GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Can IBill's Cookies be used to CHEAT everyone???

TheFLY · 12-06-2001, 09:07 PM

Here's something that I have been thinking about -- and Boneprone and I got to talking about this...

Let's all talk about IBill's cookies... shall we? Then we should move on to the behavior of cookie tracking of other billing systems!

First I should mention that I know how to write cgi to set and read cookies so I'm not pulling this shit out of my ass.

Here's how it started for me...

I'm linking a movie off a friend's paysite (he uses IBill) and in the movie there is the URL of his site... I said to him, "Hell no -- why should I show the movie to my surfers and not get the credit for the signup when you get the type-ins?"

What he said to me was VERY interesting -- and this is where we must start asking questions. He said, "No No... You can use this IBill link with any URL, even this movie -- this cgi sets the cookie in the surfer's browser... then you get credit even for a type-in!"...

I'm thinking "Shit! That's cool..." -- then I think, "Damn! That could be dangerous!"

What if -- hypothetically -- I set ALL OF THE PAYSITE IBILL COOKIES when a surfer comes in to my site... That surfer would have no idea!

Now supposedly I don't even need to use any IBill codes -- if I set all the IBill cookies -- I can just link any paysite kindof like this:

(a href=www.amateurpages.com) -- and I still get the credit because the IBill cookie is *already* set...

While that seems neat -- that's no big deal...

What IF I set ALL of the IBill cookies for a surfer -- then he leaves my site and then goes to YOUR site -- he clicks an ad...

Now it's up to the IBill cgi to make a DETERMINATION...

a) Does the original reseller get credit for the sale?

or

b) Does the old cookie get reset?

If a) is TRUE, then we have some very DANGEROUS possibilities... What if portal sites set all the IBill cookies!?

Holy shit!

Well I'm not accusing anyone of setting IBill cookies -- I haven't done any tests yet -- I'm just asking questions so I can figure out how IBill cookies work... Also I don't want anyone to abuse this possibility! How many of you webmasters have any idea how cookies work!? Harldy any of you! You could all be fooled and have no fucking idea...

You can see why I am concerned and how any portal site could just decide to set all of the cookies -- the surfer would have no idea -- meanwhile everyone down the traffic chain is getting fucked in the ass!

We need to know some things...

a) How long does it take for an IBill cookie to expire?

b) Does IBill give precedence to the *first* site that sets the cookie *or* the last?

The possible implications of b) seem catastrophic... Yahoo or TheHun could just be setting all the cookies for all the paysites -- any nobody would have a damn clue... Meanwhile everyone else down the traffic chain is totally clueless -- and not getting paid for all the real promotional advertising work...

How hard is it to set a cookie? It's easy!

------------------
<A HREF="http://www.thefly.net/topfly.html" TARGET=_blank>

</A>Oh Baby! TheFLY.net

[This message has been edited by TheFLY (edited 12-06-2001).]

12-06-2001, 09:07 PM
TheFLY So Fucking Banned Join Date: Jan 2001 Location: http://www.thefly.net/ --- Quit your job and live off steady traffic. Posts: 11,856	Can IBill's Cookies be used to CHEAT everyone??? Here's something that I have been thinking about -- and Boneprone and I got to talking about this... Let's all talk about IBill's cookies... shall we? Then we should move on to the behavior of cookie tracking of other billing systems! First I should mention that I know how to write cgi to set and read cookies so I'm not pulling this shit out of my ass. Here's how it started for me... I'm linking a movie off a friend's paysite (he uses IBill) and in the movie there is the URL of his site... I said to him, "Hell no -- why should I show the movie to my surfers and not get the credit for the signup when you get the type-ins?" What he said to me was VERY interesting -- and this is where we must start asking questions. He said, "No No... You can use this IBill link with any URL, even this movie -- this cgi sets the cookie in the surfer's browser... then you get credit even for a type-in!"... I'm thinking "Shit! That's cool..." -- then I think, "Damn! That could be dangerous!" What if -- hypothetically -- I set ALL OF THE PAYSITE IBILL COOKIES when a surfer comes in to my site... That surfer would have no idea! Now supposedly I don't even need to use any IBill codes -- if I set all the IBill cookies -- I can just link any paysite kindof like this: (a href=www.amateurpages.com) -- and I still get the credit because the IBill cookie is already set... While that seems neat -- that's no big deal... What IF I set ALL of the IBill cookies for a surfer -- then he leaves my site and then goes to YOUR site -- he clicks an ad... Now it's up to the IBill cgi to make a DETERMINATION... a) Does the original reseller get credit for the sale? or b) Does the old cookie get reset? If a) is TRUE, then we have some very DANGEROUS possibilities... What if portal sites set all the IBill cookies!? Holy shit! Well I'm not accusing anyone of setting IBill cookies -- I haven't done any tests yet -- I'm just asking questions so I can figure out how IBill cookies work... Also I don't want anyone to abuse this possibility! How many of you webmasters have any idea how cookies work!? Harldy any of you! You could all be fooled and have no fucking idea... You can see why I am concerned and how any portal site could just decide to set all of the cookies -- the surfer would have no idea -- meanwhile everyone down the traffic chain is getting fucked in the ass! We need to know some things... a) How long does it take for an IBill cookie to expire? b) Does IBill give precedence to the first site that sets the cookie or the last? The possible implications of b) seem catastrophic... Yahoo or TheHun could just be setting all the cookies for all the paysites -- any nobody would have a damn clue... Meanwhile everyone else down the traffic chain is totally clueless -- and not getting paid for all the real promotional advertising work... How hard is it to set a cookie? It's easy! ------------------ <A HREF="http://www.thefly.net/topfly.html" TARGET=_blank> </A>Oh Baby! TheFLY.net [This message has been edited by TheFLY (edited 12-06-2001).]