Piwik's integrity checks show everything is fine (except one function I've disabled on purpose, nothing strange is there).

Is Piwik 'phoning home' whenever we login?
Is something broken in your API during this brand/name change?
As otherwise I cannot explain how this can happen on 3 different, separate and unrelated systems.

Update: there are definitely strange GET requests from those IPs above in my logs... I doubt this is Piwik/Matomo API related, for example:

.208.213.133 - - [24/Jan/2018:21:11:57] "GET /piwik/piwik.php?ping=1&idsite=1&rec=1&r=645549&h=12&m=10&s=17&url=*********%2F&urlref=https%3A%2F%2Fwww.google.co.ve%2F&_id=e5da08d1317195b6&_idts=1516810045&_idvc=1&_idn=0&_refts=1516810045&_viewts=1516810045&_ref=https%3A%2F%2Fwww.google.co.ve%2F&send_image=1&pdf=0&qt=0&realp=0&wma=0&dir=0&fla=1&java=0&gears=0&ag=0&cookie=1&res=1440x900&gt_ms=203&pv_id=wx2DSQ HTTP/1.1" 200 572

(note: ************ url removed by me, IP anonymised by me)

@dev-101 The URL you posted is a "normal" tracking request.
What type of archiving are you using? triggered by cron job or browser archiving?
If you are using browser archiving every tracking request might trigger an archiving process. As archiving needs to be done with "super user" access, the access is changed to super user for it and the user name is being set to "super user was set"

Hi Stefan, I don't use cron, so that explains this - thanks. However, why is Piwik not returning my username; instead it always returns 'anonymous'? It started happening since 2 days ago out of the blue. I haven't done any changes, file integrity is ok, so nothing suspicious. Yet, this line required by my plugin no longer works properly. Why?

Piwik::getCurrentUserLogin()

That line should return the currently logged in user. At which position do you call the method?

Here's the initial code (again, everything was working fine until recently, and nothing was changed in my systems that should affect this behavior):

namespace Piwik\Plugins\MyPlugin;
use Piwik\Piwik;

class MyPlugin extends \Piwik\Plugin
{
	public function registerEvents()
	{
		$login = Piwik::getCurrentUserLogin();

At the time you are logging this, the authentication has not been executed yet AFAIK (so it is all good)

Hi, but it was working just fine - how can we explain that? And logging line was called after $login = Piwik::getCurrentUserLogin(); line. I am really puzzled by this now. What would be the proper way to check if user is logged in then every time Piwik is called?

Ok, I got confused for a moment, of course it is not, because the next line is this:

		$login = Piwik::getCurrentUserLogin();
		if ($login != 'anonymous') {
			return array(
				'Platform.initialized' => 'MyMethod'
			);
		}

Now, if I switch to Login.authenticate it works, but I need to execute it every time Piwik is called, not just at login. Again, it was working fine before.

In your example above you typically want to move the "if" statement and this logic into your MyMethod. So you always define the events but inside the event observers you can skip doing something. (not sure if this would be enough to solve the issue)

Thanks Mat, it fixed my issues completely. I am still not sure why this worked for months and then suddenly stopped, but sorry for the false alarm about security.

Regards