Google Analytics 4 如何查看 Referrals 流量来源,以及建立报表
Google Analytics 是一个网站流量统计程式。我觉得对于一般人来说,Analytics 的功能太多了,里面有一些名词也不是很好懂,导致进到 Analytics 网站后很难找到想要查看的资料!
本网页的教学要带你查看 Analytics 里记录的“Referral”资料,这 Referral 资料可以让我们了解访客是从哪个网站转介到我们的网站。
Google Analytics 是一个网站流量统计程式。我觉得对于一般人来说,Analytics 的功能太多了,里面有一些名词也不是很好懂,导致进到 Analytics 网站后很难找到想要查看的资料!
本网页的教学要带你查看 Analytics 里记录的“Referral”资料,这 Referral 资料可以让我们了解访客是从哪个网站转介到我们的网站。
Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), is a network protocol that encrypt communications between TLS servers (e.g., websites) and TLS clients (e.g., web browsers). Every communication is secured by a cipher suite: a combination of several algorithms working in concert. Cryptographic algorithms do not have a defined lifetime, but academics, researchers, and nation states are constantly evaluating them for weaknesses. Consensus on which algorithms are untrustworthy evolves over time, and if a communication is protected with a weak cipher suite then that communication can be altered or decrypted.
The SSH server is configured to support either Arcfour or Cipher Block Chaining (CBC) mode cipher algorithms. SSH can be configured to use Counter (CTR) mode encryption instead of CBC. The use of Arcfour algorithms should be disabled.
The SSH server is configured to support MD5 algorithm. The cryptographic strength depends upon the size of the key and algorithm that is used. A Modern MAC algorithms such as SHA1 or SHA2 should be used instead.
Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), is a network protocol that encrypt communications between TLS servers (e.g., websites) and TLS clients (e.g., web browsers). Every communication is secured by a cipher suite: a combination of several algorithms working in concert. Networking protocols do not have a defined lifetime, but academics, researchers, and nation states are constantly evaluating them for weaknesses. Consensus on which protocols are untrustworthy evolves over time, and if communications are sent with a weak protocol then that communication can be altered or decrypted.
The site responds to HTTP requests without ultimately redirecting the browser to a secure version of the page. Since the site allows plaintext traffic, a man-in-the-middle attacker is able to read and modify any information passed between the site and the user. There are a variety of situations in which an attacker can intercept plaintext traffic in a man-in-the-middle position, including but not limited to:
It's important to remember that in many of the above situations, an attacker can not only read traffic, but also actively modify the traffic. Even if a site that does not contain sensitive information, an attacker can still inject malicious content to a user’s browser.
近期 Facebook 粗爆地将用户分享的网址加入了“fbclid”参数,借此可以知道网页是从 Facebook 的哪个地方分享过来的,例如:
http://www.vixual.net/blog/archives/107
经过 Facebook 分享后会变成:
http://www.vixual.net/blog/archives/107?fbclid=IwAR1nXHK4zzzPFEvJHk41Dzgew0lq5BzIoMqHPx05UVmWRQKorKan492B0h0
fbclid 参数竟然有 61 个字符,让过去有在弄短网址的都直接破功了。
Read more
MediaWiki 默认只能上传 png、gif、jpg、jpeg 这些图档,我们可以在 LocalSettings.php 编辑:
$wgEnableUploads = false; $wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg' );
加入你额外想要上传的档案类型 (找不到这两行的话就自己加上去):
$wgEnableUploads = true; $wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'zip', 'pdf', 'rar' );
上面的目的是为了可以额外再上传 zip、pdf、rar 类型的档案。可惜事与愿违,上传 pdf 与 rar 档都没问是,但要上传 zip 档却给我出现:
MIME 类别 "application/zip" 不是容许的档案格式。
原来是因为 MediaWiki 有设一些副档名的“黑名单”,刚好 zip 就在其中,设定档在: includes/DefaultSettings.php
找到内容:
$wgMimeTypeBlacklist= array(
# HTML may contain cookie-stealing JavaScript and web bugs
'text/html', 'text/javascript', 'text/x-javascript', 'application/x-shellscript',
# PHP scripts may execute arbitrary code on the server
'application/x-php', 'text/x-php',
# Other types that may be interpreted by some servers
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
# Client-side hazards on Internet Explorer
'text/scriptlet', 'application/x-msdownload',
# Windows metafile, client-side vulnerability on some systems
'application/x-msmetafile',
# A ZIP file may be a valid Java archive containing an applet which exploits the
# same-origin policy to steal cookies
'application/zip',
);
将“'application/zip',”删除即可。
至于上传 zip 档未来的后果会是如何...这我就不能预料了。
“iframe (内置框架)”是用来在网页中的特定位置嵌入另一个网页。目前 Facebook、Google+、Twitter...等用来在网页上显示社群内容的社群元件,几乎都是以 iframe 实作出来的。
原本框架是一种很好的应用,但如果是自己辛苦制作的网页被别人的网站以 iframe 嵌入,因而出现在别人的网站里,成为别人网站的一部份!!这种感觉就像是自己的心血被别人整碗捧走一样!!
于网页的原始码加入以下 Script:
<script type="text/javascript"> if( top.location != document.location ){ top.location.href = document.location.href; } </script>
以上的 Script 会检查浏览器最上层视窗的网址是否与目前网页的网址一致,如果不一致,则把最上层视窗的网址改为目前网页的网址,就酱。
于网页的原始码加入以下 Script:
<script type="text/javascript"> if( top.location != document.location ){ document.write("<h1 style='color:#FF0000'>未经授权嵌入别人的网页是可耻的行为!!</h1>(<a href='"+document.location+"' target='_blank'>原站网址</a>)"); } </script>
以上的 Script 会检查浏览器最上层视窗的网址是否与目前网页的网址一致,如果不一致,就显示:
未经授权嵌入别人的网页是可耻的行为!!
(原站网址)
我比较不喜欢与人家互呛,所以我通常是用“方法 1”啦!
我们解决了什么问题?我们创造了什么价值?
近期回响