Google Analytics Blocked by Ad Blockers

Recently I thought it would be great to know how many users (if any) are visting my blog, main website and other sites on my domain. With that in mind I decided to add some google analytics to my sites in order to simply track the number of users (at least that’s what I want to do for now; google analytics is much more powerful than that, but I have yet to explore those capabilities).

I created a google analytics account (which you can do here) and went through the basic setup. I finally created a properties for my blog and my main website. My main website being the one found here: https://newteq.co.za. Both sites have different tracking codes as I would like to monitor traffic on my main website and my blog site separately.

In order to track activity on the sites, a different approach is required for each, since my blog is a wordpress site and my main website is simply a static HTML website. I proceeded to add the tracking code snippet (information on how to do that can be found here) and then tried to test it out. It wasn’t working… I thought let me give it a day or so and try again, in the meantime, I’ll set up the tracking on the blog site too.

For my blog’s tracking, I installed this plugin by MonsterInsights. It’s a great plugin that lets you authorize the WordPress site to use your google analytics account, and then you can provide the actual tracking ID that needs to be used for tracking. After setting up the MonsterInsigths plugin, I provided the tracking ID and yet again, I was unable to view my traffic on the site. Again, I thought let me just give it a day and check back.

The next day came and I was still having problems. I then found this Tag Assistant chrome extenstion here. And once everything was set up with this extension, I found that I was getting an error. The error read: Missing HTTP Response. After searching around for a while, I came across this page here. On this page, the guy said that he found out that google analytics was being blocked by an Ad Blocker. So I did a little more digging and found this site: Which Ad Blockers are blocking Google Analytics.

A couple of months ago, I moved from AdBlock Plus to uBlock Origin. And from the table given in the above mentioned website, I could see that uBlock was blocking google analytics. I went over to my website, disabled uBlock on my website, and BAM. Traffic was now being recorded.

Now, there are ethical and moral debates that can be had about using Ad Blockers but this isn’t the forum for that. There are similar debates that can be made about tracking users who don’t want to be tracked. For this reason, I would like to implement the following approach on my sites; an article written by the same guy that gave us the wonderful ad blocking table also wrote this: How to track if Google Analytics is blocked – in Analytics! In this article he basically describes that all he wants to do is track the number of users which are actually blocking Google Analytics, and nothing more. Is approach is perfect for my purposes as I simply want to understand how much traffic (visitors) my sites are getting on a daily basis.

In Philip’s article mentioned above, he using JS and PHP to implement the tracking (of users that have blocked Google Analytics). This approach should be straight forward for me to implement on my main website, but I’m going to have to investigate how this can be done on the WordPress (my blog) site.

I’ll post an update on how this can be achieve in WordPress once I have figured it out 🙂

Update 1:

Turns out that, uBlock Origin does not block the ga object from being created. When this code is run:

The console outputs GA loaded. so, the php code will never be run. After I inspected the network tab in the developer options, I found this (click on the small image to expand it):

 

As you can see, the call to the analytics API is what is actually blocked by uBlock Origin. This would explain the initial “Missing HTTP Response” error that I was getting, since uBlock Origin, stopped the request after it was sent out.

I will need to find another way to implement this.

If anyone has any suggestions, please let me know in the comments.

Update 2:

While searching the web, I manage to come across two approaches to determining if a user has an ad blocker installed. One here and another here. The first approach does not seem to work for uBlock Origin, as I was not getting the desired results. The second approach using a custom ads.js file, worked like a charm :)…

Further, the only problem with this method is that requests sent to google analytics are still intercepted and blocked by uBlock Origin. This means that I am currently still unable to track users if uBlock Origin is installed.

Ensure gitignore ignores files correctly

Introduction

In this tutorial we’ll take a look at how to get gitignore to ignore files correctly when it seems that it is not ignoring the files that you have specified in the .gitignore file.

Let’s examine why this would happen.

gitignore will only ignore files that are not currently under source control. This means that if a file was committed before it was added to the .gitignore file, it will continue to track the changes of this file.

This is the basic principle of how gitignore works.

It is good practise to always update your .gitignore file before you commit any files that you do not want or need under source control. These files are commonly binaries, executables or any generated files that are automatically created when you build a project.

There may be cases where unwanted code is checked-in by mistake with the inital commit or subsequent commits. This is when our described problem will arise. No matter how many times you try to specify the file in the .gitignore file, it will always remain in the staging area.

Prerequisite Knowledge Assumed

The below resolution example makes use of the following software’s

  • git
  • git extensions

If you are unfamiliar with git extensions, there is a section right at the bottom that contains just the git commits that are required to resolve the problem.

Resolution

Steps that are required to resolve this problem:

  1. Remove the files that you do not want tracked by source control, from git
    1. You can do this by running “git rm -r –cached file/s
  2. Commit these removed files
  3. Update .gitignore file
  4. Commit .gitignore file

Let’s walk through the following example to expand exactly what you need to do for each

You’ve got a new repo that has just been created. You’re super excited about your new repo and this is the view that you have in git extensions:

When you go to commit you see the following:

From here you decide to stage all the files without adding the files in the bin folder to the .gitignore file.

So you stage all the files and hit commit.

