Explaining the Google Analytics bug: manipulating the stats.

Today I’m going to show the Google Analytics bug. I didn’t want to, but frauds based on this bug are already taking place so I thought it’s about time to inform people so they are aware of the issue and don’t get conned.

What is it about?

With this bug we can simulate visits in our Google Analytics like if they were real. We can get visits from where we like: country, technology, etc. As we can manipulate all the parameters, it’s possible to create a webpage and alter all its statistics without any effort.

How does it work?

Google Analytics receives the data through a javascript code that includes an “image” in our site called “__utm.gif”. This image carries some data sent during the GET request (parameters in the URL).

Does Google know?

Of course Google is aware of the bug. I discovered it in march 2013 and notified it to various people. I may have not found the correct person, but it’s been difficult to speak to them and I have spoken supposedly to two people of the Google Analytics team.


It seems that some people has discovered the bug and is scamming people, that’s why I created this post, with two goals: first one to make you aware of the issue so you don’t buy webs and get conned. Second, because I’m publishing the code so everyone could do whatever they want with it, let’s see if Google pays attention, takes it seriously and fixes the problem.


To use it, just put your Google Analytics ID in $analytics and the site url in $url_go.


Do you want to know more? Visit AnalyticsBug.com

Versión en Español


Leave a Comment