Your so right about that, but with ccbill you at least allways have a chance to check if your beeing cheated, even with trust in the program i've allways liked to have that posibility.

Those of you who want an example on this, can use the link FireC posted, but a little modified.

http://refer.ccbill.com/cgi-bin/clic...?coupon=123456

PA = 611105 <---- the account that should get the credit
coupon = 12345 <---- the account that will get the credit

2. Go the the Nubile join page, click on "Instant Credit Card Access" -> redirect to CCBill.
3. View Source and search for "123456". It's there.
4. Search for "611105". It's not there.

Do the same thing, but with the original link that FireC posted

http://refer.ccbill.com/cgi-bin/clic...?coupon=611105
2. Go the the Nubile join page, click on "Instant Credit Card Access" -> redirect to CCBill.
3. View Source and search for "611105". It's there.

If you want to, you can even do a test signup and see who gets credit.

looks like the session tracking is working! :)

does this answer your question of a legitmate use for this behavior?

This just in!

You can steal beer from liquor stores! Just go in and grab what you want, then run out and drive away! See who gets paid for the beer... nobody! From now on all liquor stores must be constructed like pawn shops are with a buzz door and bullet proof glass because some kids decided to drink to much without paying for it...

No.
That variable should not override the cookie. If the cookie exist, the wm id should be read from it. But if it doesn't exist, then it should read that variable.

Exactly. But you can reduce the costs of it. If you send lots of traffic, you have the data to analyze. I can say this over and over again:
You can ask and read here and there, search on comments about sponsors, but the only thing you should trust is yourself (unfortunately). This is what you should do;
Spend some hours each week/month on your data. It is really the most profitable time you will ever spend! Heads up and top spot on your best converting sponsors (not ratios, but $/outgoing traffic) - get rid of bad sites (which could be good for YOU, if they just stayed out of nasty tricks). Make it routine and create a checklist of known tricks that you can use when choosing a new sponsor.
Its sounds very boring and nerdy, and it IS! But if you think biz you should do it. When I first started on this, the week after my sales rised 70% with same traffic.

Hmm.. I'm getting a bit confused here.. Is that /?coupon=123456 extention added to the code allready when you get the code from the sponsor ?
If so then it's not a script changing your code once you hit the site but seems rather like an optional way of tracking ?
could it be that the sponsor writes on the link page that you have to replace the 123456 part with your affiliate id as well as the normal xxxxxxx part ?

<input type=hidden name=ccbill_referer value='123456'> :(

Bingo! :)

In our webmaster area the coupon= is linked with your affiliate code and is the same number as the PA.

Basically with our system, which doesn't rely on the ccbill cookie (but uses it as a backup), you are getting more sales credited to your account :) Any questions hit me up icq 4162727

Yep, that is the way to go, unfurtunatly trust will only get you so far, but you still have to keep on checking up on things.

On a sitenote here, are you the same DD that ran the DDboard ? remember having trades with that years ago in the good old board days :)

My ratios are good with nubiles, and if you configured your links correctly, I can assure they dont cheat.

no..I dont know that board

Dude, it has nothing to do with Nubiles. If you can read above I said "EXAMPLE". They're just using the way I was talking about. So I used them as an EXAMPLE.

ok :winkwink:

Thanks DD, I appreciate the traffic :) If anyone wants to know more about how we track and/or how it benefits them, hit me up.

who would use their link without his ID? As said before, you have to add your ID twice to that linking code. If you link to a sponsor with wrong link code and dont get credit for it, is he shaving you?

hehe. I had no clicks in one week, and I contacted the sponsor and very pissed off accusing him for shaving. They checked, and it was wrong code. Learned my lession then...very embarrasing...indeed :1orglaugh

1. I'm not even signed up to Nubiles.
2. I used Nubiles as an example.
3. I can replicate it with any CORRECT formatted CCBill link code.

please do :)

Not sure how that'd work. CCBill is a 3rd party proc not an AVS that all sites will have to use the exact same signup form. Many proggies use their own custom tracking system cause that local tracking could be much better than a central tracking system plus they could also add an alternative ip tracking too in order to max the sales for affiliates. CCBill gives an option to also disable rebill credits that could also be seen as shaving. CCbill gives option to set cookie expiry time, a webmaster could just set it to 1 minute and shave his affiliates. Bottomline, you cannot hold ccbill responsible for webmasters misusing options provided by ccbill. Just look at CCBill as a 3rd party processor who'll send you the checks if you made sales (or first, if a webmaster let you get credit for those sales :upsidedow ) on time everytime. So just test the sponsor carefully before you decide to send him traffic.

