|
Can IBill's Cookies be used to CHEAT everyone???
Here's something that I have been thinking about -- and Boneprone and I got to talking about this...
Let's all talk about IBill's cookies... shall we? Then we should move on to the behavior of cookie tracking of other billing systems! First I should mention that I know how to write cgi to set and read cookies so I'm not pulling this shit out of my ass. Here's how it started for me... I'm linking a movie off a friend's paysite (he uses IBill) and in the movie there is the URL of his site... I said to him, "Hell no -- why should I show the movie to my surfers and not get the credit for the signup when you get the type-ins?" What he said to me was VERY interesting -- and this is where we must start asking questions. He said, "No No... You can use this IBill link with any URL, even this movie -- this cgi sets the cookie in the surfer's browser... then you get credit even for a type-in!"... I'm thinking "Shit! That's cool..." -- then I think, "Damn! That could be dangerous!" What if -- hypothetically -- I set ALL OF THE PAYSITE IBILL COOKIES when a surfer comes in to my site... That surfer would have no idea! Now supposedly I don't even need to use any IBill codes -- if I set all the IBill cookies -- I can just link any paysite kindof like this: (a href=www.amateurpages.com) -- and I still get the credit because the IBill cookie is *already* set... While that seems neat -- that's no big deal... What IF I set ALL of the IBill cookies for a surfer -- then he leaves my site and then goes to YOUR site -- he clicks an ad... Now it's up to the IBill cgi to make a DETERMINATION... a) Does the original reseller get credit for the sale? or b) Does the old cookie get reset? If a) is TRUE, then we have some very DANGEROUS possibilities... What if portal sites set all the IBill cookies!? Holy shit! Well I'm not accusing anyone of setting IBill cookies -- I haven't done any tests yet -- I'm just asking questions so I can figure out how IBill cookies work... Also I don't want anyone to abuse this possibility! How many of you webmasters have any idea how cookies work!? Harldy any of you! You could all be fooled and have no fucking idea... You can see why I am concerned and how any portal site could just decide to set all of the cookies -- the surfer would have no idea -- meanwhile everyone down the traffic chain is getting fucked in the ass! We need to know some things... a) How long does it take for an IBill cookie to expire? b) Does IBill give precedence to the *first* site that sets the cookie *or* the last? The possible implications of b) seem catastrophic... Yahoo or TheHun could just be setting all the cookies for all the paysites -- any nobody would have a damn clue... Meanwhile everyone else down the traffic chain is totally clueless -- and not getting paid for all the real promotional advertising work... How hard is it to set a cookie? It's easy! ------------------ <A HREF="http://www.thefly.net/topfly.html" TARGET=_blank> http://thefly.net/flybump.gif </A>Oh Baby! TheFLY.net [This message has been edited by TheFLY (edited 12-06-2001).] |
counters??
hmm. |
I should mention that only IBill can set IBill cookies -- that's how cookies work... That's what keeps your user information secure and safe... There's no way for site B to read a cookie that was set by site A... And only IBill can read IBill's own cookies.
At first I was thinking that a counter program like for instance Sextracker could set all the IBill cookies -- but I don't think this would be possible... Even still it would be a trivial task to set all the IBill cookies of a surfer upon entering a site... [This message has been edited by TheFLY (edited 12-06-2001).] |
Depends on the code used, and what the reset is set for. It is not easy to reset a cookie short of deleting it physically from the users machine (which the user would hafta do) or some more lengthy code. Once the cookie is set.. it's pretty much set, unless you got something in place to override it. BUT.... as we go into cookies here, (and I'm sure this thread will involve a lengthy debate)... you can set more than one cookie as well. So.... you would also need to know which specific cookie they're looking for in a given circumstance.
It's not a black & white type of thing. |
This is Very interesting indeed ??
Mike Burns (Lensmans lead programmer) may be a good person to comment on this. He is 1 very shapr guy??..Mike if you read this, then whats your thoughts on the matter? ------------------ Smile and Be Happy Lightning Free Hosting Gay Free Hosting Girls Host [This message has been edited by Lightning (edited 12-06-2001).] |
AMP you are so right -- but I thought of this already...
Even if IBill sets multiple cookies for the same paysite with multiple resellers (which it has the option of doing) -- this does not change anything. IBill can't split the sale three ways among three sites -- somebody is going to get the sale -- either the first or the last... In essence it doesn't matter if there's more than one cookie set for the same paysite -- or if IBill resets an old cookie w/ a new reseller's cookie... Somebody gets credit... Who is it? [This message has been edited by TheFLY (edited 12-06-2001).] |
Quote:
|
Well there's an easy way to figure this all out but I'm too lazy...
- You can clear all your cookies. - Hit an IBill link off a freesite. - Go into your browser and see when that cookie will expire. - Go to another site with the same ad. - Click that IBill link - Sign up - Somehow figure out if the first site got the sale or if it was the second site... |
I also would like to know. This is an intresting post.
|
...if the first site got the sale, then a lot of us are in deep doodoo...
