Thanks to Marcel Adrian I found a new service to try: Here you can register for free to get quite detailed statistics about the visitors of your weblog. All you have to do is enter your (hopefully still available) username and e-mail address to get access to this service. No realname, no address. Actually, it isn’t all that new having as far as I can see all known german bloggers listed but it’s (as far too often for my taste) new for me :)

Available buttons After registering you have to add a small javascript and image to your weblog so that the stats are counted. This image is available in 6 different styles so there should be something for everyone. collects quite detailed statistics including the google search string that brought some users to your site up to the screen resolution and color depth as well as the used browser. While this is nice it would be quite useless if it would also count your own visits to your site, wouldn’t it? For this case you have 2 options: You can ignore specific IPs or you can install a cookie in your browser that will disable the stats-image when you visit your weblog. After finishing the initial setup both options can be found in the “HTML-Code” section instead of the “Einstellungen” section which took me a few minutes to realize but anyway….

The site offers the user 4 sections for viewing the collected statistics:

  • Statistik: Here the user sees single like the top refs, top google search strings and things like that.
  • Grafische ߜbersicht offers 2 graphics showing the visitors per day and per hour.
  • Browser / OS shows… guess what: Statistics about which browsers and operating systems your visitors are using.
  • Log offers you a listing of your visitors hostmasks and times of arrival and which document they accessed.
Log view

Log view

While I think this service is great I some security concerns:

  • When you register or change your password, the system mails you this new password in a not-encrypted email. Given the open nature of the whole e-mail system this isn’t such a good idea and it also indicates that the password is perhaps stored in plaintext (or at least not using a secure oneway-hash) in the database. If this is the case, I’d suggest (more than normally) to use for this service a password other than what you use anywhere else.
  • The URL of the image to add to your weblog also holds your username. The user-id or something similiar would be better since it won’t give a possible attacker the first half of the login information required to access an account.