I was not talking about nubiles, it was just an example, too.

Hmm.. I might be missing something, but as far as i see you can only do that by adding /?coupon=123456 extention, and why would you do that ?

Hit me up on ICQ and I will give you an example. icq is in my sig.

that's a trip. crazy shit. fuck it, I'm going to go back and work for Arby's

Can you explain what is going on here? I was going to send them traffic.

When I followed that link, I didn't see 767551 on the page with the CCBill buttons, but what is it replaced by? What is that number being changed to?

Seems to me, that the only way for this "shave" to work is for the sponsor to exploit it, which means it's the sponsor at fault, not ccbill...:pimp

check the join page, its there:

<input type=hidden name=ccbill_referer value='767551'><input type=hidden name=referingURL value='http://www.gofuckyourself.com/showthread.php?p=6568608&posted=1#post6568608'>

its the source code of this last site you have to check (after you gone through the link code, of course) : https://bill.ccbill.com/jpost/signup.cgi

I wasn't trying to diminish your find. Just pointing out that the ID variable has been exploited before. Definitely something all webmasters need to watch out for when choosing a sponsor.

For the record, I think CCBill is an excellent company & use several affiliate programs that rebill for months & months.

Don't worry. Send them as much traffic as you want. They're not doing anything wrong. I've only used them as an example :)

I've known it for a long time, and I've tried to get an answer for as long time.

Alreayd been posted.

EDIT: fedfest can verify it too. I showed him an example.

<input type=hidden name=clientAccnum value='925383'><input type=hidden name=clientSubacc value='0001'><input type=hidden name=formName value='120cc'>

How about this...

Say your linkcode for paysitex is this:

http://refer.ccbill.com/cgi-bin/clic...w.paysitex.com

What if 10% of the time, the index page of http://www.paysitex.com changed their "Enter" link to:

http://refer.ccbill.com/cgi-bin/clic...com/enter.html

Shouldn't this overwrite the original cookie set when the surfer clicked on the link on the affiliate's site?

It will. But I don't promote any sites where you have to click on an enter button to get in, they're sent directly to the tour. But I get your point. Same thing could be done with the "Join" link for example. So Yes, it can be done that way too.

925383 is the main account ID, here is the affiliate ID

<input type=hidden name=ccbill_referer value='767551'><input type=hidden name=referingURL value='http://www.gofuckyourself.com/showthread.php?p=6568608&posted=1#post6568608'>

works everything correctly

damn this is something i was hoping i'd never hear

What the problem is here is that sponsors can change who will get credit for a surfer.
What legit reason is there for a sponsor to be able to change who will get credit for a surfer that was sent in a legit way?

Like many here have said, there's no way to be 100% safe from shaving. But don't we want to work towards limiting the possibilities?

It was just an example. As you said, it can be done with any site, include a 1 page tour with an http redirect to the join page.

Just to make this clear, What i was shown was an example of how to overwrite the cookie, I was not shown any site that cheated !

I still can't see how this becomes a ccbill problem though, and still think that if theres actually a site doing this (witch i'm starting to doubt), then they should be exposed rather than making this sound like it's something done by all us ccbill programs.

Imo. if anyone was actually shaving don't you think they would hide it behind some kind of affiliate/program script instead of doing it on a pure ccbill program where everyone can catch them just by checking the join page ?

good point

It didn't overwrite the cookie. I overrode (sp?) the cookie.
That was my whole point with the demonstration. I wanted to show you an example.

Where have I said that all CCBill programs are shaving?

The only thing I've said is that it's POSSIBLE. A way that shouldn't even exist in the first place.

How can there be so many morons that have so little technical knowledge?

CCBill should only use that variable IF there is NO cookie.

Interesting CCBill haven't commented yet...

That one wasn't pointed at you, sorry if it came out that way :)

And yes you did show me an example, my point is that thats all it was, an example, and not something actually used. :)

BINGO!

One more who got it :)

Are you offering to rewrite and deploy HTTP? :helpme

I was not talking about the redirect.

The thing is that CCbill in my opinion is the best guarante of you NOT being shaved by the pure fact that THEY host the join page so if any cheating is going on it's very easily discovered.. EVERYONE can just check the sourcecode on the join page !

Imo. the one thing that can prevent a cheater from cheating is the fear of being discovered, so to cheat on a ccbill link you'd have to be extremely dumb and unfurtunatly i don't think cheaters are.

To cheat you have to be able to hide it, and you just don't have that ability when CCbill is hosting the last link..

100 ways to shave ccbill...

The world is full of dumb people.

Several got caught cheating when CCBill made it publicly available if and how long you were getting paid for signups and rebills.