Changes have now been made to your normal.code file and as a result the auto.gen file has been updated. When you go to the commit screen you now see the following:

At this point you realise that you don’t want the auto.gen file or any files from the bin directory to be committed to source control. When you try to add the bin directory to the .gitignore file it doesn’t seem to work, since the staging area looks like the image below:

Point 1 implemented

This is where you will need to implement point 1 (as discussed above).

To do this, open git bash and navigate to the repo.

Once here, run the following command:

See image below:

As you can see, the two files in the bin directory were removed.

When we return to git extensions and refresh the staging area we see the following:

As you can see from the above image, the two bin files have been marked as “deleted“. The files have not physically been deleted. They have simply been removed from git’s tracking.

Point 2 implemented

Now we need to commit these removed files so that git will no longer track changes made to these files

After you have committed these files your git extension will look something like this:

Point 3 implemented

You can now update the .gitignore file to add any additional files that you would like to ignore. For the purpose of these example, we do not need to add any more contents to the .gitignore file as we have already specified all the bin files in the .gitignore file.

Point 4 implemented

You can now commit the .gitignore file and git will never track any files in the bin folder.

Simple git commands to resolve

If you are unfirmaliar with git extensions you can simply execute the following git commands to resolve the problem:

See the below images for the full example

How to detect phishing emails

This may come naturally to some of you but to others it can be very difficult to tell whether an email is legitimate or not. This is the reason that banks and other companies continuous say that you should never click on links (in emails) that would hint that you reset your password (or doing anything with your sensitive data) with this said company. You should always navigate to the official web page and then proceed to do whatever it is you need to from there.

Of course this doesn’t stop someone from hacking the actual site, but that’s a discussion on it’s own.

About 2 years ago ago I got this email from “Facebook” in my inbox (or rather my spam box). Now, I’m sure some of you have received emails like this in the past too (and some of you without a Facebook account I’m sure; I had recently deleted my Facebook account but here lay a message claiming I had unread messages on my account), but I thought it would be an interesting exercise to decompose the email and inspect everything in order to point out certain things that you should always be on the look out for when you receive an email and you are suspicious about it.

Let’s take a look at the following image:

facebook-phising

As you can see the email says that it is from FacebookAdminstration, but look at the email address between <>, that is where it actually came from. Always make sure that you inspect this first. Usually it will not come from the Facebook (or which ever company they claim to be from) domain. It is very possible that this can be spoofed (using a simple SMTP server, but use this as your first point of entry. If this does not match up to what you think it should be, then the email is definitely not legitimate.

One of the more obvious signs of a phishing email is the nonesense which appears in the subject line. This one read: “Contraction Your 2 unread messages will be deleted in a few days swerve”.

  1. This subject line does not make any sense
  2. The casing in the sentence is wrong

If you use gmail as your email client (as I do) you can see the original email as text. To do so:

  1. Click on the little arrow next to the reply button.
  2. Select “Show Original”.

Right at the bottom of this post I have included the full content of the original content that I received (I have omitted my email address). The following section is a breakdown of the important things to look out for.

In the original content you will see this:

DO NOT CLICK ON THE LINK.

The above href contains a URL to a unfamiliar site. It is definitely not a Facebook site. This link (as you can see from the original email below) appears in every single clickable part of the html from the email and should not be trusted.

Another thing that you can look out for is the delivery chain of the email. This will be found in the header of the email as shown below:

The way which you read this header is a little bit counterintuitive, as you have to read it from the bottom-up. I have replaced my original email address with “me” in the above header.

As you can see the email is directed to “me” and this is where the email would start it’s travel. Similar to how you would write a normal letter. You need to provide the location at which it needs to be delivered. The beauty of email is that it will record each domain that touches it. Imagine the receiver of your plain old fashioned letter could know who exactly touched the letter on the way to them. If all the people that touched the letter were legitimate, the receiver of your letter could guarantee that it could be trusted

With email, this is always the case.

If we move further up the header to line 14, we can see that the email came from: “FacebookAdministration <egal.hm@bongfaschist.de>”. This matches what was discussed earlier. At this point, this is the original sender as they would like to be viewed from the SMTP server. It is possible however, that this could appear to be legitimate. We need to further inspect the email

Let’s take a look at the next two lines of the header above that:

One of the most important things to note here is the SPF. SPF is Sender Policy Framework. Basically it is an email validation system that ensures that the sender of the email is authorised on the domain that they claim to be from. As you see from the above, the SPF failed. That means that the person that sent this email on “bongfaschist.de”, is not a valid user on that domain. Hence we cannot trust this person.

Here is a legitimate email header from MyBroadband:

Let’s take a look at the received part of the header:

Here we see the original exit point of the mail. This email was sent from “www-data by mybb-mail01.jnb1.chs.hetzner.co.za”. This my seem a little bit scary. It’s not mybroadband.co.za. However, a quick google search will tell you that this address is simply the reverse DNS of the hosting site mybroadbandmail. You can see this at this link here: http://whatmyip.co/info/whois/197.242.89.180/k/471857840/website/mybroadbandmail.co.za

Furthermore, if we inspect the SPF part of the header:

Here we can see that this client is authorized on that domain. This means that the sender is not claiming to be another entity


Lastly, below is the original content of my Facebook email that I received. I have included in the post for reference and completeness.