Trax

you know.. there is still a way to earn a lot of cash with cheating cookies.. i´m not going to say HOW and WHAT as this would make a few guys hate me but a smart guy knows how to earn a few bucks cheating cookies. there áre already guys doing so..

------------------
Best Paying Sponsors:
ARS - Best PayPerSignup + AVS Sponsor
ICQ: 59101924

Incognito

I beleive You to be partially correct from my point of view.

I mean running around and trying to catch EVERY toplist, TGP or CJ out there who suddenly starts loading a cookie from a ZERO frame or worse from a PHP script (which makes it almost undetectable, that's how it was used in our case by the way against us) is a bit of a hard task dont You think?

Why not fix that crap so that signup page being faced with two ID's takes nornal source code ID first?
Seems a good idea to me.

Incognito

Hmm...Cheating is bad.
Cheating Your fellow webmasters, same guys reselling someone is even worse I think.

Incognito

[double post]

[This message has been edited by Incognito (edited 12-07-2001).]

Trax

wowowowow... i should have meationed that i´m not cheating using cookies... damn.. don´t understand me wrong dude. i thoughtof the poissiblities.. its the same with hitbots.. i tested hitbots on my own sites (faking few hits) to check how they work and how to detect em... this does not mean that i´m a hitbotter.. just to clear things up

------------------
Best Paying Sponsors:
ARS - Best PayPerSignup + AVS Sponsor
ICQ: 59101924

Incognito

Sorry, really sorry.
Just got You wrong - must be my perfect english.

Honestly I just take this all a bit too seriously probably...

Incognito

Well anyway.
The bug is so minor that since they're aware of it - gonna be fixed soon.

DragonAss

I agree that cookies being overwritten on every visit is the way for billing companies to go. Then there's no worry about possible cookie hacking or tricks by previous sites... and current sales are [basically] safe.

That said, I didn't see this mentioned elsewhere...

I know cookies are supposed to be off by default (according to RFC) and in the past Microsoft has had them turned on by default. No doubt because they just love following standards

However, I noticed that IE6 has cookies quietly turned off by default. It even drove me nuts for a little while when all my scripts stopped working. This was becasue it even disables session cookies unless you take the trouble to specify otherwise.

With a good portion of Joe-Sick-Packers, I'd be surprised if they even bother to check this out. In other words, as more people get new computers and/or upgrade to IE6, I think the majority of the public will probably have cookies disabled.

I would hope the answer to this is no, but: Are there any billing companies out there who rely on cookies to credit sales?

Trax

no no..it was my fault... i read what i wrote again and it sounded as if i didn´t want to inform everybody because i wanted to keep it for me and not getting into trouble.. what i meant is that lot of webmasters would blame me for posting ways to cheat their programs.. which i don´t want

------------------
Best Paying Sponsors:
ARS - Best PayPerSignup + AVS Sponsor
ICQ: 59101924

TheFLY

I don't know what you're getting at. The percentage of surfers with cookies must be around 90% based on my own traffic estimates -- but it remains to be said that most non-adult websites on the net won't even load now without cookies (and demand the surfer to turn them on) so I think the momentum is for cookies to remain on at all times. Anyone with a few $$$ could probably get sorts of cookie stats info at http://www.statsmarket.com/ from WSS.

Can you explain this for me please? "I noticed that IE6 has cookies quietly turned off by default." Are you saying that MSIE6 has different switches for turning on and off session cookies and non-session cookies? Maybe this is the source of some headache that I have been having w/ one of my scripts. Thanks.

[This message has been edited by TheFLY (edited 12-07-2001).]

TheFLY

No offense taken. Sorry if I came off trying to sound funny -- but I was dead serious. After reading this entire thread -- my only conclusion is that if we aren't already spamming cookies -- then we are being left behind.

Fix this IBill!!!

TheFLY

You are a dangerous man.

POSTED: showdown at sunset.

;)

SleazyDream

Actually the IE6 cookie question is one really worth mentioning here. Tracking programs like sextracker had problems with that browser when it first came out and had to modify their counter's code so as to properly credit hits from IE6 surfers. Take that a step further and any sponser account that hasn't updated their cookie tracking program for IE6 isn't crediting you for the sales......... A question to ask a sponser now would be when was the last time you updated your cookie tracking program? If it hasn't been touched in a year - RUN AWAY.

Kimmykim

"However, I noticed that IE6 has cookies quietly turned off by default. It even drove me nuts for a little while when all my scripts stopped working. This was becasue it even disables session cookies unless you take the trouble to specify otherwise."
------------------------

How many times are we going to go over this????

IE6 does NOT have cookies turned off by default.

IE6 refuses to recognize THIRD PARTY cookies without a privacy policy on the site attempting to set the third party cookie by default.

Third party processors do NOT set third party cookies, let me mention that again as well.

