I also see your ID :glugglug

works fine here...geo redirect? :Graucho

All is well over here.

You can read about the problem here
http://www.gofuckyourself.com/showth...hreadid=319946
and the answer from ND
"Problem #1 allsitesaccess links are being redirected to learnaboutyourself.com

- typo in DNS led to improper re-direct for a short period of time. if you think your account was effected, please send email to [email protected] and we will review it.

Problem #2 tgp galleries are being redirected from

http://gallys.nastydollars.com/mi/16/?id=yourrefcode
to
http://www.mikeinbrazil.com/main.htm?id=feligo1

An improper re-direct code was uploaded. This has also been fixed.

any questions or comments email [email protected]"

:2 cents:

This is a problem hitting mainstream affiliates too. There has been a lot of talk on one of the major boards about it after one scammer actually won an award for the most sales.

It needs clear and obvious action on the part of the sponsors otherwise they are going to start losing affiliates.

Hmm.. :ticking

I'd like all & any of these assholes taken to cell # 105 in Bubba's prison please..

Question for all having noticed this:
Does the spyware affect links for you even if you filter your traffic to your
own place before sending it to sponsors?

Bump - to help people stay aware of an important issue...

It's likely lots of surfers are stuffing scammers' wallets instead of ours,
I've seen how usual it is with spy-/malware-infections among
regular computer-users... and those account for the majority of our signups :2 cents:

this is the fault of those webmasters that think that they get rich with $0.25/install programs.:2 cents:

:1orglaugh

This was in reply to a different problem. This is an "outside" job.. the other thread was an "inside" job.


I would like to hear from nastydollars the status of the theft accounts...

You should restart this thread with nastydollars in the title or it likely will get overlooked..

Fitty Scammers:BangBang:

I get your id, but damn, you gotta pay me some comission for seeing this gay gallery

This is really bad news.

Biskoppen:

Setup a 301/302 Redirection to the Nastydollars site and check if it still rewrites the affiliate URL.

Put this in a .htaccess File:

Redirect /sponsor.html http://www.nastydollars.com/bla

Maybe a year ago a similiar scumware was bundled with Kazaa that re-wrote affiliate URLs for Mainstream Programs.
With HTTP Redirections I was able to prevent the alteration of my affiliate ID.

I dont understand how this can work if it is hijacked at the browser level

It shouldnt effect conversion ratios. If the affilate link is hijacked then you shouldnt get the hit either.

Unless of course I am wrong

In case of that Mainstream Scumware the re-writing was done with a BHO (Browser Helper Object).

IE "alerts" the BHO every time the surfer visits a site and the scumware then alters the URL. However, IE does not alert the BHO on redirections or the mainstream scumware wasn't catching those events.

Everyone promoting toolbars and media tickets type bullshit...please stop promoting this garbage

Well one way sponsors with multiple sites could help ward off the url rewritng is by generating unique linking codes, and run them all through one URL.

For example:
Old link
http://www.boysfirsttime.com/main.htm?id=biskoppen

Spyware just has to match "http://www.boysfirsttime.com/" in the url and rewrite with the authors affiliate code.


New link
http://www.nastydollars.com/JGG483gfeTGUE834754

Spyware author has no idea what site it goes to unless he visits each and every unique URL. Any rewriting done after the surfer visits the unique URL will be easy to catch.


What this would do is discourage the authors from doing simple affiliate code replacement since they have no idea which site to target, someone may even want to get together with a lot of sponsors and start a centralized linking repository, because the more sites you have listed the less inclined they would be to try. They could still hijack the traffic no doubt, but at least they couldn't easily target the same niche.

Can anyone confirm that these encryption methods actually work? They only way to know is to test them on an infected computer.

Bisk, if you are still infected you could do this for us using ND affiliate codes.

guys I think you are missing the point... Sure he needs to and can probably clean his system and fix it on his end. But the surfers are getting infected and they are the ones that count because they are the one's signing up.

The program owners really need to start looking into ways to stop this. They may get the same sign up amounts now, but if affiliates stop promoting them the sales will drop because the high jacker isn't sending traffic but is stealing it.

They need to ban the guy with refer URLs coming from 10,000 different domains..

They should be able to tell from the URLs where the traffic is coming from and then notice the affilate IDs dont match

Or am I wrong?

work for me too

Smart spyware rewrites the referrer. And I know a few legit guys with many domains.

There are a few potential sponsor level fixes.

One being to check the referral URL of each and every affiliate hit. If the surfer didn't come from a domain that matches up with the affiliate ID, then deny credit. Only allow a domain to be associated with one ID.

dead on the money, the affiliate doesnt even win on this.

alot of sponsors now able to track affiliates traffic via referers
it dont need id at linking at all for this

And what about firewalls that block the referrer, or spyware that rewrites it?

I didnt know spyware could rewrite the ref URL.

I was implying on the sponsor looking into the accounts with many domain referrers and checking to see if the affilate IDs match. Investigate it a little whois and what not.

But since spyware can rewrite the URLs that blows my idea out of the water

ok someone who has the spyware installed test this link and see if the code changes, I have cloaked the url

http://gfyhelp.blogspot.com

One of the major players changed the script after I stopped promoting them to my non-foreign traffic. A couple of days later I caught that they had installed a homepage hijacker along with the search bar. There was no hijacker when they were getting the good traffic. . .

Keep an eye on your shit..

http://cumfiesta.com/main.htm?id=nd5000 :Graucho

do you have the spyware on your computer or not. ?? or did you even read the post ?

No i don't have any spyware...but that was the url your link give me

it was supposed to , if you didnt have the spyware installed then it shouldn't have changed anything.. thats why i specified that " SOMEONE WHO HAS THE SPYWARE INSTALLED" click the link, not you. :)