從哪個網站轉介到我們的網站。
Google Analytics 是一個網站流量統計程式。我覺得對於一般人來說,Analytics 的功能太多了,裡面有一些名詞也不是很好懂,導致進到 Analytics 網站後很難找到想要查看的資料!
本網頁的教學要帶你查看 Analytics 裡記錄的「Referral」資料,這 Referral 資料可以讓我們了解訪客是從哪個網站轉介到我們的網站。
Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), is a network protocol that encrypt communications between TLS servers (e.g., websites) and TLS clients (e.g., web browsers). Every communication is secured by a cipher suite: a combination of several algorithms working in concert. Cryptographic algorithms do not have a defined lifetime, but academics, researchers, and nation states are constantly evaluating them for weaknesses. Consensus on which algorithms are untrustworthy evolves over time, and if a communication is protected with a weak cipher suite then that communication can be altered or decrypted.
The SSH server is configured to support either Arcfour or Cipher Block Chaining (CBC) mode cipher algorithms. SSH can be configured to use Counter (CTR) mode encryption instead of CBC. The use of Arcfour algorithms should be disabled.
The SSH server is configured to support MD5 algorithm. The cryptographic strength depends upon the size of the key and algorithm that is used. A Modern MAC algorithms such as SHA1 or SHA2 should be used instead.
Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), is a network protocol that encrypt communications between TLS servers (e.g., websites) and TLS clients (e.g., web browsers). Every communication is secured by a cipher suite: a combination of several algorithms working in concert. Networking protocols do not have a defined lifetime, but academics, researchers, and nation states are constantly evaluating them for weaknesses. Consensus on which protocols are untrustworthy evolves over time, and if communications are sent with a weak protocol then that communication can be altered or decrypted.
The site responds to HTTP requests without ultimately redirecting the browser to a secure version of the page. Since the site allows plaintext traffic, a man-in-the-middle attacker is able to read and modify any information passed between the site and the user. There are a variety of situations in which an attacker can intercept plaintext traffic in a man-in-the-middle position, including but not limited to:
It's important to remember that in many of the above situations, an attacker can not only read traffic, but also actively modify the traffic. Even if a site that does not contain sensitive information, an attacker can still inject malicious content to a user’s browser.
近期 Facebook 粗爆地將用戶分享的網址加入了「fbclid」參數,藉此可以知道網頁是從 Facebook 的哪個地方分享過來的,例如:
http://www.vixual.net/blog/archives/107
經過 Facebook 分享後會變成:
http://www.vixual.net/blog/archives/107?fbclid=IwAR1nXHK4zzzPFEvJHk41Dzgew0lq5BzIoMqHPx05UVmWRQKorKan492B0h0
fbclid 參數竟然有 61 個字元,讓過去有在弄短網址的都直接破功了。
Read more
MediaWiki 預設只能上傳 png、gif、jpg、jpeg 這些圖檔,我們可以在 LocalSettings.php 編輯:
$wgEnableUploads = false; $wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg' );
加入你額外想要上傳的檔案類型 (找不到這兩行的話就自己加上去):
$wgEnableUploads = true; $wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'zip', 'pdf', 'rar' );
上面的目的是為了可以額外再上傳 zip、pdf、rar 類型的檔案。可惜事與願違,上傳 pdf 與 rar 檔都沒問是,但要上傳 zip 檔卻給我出現:
MIME 類別 "application/zip" 不是容許的檔案格式。
原來是因為 MediaWiki 有設一些副檔名的「黑名單」,剛好 zip 就在其中,設定檔在: includes/DefaultSettings.php
找到內容:
$wgMimeTypeBlacklist= array(
# HTML may contain cookie-stealing JavaScript and web bugs
'text/html', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
# PHP scripts may execute arbitrary code on the server
'application/x-php', 'text/x-php',
# Other types that may be interpreted by some servers
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
# Client-side hazards on Internet Explorer
'text/scriptlet', 'application/x-msdownload',
# Windows metafile, client-side vulnerability on some systems
'application/x-msmetafile',
# A ZIP file may be a valid Java archive containing an applet which exploits the
# same-origin policy to steal cookies
'application/zip',
);
將「'application/zip',」刪除即可。
至於上傳 zip 檔未來的後果會是如何...這我就不能預料了。
「iframe (內置框架)」是用來在網頁中的特定位置嵌入另一個網頁。目前 Facebook、Google+、Twitter...等用來在網頁上顯示社群內容的社群元件,幾乎都是以 iframe 實作出來的。
原本框架是一種很好的應用,但如果是自己辛苦製作的網頁被別人的網站以 iframe 嵌入,因而出現在別人的網站裡,成為別人網站的一部份!!這種感覺就像是自己的心血被別人整碗捧走一樣!!
於網頁的原始碼加入以下 Script:
<script type="text/javascript"> if( top.location != document.location ){ top.location.href = document.location.href; } </script>
以上的 Script 會檢查瀏覽器最上層視窗的網址是否與目前網頁的網址一致,如果不一致,則把最上層視窗的網址改為目前網頁的網址,就醬。
於網頁的原始碼加入以下 Script:
<script type="text/javascript"> if( top.location != document.location ){ document.write("<h1 style='color:#FF0000'>未經授權嵌入別人的網頁是可恥的行為!!</h1>(<a href='"+document.location+"' target='_blank'>原站網址</a>)"); } </script>
以上的 Script 會檢查瀏覽器最上層視窗的網址是否與目前網頁的網址一致,如果不一致,就顯示:
未經授權嵌入別人的網頁是可恥的行為!!
(原站網址)
我比較不喜歡與人家互嗆,所以我通常是用「方法 1」啦!
我們解決了什麼問題?我們創造了什麼價值?
近期迴響