Fifty........ :glugglug

what sucks is I seriously doubt any sponsor will do anything about it

I'm sure some sponsors care, but can they take care of all of it?
I'm pretty confident some or most of these malware programs are savvy enough to take care of the referring URL when they change the affiliate code.
Mcommerce comes to mind when talking about taking care of the referrer, although that was a multi sponsor server hack.

Of course there are things the community can do and bring to the light, but does it do any good? Maybe..

On another note, offtopic a little but similar genre-- Here is an article on a $4mil judgement against some spyware guys..
http://www.informationweek.com/news/... reaking+News

This link within the above article I found interesting too. Especially page 9.(PDF)
http://www.ftc.gov/os/caselist/04231...alJudgment.pdf

here is an easier place to start, fake whois info. If any sponsor cared they would check whois info on sites promoting them. I see so many fake profiles its a joke.

Bump for a good topic.

A very good solution is to devote some of your site to educating surfers about scumware removal and point them to the myriad of free programs which would eradicate them from their systems. You will make more money in the long run as well as gain surfer trust.

A show of good faith on the affiliate end would be to provide these tools within their member?s areas and/or send a mailer providing them with information and access to these tools. Those people are after all the ones most likely to spend money.

:2 cents:

Me Too.Maybe a class action is in or:) der.

well i dont know if thats the "solution" but its certainly part of it...

nice idea - any ref codes?

Agreed it?s a part but a substantive part. The other option is to rely on ethical behavior or increased transparency/disclosure amongst the purveyors and beneficiaries of this technology which I don?t happening anytime soon.

I hope MS Vista lives up to its promise and puts an end to these exploits but im not holding my breath on their ability based on their historical track record

mysite.com/intheviplink.php instead of http://www.inthevip.com/main.htm?id=myaffid

Will not work because the inthevip.php file will still hae the html code with the affiliate code being rewritten by the toolbar...

However, encrypting the with javascript the link they will be clicking would work. Just be sure to make up your own algorythm since their tollbar might be able to check for various common methods...

how about a 301?

george.

Webroot has an affiliate program here for SpySweeper.

However my point was to send the surfers to FREE software rather than try to make a buck as an affiliate (I know, shocking!). There will be a much higher rate of adoption from the surfers with a free option and thus much more revene to go around over the long run.

Some good FREE ones to push are the following:

Spybot S&D
AdAware
AVG Antivirus

I purposfully didnt include Hijack This as IMHO it may be a little to complex for the average surfer where as the ones above are just point and click and will remove a fair volume of the crap they have on their boxes.

It wouldnt take much for large traffic aggregators to include links to these on their warning pages, tgps, mailers etc.

It would have the dual effect of both increasing surfer trust while fostering a much more level playing field for honest webmasters.

I am still shocked how little the average webmaster is aware of how much this is affecting their bottom line and just how widespread this practice really is. :2 cents:

wouldn't it just make for sense for the toolbar to rewrite the ref id in the post request to the processor?

Did you say rags to riches?

The rags were in 1998 when you and I were PEERS posting on netpond... the difference being that I figured out how to make money and you just stood around/stand around whining about why you cant/wont make money.

I had nothing.. shit.. zilch... I was young and poor and I turned it into an empire.

The one lesson I've learned about making money on the web is simple.. if you're hungry you'll find food :)

Weren't you saying how rags to riches was impossible yesterday?

Thank you :thumbsup

I'll add some free ones to my sites tonight.

Majority of webmasters don't even have a clue their being ripped. That's the sad part.

Someone needs to get a computer infected with all toolbar crap they can find and then find what usernames/linkcodes the thieves use at the sponsors.

After that we'll see which sponsors are worth promoting.

the topic has been brought up before but nothing's done about it because sponsors still get the same # of sales, and affiliates still keep sending traffic.

There is another problem though, most adware remove programs remove legitimate sponsor cookies with the filth :Oh crap so what is the answer?? :(

lots of fat people in this topic

It's always entertaining to watch how this 'industry' goes around in futile circles without even noticing.

No doubt it's a major (albeit inevitable) bummer that technically saavy brave bastards are siphoning off sales with far less effort than those providing the traffic being jacked.

But, many of those (affiliates) who are currently impacted are the very same ones who have a million and one instant rationalizations for throwing surfers in circle jerk popup hells ('cleverly' engineered even to bypass SP2) and some even spam.

So first you create an environment where dumb surfers will beg for any add-on tool (often disguised as a super duper popup blocker) which also happens to undermine your own traffic - brilliant.

Once again, the brute force (technically strong like bull, business smart like streetcar) brings you back to the same place you started - only a bit more frustrated and tired (although some have now moved to nicer climates).

At some point, it would be nice to see some mainstream biz attitudes (finally) adopted, like treating your (potential) customers with respect - rather than forcing them into your endless popups because, in your mind, it's your bandwidth *they* are 'exploiting'.

This issue with affiliate traffic jacking will sort itself out over a long and painful period.

Sponsors on the ball, will demonstrate a higher level of biz attititude and establish a new level of security (including in-house cross-refs, inter-affiliate fraud detection) and then educate affiliates on how their system works and try to earn their trust. This may require trusted third party auditing of sponsor data to ensure no shaving, bonding of sponsor staff, and flagging/investigating suspicious sales (as earlier posts have suggested, the actual logic to do this is trivial).

Sponsors who get busted looking the other way will lose the affiliates which were actually generating the traffic the jackers were sending, so the jackers will have less to send and the sponsors may finally realize that the quality of sponsor/affiliate relationship is as important as the aggregate sales. Sponsors who sleep through this will find their sales drop exponentially - more quickly that individual jacked affiliate sales have dropped.

Some affiliates may even shift back to managing their own membership sites - just like in the good old days and old sponsors will depreciate to paysite owners having to find their own traffic - now competing with affiliates turned paysite owners. Not to underestimate the costs and difficulties of producing a member converting/retaining paysite, but frankly, when you line up the main sponsors today, most look the same in terms of what they offer.

This industry does not seem to demonstrate much forward thinking as an industry. Everyone is out for themselves and cashing in while the getting is good. If you get your share before the cycle bottoms, good on you. But it will bottom (already has in many ways) and then version n+1 will emerge.

The distilled issue here and now seems to be affiliates asking sponsors (and hosts) to not treat them they way the affiliates have been treating their surfers. If/when you find your way out of this loop, only then can you expect anything different.

:2 cents: :2 cents:

excellent post! :thumbsup

Yer right.
You had the balls to do somthing I wouldnt do.
Maybe I will get pissed off someday who knows.

Now that I see how things work really, people do not give a shit, they easily forget and are easier to manipulate. Just show em a dollar, I get it and understand.

I rather be hated and worth somthing than hated and worth nothing.
So I will be thinking about what ya said here.

Would that be worth buying?
How much would people pay?

It looks like that no one actually cares about this.

It's gonna be like this for a while until the spyware spreads more and more and more and then some sponsor program will step-in, implement some new features and get all affiliates with big traffic.

Then the others will follow, etc.

Would love to hear more about any software checking for referral urls vs. ref.ID, but as said earlier in this thread it's most likely that they only change the ref.ID at the processor.

Anyway, we always look into new whales, mainly because of creditcard fraud, but during this we check suspecious conversionrates, non-refferal sales, fake info/whois and in general people we don't know. So we should be alerted if anyone stealing ref.IDs are doing a lot of sales, however as it is now I can't see a solution for checking all our resellers :(

Some say sponsors don't care, but that's plain stupid - either by the people saying it or the sponsors who really don't care - because eventually the "real reseller" will stop sending traffic if the ratios/sales are bad. Can only speak for ourself, but we can't afford to lose our whales becuase of this, that's for sure, so if anyone can find a solution to avoid this or prove some of our resellers are ref.ID stealing we would of course take the necessarily steps.

yeah some simple SQL scripts would go along way to fixing up these stealing Mofos

Sponsors MUST provide RAW and UNIQUE hits in the stats they show their affiliates.

Affiliates should be using a bounce script, which at face value does not reveal their sponsor destination. That script will redirect to their affiliate url but BEFORE doing so will make an entry in the affiliate logs to show that outbound traffic bound for the sponsor.

Then it's simple math to see how much of your traffic is reaching your sponsor. As an affiliate, you can then decide how many excuses you will tolerate from a sponsor before writing them off.

Is there ANY legitimate reason (other than giving conversions ratios a 'boob job') why ALL sponsors cannot provide affiliates raw stats along with their 'qualified' (diluted) numbers?

??

SmokeytheBear and I were chatting last night about another project he's helping with, and I told him I'd like to contract him to write up some protection for affiliates, as mentioned here. Will let you know as soon as it's ready!

:thumbsup

How does one get this "bounce script"?

We address this sort of electronic means of altering links or ID's in our terms of service for a reason (do all of your sponsors include such clauses? Maybe time to check.). As stated already, any new "whales" will always be under scutiny. Newbies dont just pop online one day and then start sending 100 joins per day.

If anyone see's this sort of thing, we absolutely want to know about it so we can confirm the activity and take action. Same with content theft, or any other attempt to defraud or mislead.

PimpRoll
AdultElite

ps: a "bounce" script could be as simple as:

A tip to new adult webmasters, every spyware scum will try to have you promote their shitty installs and shit for like $1 per download. DONT DO IT you are fucking yourself and everyone else in the end. NEVER EVER promote ANY installs.

like I was saying earlier, a 301.

If someone wants to post a sample encryption routine, that'd be cool.
But ultimately, the decrypted URL *must* appear correctly in the clients browser, so I think you can only do so much and then just track click counts as noted above.

Thanks for sticking your neck out ... :thumbsup it gives me alot more respect for you guys ,

When you post a thread like this, why not show us some code, show us some exploit, show us how it modifies affiliate HTML or linkcodes? I can not walk to our security guy and tell him "Come up with a solution to these weird Trojans, ok?". He'd look at me and laugh. I need something more physical than mere assumptions and allegations.

I take it 75% of the Internet is infected with this type of trojan horses? C'mon, please.

your worried about refcodes getting changed? its just as easy to add a list of sites in the same niche to a file and redirect any hits to those domains to another link.

so i dont think the problem lies on the sponsor at all. some of these fuckers could be very hard to catch. or they could just be stealing all of the hits to shit like AFF, SexSearch, etc to thier own shitty dating sites. there are lots of ways to do this.

how about everyone starts promoting Anti-Virus products and making sure to send in virus reports everytime you come across installers.

We agree with you guys. Any sort of fraud should be reported to sponsors. Dont just take it, advice us, snitch on your neighbors, we'll take action. We understand that this is going on and in the long run it hurts both the sponsor and affiliate for the various reasons posted above. This is nothing new and we will continue to scrutinize sales and uniques, from new AND old accounts--as always. We are always vigilant. Contact me directly if you see anything suspicious.

This is a hell of a thread. Smokey/AdultSeriesCash when you guys get that "project" in order, pls mssg/email me or make a huge announcement. Sponsors need to know of every way to protect affiliates and their money.

lol, you should see how all these dating sponsors use spyware to advertise over the top of each other(and big name sites), it's crazy.

the theft has gotten out of control. the internet is filled with scammers it fuc kin sucks for the straight shooters.

Mind icq'ing me some info on that? My ratios with tcg have been extremely wild the past 6 weeks and unfortunately I have been cutting traffic because of these ratios so anything that could point out a clue as to whats going on would be really great.

WG

Yeah I would like to know as well, because that statement is not true.

Somewhat amazed that no one has seriously brought this problem up yet, seeing as it's been something that's been common knowledge in the mainstream realm for years now. Many of the mainstream networks are pretty scrupulous of about this stuff now, with CJ I had my payment frozen until i filled out some huge questionnaire and walked them through how my marketing method worked since I had too many hits without a referer.

Great point! ....this is very true, we can't resolve anything based on hearsay and innuendos.

Contrary to what I have been reading, I believe most sponsors do care about this problem but are not aware of it happening to them, IF it is even happening to them.

Correct, but the point of putting encrypted links on affiliate pages is to ensure that your own bounce script gets called without getting detoured so affiliates can count their outbound traffic (the bounce can bump a counter and/or the script itself will be seen in the affiliate weblongs).

Then, when the bounce redirects to the public affiliate link, any 'unfriendlyware' taking that traffic to another account will result in the sponsor raw hits being less than outbound hits for the (victimized) affiliate.

It really is time for sponsors to disclose raw/uniques to their affiliates so they can respond to theft of this nature.

But with the recent GFY thread of 1/2 life of cookies which preserve an affiliate's claim to a surfer in the eyes of a sponsor being as short as the lifespan of U92-236, I won't be holding my breathe for sponsors demonstrating more proactiveness.

Throw in cookie stacking/overriding and for many sponsor programs the affiliate is simply promoting the sponsor brand (with all the sponsor domains visibly watermarked) with less and less chance of being rewarded for their marketing efforts (esp. if the surfer decides to type in the sponsor domain the next day and the (if/any) affiliate cookies have crumbled).

I have a growing respect for sponsors who let their affiliates generate ALL the sales - no conflict of interest then. Sponsors can focus on managing their programs and keeping their affiliates honest rather than competing with them.

Even if someone gets their account canned. Some other sponsor is gladly going to take the traffic. Instead of hijacking the refferal id's, they will just send the surfer to a similar paysite.

unless we gonna do it :pimp :pimp

I know what you mean, dcortez.

We show 1st page raws and uniques, and it's usually a very close count. I think normal browsing is +/- 3% referrer loss (before things like nortons etc. that are made to hide referring url came around).

This is a mess, but if you create count.txt with a zero in it, then save and upload and chmod to 666 in the same location as the php itself, it should increment a counter then jump to your sponsor code.
Someone who actually knows PHP can fix it up as you please. It was all I needed so cobbled it together, lol.

BTW: issues like this are why we dont rely on cookies. They are client side, and vulnerable.

Yep, there's the best idea yet. Give all the would-be idiots that haven't figured out how to do it a good example of what does work.

Wow.

Good point.

That's why affiliates at least need to know for which sponsors their traffic is being jacked (by reconciling their outbound hits with sponsor's raw counts).

Then if a sponsor gets burned (ie. sponsor links redirected to another sponsor), at least the affiliate can change to another sponsor which is not being redirected.

When enough sponsors get dropped, then I'm sure they will apply more of their resources (technical and/or legal) to address the issue.

I the meantime, at least the affiliates will get full benefit of sales.