Suggestion for CCBill and other Billing companies

[RawAlex]

The billing companies need to take action to stop the erosion of sales through toolbars, spyware, and other tricks being used by third parties in interrupt or intercept the sales process.

The scammers are triggering on domain names (apparently join.ccbill.com is a real good trigger) and has allowed these guys to easily set up popups, redirects, hijacks, and affiliate code substitutions tricks to steal sales from honest affiliates and programs.

Right now, it would appear that this common join page URL is a real issue that needs to get addressed rapidly. Linkster's tests suggest that site using the new beta.ccbill.com joinup link are not getting hit.

Perhaps it would be time to fight fire with fire, rather than waiting to see how it turns out?

[Sebastian Sands]

Amen... !

[notoldschool]

sucks. examples?

[RawAlex]

Quote:

Originally Posted by notoldschool

sucks. examples?

According to Linkster:

Quote:

Went back and verified the pop on the CCBill join page for one site - the url was the bill.ccbill page - when checking the newer type join page I didnt get it for another site - with the url at beta.ccbill

They woudl attack the third level because attacking the second level would mean an expensive popup on every ccbill click, including many who use the counting system to track gallery views.

[Mutt]

where is this Linkster information? my sales have been brutal the last two days.

[thonglife]

See sig....

[Barefootsies]

I am not a server dude, programmer, or tech but..

Couldn't there be something simple where the cookie has to match the referring site? If it doesn't, then it's flagged for review?

[TampaToker]

Quote:

Originally Posted by Mutt

where is this Linkster information? my sales have been brutal the last two days.

You and everyone else's this is getting old very fuckin quick! Talked to alot of sponsors today and they are down 50% to 80% as well.... We are hovering around the 70% mark ourselfs . I have only seen one decent size sponsor actually say anything about this and i applaud them.

[RawAlex]

Toker, one of the problems of the adult business is the big dick mentality. Nobody wants to admit their dick is smaller or shrinking. Everyone just keeps stuffing their codpiece and saying "my dick is big" even when many programs aren't making 30% of what they made 2 years ago.

The traffic and the business is being swept out from under our feet. Easy, simple attack points need to be secured. This is getting out of hand.

[RawAlex]

knock this back up for more discussion

[Chio]

Good idea Alex. We'll implement some counter measures on ours.

[woj]

Quote:

Originally Posted by Barefootsies

I am not a server dude, programmer, or tech but..

Couldn't there be something simple where the cookie has to match the referring site? If it doesn't, then it's flagged for review?

Spyware pretty much has complete control over the browser, so it can submit any cookie and any referer url they want to ccbill...

[RawAlex]

Quote:

Originally Posted by woj

Spyware pretty much has complete control over the browser, so it can submit any cookie and any referer url they want to ccbill...

That's why my idea goes back to triggers. CCBill is a perfect target for these things, because literally thousands of paysites call thier join page in the same manner. It's a nice big juicy target. Either redirect the surfer to another join page altogether (simple) or inject alternate affiliate codes (harder, you need a long list) and the trick is done. The traffic is stolen when it is the ripest, when the surfer has pulled out the CC and is getting ready to join.

NATS based sites also face the same issue: signup/signup.php is the weakness, easily spotted and used as a trigger for substitutions or redirections. Traffic sucked away from those pages would be primo stuff.

It's not hard to see how it can be done because much of the industry is now working with the same small set of tools.

[woj]

Quote:

Originally Posted by RawAlex

That's why my idea goes back to triggers. CCBill is a perfect target for these things, because literally thousands of paysites call thier join page in the same manner. It's a nice big juicy target. Either redirect the surfer to another join page altogether (simple) or inject alternate affiliate codes (harder, you need a long list) and the trick is done. The traffic is stolen when it is the ripest, when the surfer has pulled out the CC and is getting ready to join.

NATS based sites also face the same issue: signup/signup.php is the weakness, easily spotted and used as a trigger for substitutions or redirections. Traffic sucked away from those pages would be primo stuff.

It's not hard to see how it can be done because much of the industry is now working with the same small set of tools.

It's not clear what solution you are proposing... Are you proposing that different sites would have different ccbill urls? For example: 26512342.ccbill.com, 36542134.ccbill.com, etc

If so, it would take at most perhaps a day or 2 for spyware guys to figure this out, and then they would just trigger on any subdomain on ccbill.com

[RawAlex]

woj, actually, no, something a little more complex than that.

ccbill's system could distribute a list of acceptable domains to send joins to, perhaps communicating with the various partner systems in a push method to keep that list up to date. Every week or so, switch out the valid ones with other ones, and keep going. Essentially, don't keep your single signup domain as a simple target.

So for this week, ccbill21.com, ccbill22.com billbycc.com, ccbilling.com, cc22bill.com and joinnowcc.com are active. next week, they get replaced with new ones. The new ones would always be the best to use because the toolbar people won't have them. Switch them often enough, and the toolbar guys will get tired.

A similar thing could be done with the click counting. Instead of a long CCBill link, that could be replaced with simple code that goes on the domain of the paysite, which in turn triggers the count with the affiliate code. So instead of the long ccbill link, your link would be (and always be: www.paysite.com?9233745 (whatever your affiliate code is) and that system would translate it and push it through the most recent ccbill active domain for clicks.

With a rotating list of about 200 or 300 domains, and new ones added from time to time, it would be pretty hard for the toolbar guys to keep up. With the system in place, all join hits could easily be sent to another domain within minutes, and in fact that domain could be different for every join request.

It would be extremely hard (if not impossible) for Zango to trigger, example, in that circumstance, and it would require people to bid on all 200 or 300 domains to have a hope. Then you drop all those domains and replace them and they are fucked again. When it becomes too much work for them to attack you, they will move on to something easier.

NATS has the same problem with their default structure, which makes it very easy to trigger on the join pages. With one buy at Zango, I could pop a join page for another site over every single default install NATS site out there right now.

Why do you think your sales are evaporating, even as the traffic stays strong or increases?

[RawAlex]

Oh, woj, let me add this: they don't want to trigger on any ccbill call, because then they would pop on the initial click and not the join page. The join page is CREAM, and they want the cream.

[woj]

Quote:

Originally Posted by RawAlex

Oh, woj, let me add this: they don't want to trigger on any ccbill call, because then they would pop on the initial click and not the join page. The join page is CREAM, and they want the cream.

I'm over simplifying thing a little, but it doesn't really take a PhD in computer science to figure this out... geee, if domain=ccbill.com AND page contains <form> elements, then it's a join page, otherwise it's not...

[woj]

The other idea has some potential, BUT
1. domains cost money, takes time to set them up, etc... + all of them would need a SSL cert = additional bs to deal with + additional costs
2. if surfer sees asdf3war3432.com he may not be as confident signing up as if they saw ccbill.com, so most likely conversions would drop a little
3. nothing is stopping spyware guys from starting a bogus paysite, so they would get a list of the allowed domains directly?
4. they don't even need any lists, simple logic: if the url is https and page contains the word "ccbill" then it's a join page

[Blackrose]

bump this important thread to the top!

[aico]

we should all just change it to mail in cash subscriptions.

[V_RocKs]

They make money no matter what.

[RawAlex]

Quote:

Originally Posted by woj

The other idea has some potential, BUT
1. domains cost money, takes time to set them up, etc... + all of them would need a SSL cert = additional bs to deal with + additional costs
2. if surfer sees asdf3war3432.com he may not be as confident signing up as if they saw ccbill.com, so most likely conversions would drop a little
3. nothing is stopping spyware guys from starting a bogus paysite, so they would get a list of the allowed domains directly?
4. they don't even need any lists, simple logic: if the url is https and page contains the word "ccbill" then it's a join page

The urls don't have to be alkdjslkjlksdfsd.com , they can be differences on "ccbill" and that would be a start. I haven't done an SSL cert, but I am betting there is a way to handle "variations" on a domain name.

As for getting a list via a bogus paysite, that would be possible, but then that information have to be passed to all of thier individual end installations, and that would take time. More importantly, in a situation like someone using Zango to target CCBill, they would have to keep buying space on more and more domains to keep up. At some point, the amount of manual labor required to stay current would be more than they would want to tolerate.

As a side, I would also suggest that all programs (NATS, CCBill, and others) make them names of certain pages somewhat random during install. Instead of join.php, why not sdfkskfljsdf.php for one install and dfkieridk.php for the next? these guys are all using URLs as the triggers, so why make it easy?

[QTbucks_Mark]

Quote:

Originally Posted by RawAlex

The urls don't have to be alkdjslkjlksdfsd.com , they can be differences on "ccbill" and that would be a start. I haven't done an SSL cert, but I am betting there is a way to handle "variations" on a domain name.

Actually no, there isn't - that's the point of a SSL cert. You can get a wildcard cert which works for all subdomains of one domain (*.ccbill.com), but that's about it as far as I know.

Quote:

Originally Posted by RawAlex

As a side, I would also suggest that all programs (NATS, CCBill, and others) make them names of certain pages somewhat random during install. Instead of join.php, why not sdfkskfljsdf.php for one install and dfkieridk.php for the next? these guys are all using URLs as the triggers, so why make it easy

That's actually not a bad idea I think - at least for those running NATS/MPA3 and the like. CCBill is still handled by another domain (i.e. *.ccbill.om) so you don't have much influence there.

[RawAlex]

I would say anything that makes your coding unique would be a very good start.

As for CCBill, this may be the proof that they need to move to a system that runs on the paysite tour server and pulled the join page into that site, making it appear to be part of the site. This is a very serious situation, CCBill is such a juicy target.

[RawAlex]

back to page 1.

[Mutt]

Quote:

Originally Posted by RawAlex

I would say anything that makes your coding unique would be a very good start.

As for CCBill, this may be the proof that they need to move to a system that runs on the paysite tour server and pulled the join page into that site, making it appear to be part of the site. This is a very serious situation, CCBill is such a juicy target.

that's not going to do anything to slow them down - how hard is it for scumbags smart enough to code this crap to get a list of the top 1000 adult paysites? very easy to do.

[RawAlex]

Mutt, it is easy to do, but harder to maintain, more work, etc. Most of what I suggest is the same as remembering to lock you car doors. It won't stop detemined theives, but it will discourage some and have other move on to easier pickings.

My opinion right now is that CCBill and NATS sites are easy pickings, and they should not want to be.

[RawAlex]

Recycled to the top.

[StarkReality]

Another bump for a real problem.

[Zebra]

I'm surprised this thread isn't more active. Is there something being done behind the scenes and nobody is wanting to talk about it for fear of giving the crooks a warning? Or is just nothing being done about it?

[RawAlex]

Zebra, I think as much as anything, nobody wants to acknowledge that this is a major, huge, critical weak point at a very key point in the sales transaction. Zango allowing people to guy bill.ccbill.com is only a small percentage of the true toolbar / malware / scumware potential to trigger off that domain.

I very much doubt that CCBill would discuss this out there, but making people aware is the first step towards a solution coming along, either because CCBill wants to make things better, or because the program owners and affiliates get upset enough to ask for something to be done.

[webmasterchecks]

rawalex, they can simply target any page with ccbill on it to get around that. Ive worked in spyware for some time

anything you throw up as a possible general method that ccbill or any other processor or even paysite can use to "stop" this, there is a simple and effective way around. however, i am not going to post those publicly.

zango has been around for many years, and while everyone here in adult has been busy learning about hosting, traffic, content, affiliates, etc this whole time, zango has been doing their thing, and learning how to effectively monetize their installs. they expect companies to try to stop them and they figure out multiple layer processes to get around those attempts

they are huge public company and this is a huge mainstream problem as well, but zango makes a lot off of adult and have a lot of installs on adult surfers computers, they are #1 result on yahoo for porn.

they control the surfers computer, the only real way to address the problem is to get the software off the users computers, make sure they install firewalls, keep their anti-virus software up to date, etc

if the industry “really” wants to stop the problem, promote products like pctools/ kaspersky


In May 2007, Zango filed a lawsuit against PC Tools alleging tortious interference with its business and trade libel, because the PC Tools product Spyware Doctor at that time classified Zango software as malicious and removed it without informing users. Zango dropped the suit after the judge ruled that the suit was "unlikely to succeed on the merits of any of its three causes of action" and refused to grant Zango a temporary restraining order.

Also in May 2007, Zango filed in the same court a similar lawsuit against Kaspersky Lab, accusing it of tortious interference, trade libel and unjust enrichment for blocking the installation of Zango software. Kaspersky defended itself by invoking the Communications Decency Act (CDA), saying it was immune from civil liability based on the paragraph of the CDA headed "Protection for 'Good Samaritan' blocking and screening of offensive material". The judge agreed, granting Kasperky's motion for summary judgment.

http://en.wikipedia.org/wiki/Zango