Found weird domains in Facebook Ads Traffic Permissions - Check yours too, may be hacked

ManuelH · ‎04-10-2024

recently found some weird domains listed in my Facebook events manager traffic permissions list. You get there by following that path: Meta Business Suite --> Events Manager --> Data Sources --> Settings --> scroll to bottom to Traffic Permissions --> Create Allow list

I recommend you check it

And this is where I found my primary domainwhich is circled in green and then about 40 other domains with very weird strings like this example here: lne6p1vx2323rza03tfe36lbzda7wo02l-79386313028.shopifypreview.com

Heres a screenshot:

I have no idea how they got there and what they do but I am pretty sure its smth dubious.

If anybody knows what thats about please let me know. Thanks!!!

ManuelH · ‎05-11-2024

Hey Samu, just writing another post about it. Will link it here, and yes I assume it is an issue.

View solution in original post

ManuelH · ‎05-11-2024

Hi again. Here is the link to the post: Warning About FB Pixel - How To Find Out If You Are Affected
https://community.shopify.com/c/shopify-design/warning-about-fb-pixel-how-to-find-out-if-you-are-aff...

View solution in original post

ManuelH · ‎05-11-2024

Also be a pal and mark it as a solution if it helped you

View solution in original post

SamuS · ‎05-05-2024

Did you get answers to this issue? We have the same "issue", if it is an issue.

ManuelH · ‎05-11-2024

Hey Samu, just writing another post about it. Will link it here, and yes I assume it is an issue.

ManuelH · ‎05-11-2024

Hi again. Here is the link to the post: Warning About FB Pixel - How To Find Out If You Are Affected
https://community.shopify.com/c/shopify-design/warning-about-fb-pixel-how-to-find-out-if-you-are-aff...

ManuelH · ‎05-11-2024

Also be a pal and mark it as a solution if it helped you

rich13579 · ‎06-08-2024

Hi did you work this out? I have the same issue - wondering if it is innocent functionality of Shopify & if so to just approve the domains.

ManuelH · ‎06-08-2024

replied in the other post

Acumen · ‎06-13-2024

I found an article are FB too. https://www.facebook.com/business/help/267505221173979

Essentially: create an allowed list for your own domain and all other attempts by someone to add your pixel to their domain will be blocked

But if I read this correct, you should also create a block list for all of those other domains you don't recognize and that currently are in the Allowed status.

All though many of these "other domains" may be innocently done (giving them the benefit of the doubt) I firmly believe many of these are linked to domains that are "bad actor" accounts or competitors using this in manipulated scripting to send you bad traffic. So like the Queen in Alice in Wonderland, "off with their heads" (block them all) as there seems to be no way to identify the cryptic domain names connected to my account.... until I hear someone with deeper knowledge that could justify them attaching to my pixel.

ManuelH · ‎06-14-2024

Yeah I linked to another post of mine where I explain in more detail.

Thanks

jlau · ‎10-18-2024

I believe these are events fired from the preview window when using the test functionality of your pixel, do the dates coincide with dates you were testing your pixel events?

ManuelH · ‎10-20-2024

As answered in the other related thread I believe it's other people pasting their pixel on their own website.

Found weird domains in Facebook Ads Traffic Permissions - Check yours too, may be hacked

Found weird domains in Facebook Ads Traffic Permissions - Check yours too, may be hacked

Community Blog Articles