GA says Homepage has many unexplained homepage extensions that begin with /?kw=.....

Gale W
Gale W used Ask the Experts™
on
Found 50+ instances of this when reviewing Google Analytics/All Traffic/Channels report.   They all are list as separate landing pages for my site.  One is  /?kw=casa, another is  /?kw=sweepstakes.  All lead to my site homepage if you click on them in the GA pages or if typed into address bar. Overall Site traffic is way off as well.  These individual /?kw= pages normally only show 1 or so hits in the last month.  Are these harmful, or should is just filter them from my report view?
Thanks, Gale W.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Jason C. LevineDon't talk to me.

Commented:
Check your site immediately for altered/introduced files and code.  Those inbounds look like triggers to me that could set off bad behaviors.
Most Valuable Expert 2011
Top Expert 2016

Commented:
Are these expected and intended to be part of your web site?  What functionality is assigned to the kw request variable?
Gale WPresident

Author

Commented:
Thank you both,
These were not set up by us, no idea where they originated.  Odd they do all take you to our homepage, so it's not like they are stealing traffic and redirecting it.  I'll have to dig to learn how to look for altered or added files.  Guessing they would be added to the homepage as that is where they take you?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Jason C. LevineDon't talk to me.

Commented:
Well, the home page is the starting point for it.  If you're really lucky, they merely altered the home page code and that's fairly easy to spot.  Usually this stuff is done by altering a called file from the home page so you have a lot of work to do.

And Ray's right...it may not be malicious and something the previous developers did.  So you should expand the search to look for any function in your code that processes the GET variable and does something with it. Since kw could mean "keyword" hopefully this is some SEO grey-hat thing.

But there's more options than just stealing/redirecting traffic.  Your site could be used as an attack vector against other sites or the invocation of the kw code...
Most Valuable Expert 2011
Top Expert 2016
Commented:
Check your home page code carefully.  If you have an original backup, compare it to what is on the server now.  If there is a difference between what you expect and what you have, you might want to consult a security expert for some detailed analysis!
Gale WPresident

Author

Commented:
Would using Chrome's "view source code" function be sufficient to see what I'm looking for?  
Still getting used to Wordpress editor, which seems to let you see all the site pages code
when editing EXCEPT the home page. GW
Don't talk to me.
Commented:
Would using Chrome's "view source code" function be sufficient to see what I'm looking for?  

Partially sufficient. The source code is only the rendered stuff.  If the attack is in the PHP code, it has already executed and may send nothing to the browser.

WordPress doesn't really have a "home page" depending on its theme.  Instead there are templates and template parts that combine conditionally based on the page called.

If I were you, I would stop here and do one or both the following:

BEST: Subscribe to sucuri.net and have them do a server-side scan of your site.

DECENT: Install the WordFence plugin and set it to scan your site, plugins and themes.  It's free
Gale WPresident

Author

Commented:
Thanks again to you both.  Like many things, everyone says how easy Wordpress and Webdesign are--until there's problem.  Good to know smart & generous folks are out there when you need them.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial