Sponsors please STOP this THEFT (part#1)

150..........

SPeRMiNaToR - this is not to you, but there will be a few disregarding alot of what's being said because they think *it can't be* because I'm still converting well.

To me, that means they either haven't had the opportunity to signup to that program/they got shutdown for other reasons/they haven't opened another account yet under another alias/or they figured the sites aren't getting enough traffic overall to make it worth it them.

I can tell you that address is a problem. Western Express I believe they are called. They are some sort of check cashing place that sends the money over to Russia, or any where in Eastern Europe.

If one of your affiliates has that address in their profile, I would take close look at their account.

It's the seo guys domain whois, but I know now it's fake. I don't want to post more before I get any proof, but with 3 attempted trojan installs to all surfers who land on his landing pages... well it stinks.
He gets over 100,000 surfers a day (probably a lot more), and has been installing those trojans for months now.

Well said.

Sorry, but if they change the id on the urls....
how do u know if the url is fake or original?!

RE: Trojan-laced sites -- I have noticed that it does not require too many clicks from top SE results to land on pages which drop a Trojan on the surfer (even the SE cached pages are not safe as they redirect).

So, the opportunity to infect large volumes of surfers with 'unfriendlyware' is significant.

But, let's not blame SEO on this - there seems to be a growing binding between 'SE guys' and affiliate traffic jacking. That's an unfair generalization.

RE: Technical remedies for 'unfriendlyware' which redirects affiliate traffic -- Do we know if these Trojans are able to actively update their sponsor link db? If they do not, then maybe sponsors could use EXPIRING affiliate codes which are generated by the afiliate in the sponsor admin area (like 'pin codes' of the old (honest) iBill days) and are passed up to the sponsor from the affiliate's website using a script which knows the correct affiliate code to be sending.

The idea is to EXPIRE the validity of the Trojans by making the codes they send invalid (ie. the infection goes stale).

If the Trojans do actively update their db on the infected computer, then firewalls should be picking up these attempts.

Of course if the Trojan simply redirects to a jacker site which bounces again to the sponsor or substitute sponsor (with the new improved expiring affiliate code) this won't work .

The other angle of expiring the Trojans is to make it more difficult for the trojans to recognize a sponsor. Similar to changing the affiliate codes, it may be cost justified for sponsors to use rotating/expiring domains to receive affiliate traffic - changing frequently enough that Trojans can't recognize sponsor hits.

RE: Affiliates reverting to paysite owners -- After further reflection, affiliates who decide to run their own paysites to recoup more of the conversions for their traffic would still be vulnerable to Page jacking.

As someone indicated earlier in this thread, a jacker can send any traffic to anywhere. So there would be nothing to prevent a surfer from being sent to a Jacker's own family of niche sites from any outbound link (sponsor program or indy paysite owner).

RE: Legal avenues -- It really is unfortunate that this 'industry' is unwilling to commit to galvanizing its constituents and establishing its legitimate place in world economy - instead it's always running from issues shooting backwards (like 2257).

Most industries can engage considerable market/trade/legal resources for problems like this one. If someone tried the equivalent of jacking Hollywood properties, you can be assured that the FBI would be on the case.

This (jacking) is commercial fraud, but because the DOJ assumes that the 'Porn' industry is always 1/2 step from illegal by (their) definitions, we don't stand a chance of garnering the kind of defence that other industries enjoy by default.

So, here is a great reminder for all of us that we really should consider working our way up a notch or two. Rather than running like lemmings to FSC whenever there is a scary peep from DOJ, we should be sorting this biz out (including serious critical peer revue) and demonstrate to those who malign or act aggregiously towards us they are subject to the same legal wrath anyone else messing with an established trade is.

Have your anti-virus up just in case... but not all on this guy's pages go to a 404, take a look at the sites listed in http://www.osee.net/1/

This guy is an affiliate of:
flashcash (id for one site:MjcyNzM6NTo4)
etu-cash (id:dcruto)

he's also pushing a bunch of other sites that dont seem to be tied to a particular program. They all have the same layout, no webmaster link, any ideas?

V ROCKS, Pay attention to this.

The problem with that bounce code is that you will send the surfer to the website, then every link to the join page at the website will be rewritten to include the swappers code.

Not all scripts are necessarily coded the same way. This could help against some scripts I would assume.

tnx for sharing whit us good to know!

hmmm am I getting shafted here:

1st page: 1283
2nd: 242

bump for justice

Some points I would like to make.
If this problem gets big enough good afilates will leave and go eleswhere.
Ive been hacked riped off and endless other problems and there are days when I wonder why I bother. I dont really need to do this to make a living.
If the margins get even smaller. It comes dwon to whats in it for me.
I know theres a hundred newbies wanting to fill my shoes.
But none of them will last long enough to learn if his costs out strip his sales.
I guess these days maybe 1 in a 1000 newbies make it to full time and I see that growing less and less.
Sponsors that take this type of stuff seriously will get my traffic.

This thread is sort of ironic given the number of sponsors happy to promote RansomWare.

Exactly.

I have sponsors who swear their console-free links are clean, but when I get exits and popups pointing to sites like Movie.tv on their 'clean' links, I'm not surprised they are holding top revenue positions in the biz (and have the advertising resources to stay on top).

Yeah been around for ages now.

Trojans have NOTHING to do with servers. They are a
client side program that rewrites stuff on the CLIENT-
SIDE. This is a terrible example and has nothing at all to
do with trojans. Hacking GFY's banners on the server end
would get noticed and switched pretty quickly. Doing it on
the client side is much more effective.

Like what? If morons install spyware on their computer, all
u can do is try and edumucate them, like TheHun does.


This has always been a rule of the industry, since LONG
before trojans and toolbars appeared. Smart webmasters
get on early onto good sites with good content. They
promote them heavy before anyone knows about them,
even getting better payouts for giving a new site such a
boost. Then once the TGPs have wasted out the content
and the conversions drop u move to a new fresh sponsor.
Sure trojans will hurt conversion rathers, but surfers
having seen the content before is a much bigger factor.

-Ben

I think that is a great place to start and is a very simple and effective tool that webmasters of all sizes can use to combat the problem.

Great thread. Lets keep the discussion going as this is a very real problem that has a very real impact on everyones bottom line.

Someone pointed this out earlier, but I think it was glossed over.

Most anti-spyware programs remove cookies as well. So until more programs start tracking via other methods, this isn't a very good idea.

Hi Smokey,

would you mind putting me on your iCQ contact list?

I´ve got a question for you...

154-723-327

Thank´s! ICQ sent.

One of my mainstream sponsors just opened an inhouse aff program. Switched things over last night and it's 2PM PDT i'm at $324 so far for the day in sales, whereas before i was lucky to break $200 a day before with *exactly* the same traffic. Kinda makes ya go "hmm".....

Hang-on..... Think I have an orange here somewhere.....

Anyone have an apple?

With that switch there were probably something like 5000
lil changes. Can't exactly take anything from that. The
change in ratio could be due to any combination of
thousands of things.

-Ben

This is an amazing thread. I can understand the thinking some of the bigger programs are involved, since they would be larger (and possibly easier) targets. A $1000 at 7-11 is extremely noticable. A $1000 at a casino doesn't bat an eye. Some follow up questions I would have on the issue are:

1. How is the traffic that is skimmed determined? It seems that the skim may be set to a percentage of overall traffic sent to a certain program(s). Or it could be to a certain range of referral information. Once more information is collected, there has to be some things they all have in common.

2. Let consider the possibility that the traffic is not being sent to the same sponsor as the original refferal, or even to a public program at all. Quite a few of the large programs have similar style names and sites that are easy to emulate. Hell, it may be a hidden tour designed to look like the original.

3. Programs give as many reasons to themselves why sales are down as they give to their affilliates. Some are valid, some aren't. There are many "X" factors and it is easier to blame things than to look for answers. It would seem that action on the part of programs would dictate whether the loss of funds is really occurring on their end. If it is "everything is rosy for us" then there would appear to be an issue and they are still receiving credit.

4. Sales are really down for many affilliates and programs due to the huge influx of competition in the market place. Yeah, this option sucks. Lets just look at the previous 3.

Accurate reporting of traffic stats by programs and comparing it with your own data seems like the one of the easier ways of determining if this is happening to you. I want this thread to be a sticky

in earth terms please...?

We realise thing change thats what we are trying to figure out..

pstation said his sponsor changed all their code and the
signups changed. Then tried to relate this to trojans not
being updated with the new URLs yet....... During that
switch so very many things changed that there is no way
to say that it demonstrates any kind of trojan activity.

Yeah ok hijackers are bad.....

but seriously.....

To blame them for market fluctuations is a bit of a stretch.

Want to know why your signup ratio is down from a year
ago? Is it? Look at the market.... Look at the global
economy.... Catch the news sometime.

Lets say you have 2.5 kids, a mortgage and commute 3
hours to work each day. What will you buy first, porn, or
petrol?

-Ben

Here is just a little more proof that this whole scenario is happening.

http://www.benedelman.org/spyware/18...liates/#silent

Sponsors rarely can do a lot to stop it,something more general/powerfull could,a few court cases

Have you been reading this thread ? try starting on page#1

It isnt one person saying this , its MANY ESTABLISHED webmasters noticing this trend..

you should really try reading this thread more carfeull instead of making silly correlations like gas prices..

Overall signups are NOT down on sponsors.. its DOWN for honest established webmasters . do you get the correlation ?

And if you think for a second that adware doesnt change trends in buying your oblivious..

Is Moviepass doing this?

http://www.realtechnews.com/posts/2959

WOW how did i miss this a couple months ago.

I guess it really does take seeing it happen to you with your own eyes for you to realize how much money you are losing to thieves who push this spyware shit.

didn't read the thread, so maybe it was discussed, but if the trojans can change the ref code, couldn't they change the whole url? So if an affiliate program drops one of these whales, they would replace urls to Cam Site 1 with urls to a competing Cam Site 2?

[ double post ]

bump for what was noticed months ago but apparently nothing was done about it.

So, basically, affiliates only get credit for immediate signups? And if they bookmark and come back next week to signup, the affiliate loses out? Sure, client-side cookies are vulnerable, but at least implement them for crediting the affiliate if the surfer comes back at a later date... because in the end, the surfer found your site through the affiliate

Wow, what a bump

whats with all the old ass threads being bumped?

this is an old thread and almost nothing has been done about it

assuming that they don't scale out their affiliate id's much like the scale out the spyware they distribute? just playing devils advocate to that one.

If you are a webmaster then you would know!
Take a good look around the board for real posts that pertain to making and loosing money.

sorry, but it's not that old, and I've been chatting with a few paysite owners on how to solve this problem. There is a realtively simple (not foolproof) problem, which some are interested in and others don't care about.

It is damn interesting who cares about affiliates and who doesn't.


For those that give a shit, take a look at this link - referer URL is not a simple option. Referer code clearly isn't.

I'm working with a couple of paysite owners on making a transparent option that will solve this current problem. It is not foolproof, but until the next exploit appears, it's foolproof for now.

bump for a great read.... fucking virus's and spyware piss me off

because the problem is still happening and this thread should be bumped until the problem is fixed.

if you notice people making sales from other people's urls , you need to look into it..

This is what I do but it seems most that talk about it really do not care. I guess I need to go to the next show and buy a lot more drinks. The two people that signed up today did it for this reason, work with each other on this. You don't have to sign up for my site because I told everyone how I do it, Melissa does it now and when she gets to busy Jen will do it.