As for the rest of it, ANYTHING can be cheated if someone works hard enough at it, that's a given. Webmaster fraud, cc fraud, it's come to the point where it's hack, anti-hack, crack, anti-crack. We see it every day, as does every other major program on the web.

Seeing as how I don't work for IBill I cannot and will not comment on their setup, but let's suffice it to say that it would be extremely difficult to manipulate our system and I would figure IBill's as well, especially given Mike Burns' comments.

Kimmykim

And lest SleazyDumb stalk me back over here and start talking about my ignorance again, I will also mention that if anyone attempted to manipulate our system, the way they would have to do it would mean that we would catch them almost immediately, if not sooner.

TheFLY

This is the first time! Ahaha...

Kimmykim

If you look at the segment I quoted again and you still think this is the first time we have discussed it on here, that would explain a lot about you.

TheFLY

So does CCBill reset a cookie before expiration? Nobody has answered this -- in this thread anyway.

Also Mike's comments seemed to only point to Adult.com's solution to the "problem" -- it has been said here that IBill still can be manipulated by default.

And what you said about "third-party" cookies makes no sense -- what is a "third-party" cookie?

Also where is the crime in setting a cookie? If I use a sponsor's own cookie CGI through an "IMG SRC" tag to load a sponsor's banner -- this is manipulation -- but is this cheating? No. Instead this seems to be what should now be common practice by all webmasters that are "in-the-know"...

------------------
<A HREF="http://www.thefly.net/topfly.html" TARGET=_blank>
</A>Oh Baby! TheFLY.net

[This message has been edited by TheFLY (edited 12-07-2001).]

Kimmykim

Each site owner controls their own cookie setup, it's in their admin.

MS definitions of first and third party cookies --

"Constants

PRIVACY_TYPE_FIRST_PARTY (0)
Refers to privacy settings for first party cookies.

PRIVACY_TYPE_THIRD_PARTY (1)
Refers to privacy settings for third party cookies

Remarks

Cookies are categorized as first-party and third-party. A first-party cookie is one that originates from the host domain. If "http://www.blueyonderairlines.com" is found in the Internet Explorer address bar, "www.blueyonderairlines.com" is the host domain. While visiting this page, if a cookie is set from a domain other than "www.blueyonderairlines.com", such as "www.fourthcoffee.com", this cookie is considered a third-party cookie."

And once again, I'll say that attempting to manipulate the cookies of a processing company is not anywhere near so easy as you would like to think.

SleazyDream

Isn't VP a fancy name for a customer service rep that likes milk with her cookies.....

Kimmykim

Sure it is, just like SleazyDream is a common name for mental midgets.

SleazyDream

The underlying theme here is that this is a problem for advertisers and not paysites.
It's pretty clear that some think advertisers are not worth shit here and the only people to worry about are paysites..

The worry is that cc companies and paysites won't really care all that much about it because it doesn't really effect them financially as much since it doesn't change their bottom line one bit, it only really financially effects the advertisers and those paysites that actually GIVE A SHIT about their advertisers. It's been pretty much shown that in this thread that those people who only care about their own bottom line sick out here like a soar thumb.

Kimmykim

Soar thumb? I rest my case.

SleazyDream

who's stalking who?

Kimmykim

Well, that's evident.

Incognito

Fortunately what You said is bullshit.
A partnership program, ESPECIALLY a mainstream one relies heavy on newbies.

If newbies are fucked - all is fucked.

SleazyDream

why do you think so many go under? duuuuu

qcmoney

It seems like a social engineering problem, not a 'defect' of the code but a feature. So you are exploiting a perceived benefit that is actually a weakness.

So the only way that any processor would know is if they were suspicious about a large amount of traffic from a specific affiliate, and decided to investigate. That would be like shooting themselves in the foot financially though.


Am I right? Damn, Fly, that's two I have to thank you for. I need to get back into programming.

Just kidding. Maybe.

gkk

According to the ibill documentation snippet posted about 70 posts or so back, it looks like you could set up the following scenario:-

[On a gallery page]
Have a link to "Gallery 2" that goes to http://www.gallerysite.com/gallery2.html

gallery2.html is a 0 second meta-refresh redirect page that sends the surfer through an ibill-formatted link where the landing page is http://www.gallerysite.com/gallery2b.html

The surfer then sees the pictures at gallery2b.html and their browser contains a cookie for whatever sponsor program you just piped them via.

Make a visitor view 10 galleries, and you've just sent them on their way with 10 cookies that will live for the next 24 hours...

At least, the above is what I understood *could* be possible from ibill's own documentation!

But I could be wrong (I'm sure you'll tell me in a heartbeat!)

Kimmykim

Guys it's not so simplistic or so easy. Once again, I can't speak for IBill but I'd bet they have safeguards in place to cover just this type of situation