...and a select few will BANK $$$$ [This message has been edited by TheFLY (edited 12-06-2001).] |
Quote:
You only make a sale to one site at a time, unless I am missing something from this last post. |
Well, I guess it would come down to finding out what the reset time is for their cookies then...
I have some affiliates for my design stuff, and I have my cookies set for a specific period. Then give the affiliates their individual ref codes. When they whore it out, and someone clicks their ref code, it sets the cookies. (Two of them actually)... But I only check for one of them. (One is just a dummy cookie for other purposes) Once it's set... the only way someone could override it is if they told that user to go in and delete their cookies and then click a different ref code to set a new cookie. What this means is.... let's say, someone clicked on a ref code you had whored out for me. They checked it out and looked good.... blah blah blah.... wanted to spend some money, but realized that someone was making a commission off it. "Hmmm.... well, I got a friend that promotes these guys too...." He talks to the friend, friend tells him to delete the cookie... and you get the idea. I can set those cookies to last for whatever length of time that I want. 30 seconds or 30 days... or whatever... So... if IBill has there cookies set to only track for a minute or two.... then someone from another site could easily get the sale. But if, like some good sponsors do, set their cookie for an average of three days or so.... then only the original click will get the sale. I've found that alot of sponsors set their cookies to track for around 3 days. No other ref codes will override that initial cookie for those three days unless the user deletes his temps & cookies from the disk. I'm rambling.... must have more beer. |
Quote:
Let's say the first site is "TheHun" and the second site is "Joe Blow's gallery pushing Amateur Pages..." TheHun could set all the IBill cookies ahead of time (including Amateur Pages)... The surfers and the gallery posters would have no idea... and all the little schmucks posting galleries using IBill links to Amateur Pages would not get credit for any of their traffic -- because TheHun had already set the cookies...! See how easy this is to do? |
pete, ICQ me and I'll give you an answer on how this works. http://bbs.gofuckyourself.net/board/smile.gif (pretty simple to figure out..)
-Phil |
Quote:
|
Hey Hun! If this is all true then you owe me big time! Hahaha...
Early reports are coming in saying that CCBill does not set any cookies... ??? What about globill and epoch...? |
great! i'll be the 1st guy in my neighbourhood next year driving a lamborghini!
time for some phonecalls!! |
Wizzo! Delete this topic now and let's keep it for the family!
|
Now we can make the determination that *ANY* site that is setting cookies w/o actually advertising the paysite... is stealing!
Yet while this is theft... how can you stop it? Even if TheHun is noble enough not to do this -- every little prick site on the internet will be setting all the IBill cookies! You can guarantee this. WE MUST PUT AN END TO COOKIE TRACKING FOR PAYSITES!!! THE OPPORTUNITY FOR CHEATING WITH COOKIES EXISTS AND THIS IS A GREAT DANGER!!! |
Quote:
|
ok ok enough said! you know i want a share of Labret's signups
|
ops! AMP is here too http://bbs.gofuckyourself.net/board/smile.gif
|
Quote:
Brad ------------------ http://www.sintalk.com/banners/sintalk_1.gif |
Quote:
|
duh, that's why i get more sales on top gallery listings, no matter the traffic or clicks, the strange ratios mystery is solved?
|
globill sets a cookie too http://bbs.gofuckyourself.net/board/frown.gif
|
It's certainly not new. Look in your cookies folder. There's shitloads of cookies in there. Everyone sets cookies.
|
Most larger and reliable programs (read : the ones you actually send traffic to) do not use cookies to identify their signups through ibill (or any processor for that matter). ARS, PornMegaBucks, SicCash etc...you guys can't lose signups through people playing with cookies.
------------------ The Largest Recurring Sponsor On The Net |
amp>yea but a cookie to store a ref code sounds pretty new to me, i bet amazon doesn't set ref code storing cookies for their referrals?
|
I see what you're geting at Fly, but here's the deal....
unless these guys are using absolutely the most basic of code for setting their cookies... tracking cannot be falsely planted. Mine can't be. Not by simply hrefing the domain like your example. This is why I use the coding that I use... (and no, I'm not giving it out here.) But basically... if someone typed in my address raw... one cookie is set. If someone clicks "Joe Snuffy's ref code", then that cookie is set. And on down the line. Regardless of which cookie was initially set, no other ref code cookie can override it. Not even (especially not) the raw cookie. The first ref code in gets the credit. Trust in the code... no one is getting fucked unless the programmer was an idiot. That's all I'm giving out here. |
This is some deep shit..... I would like to find out as much as possible on this one and i am sure IBILL will be hearing from many of us if they havent already...
|
There are only two answers to this problem...
1) Delete this thread right now -- and we can all bank! or 2) We need to demand that all credit processors stop using cookies! What else can we do?! |
i agree
let's delete it |
this is some scarry shit and makes a lot of sense.
|
Sorry, but you are not authorized to perform this function. Use your Back button.
damn ! |
wanna some extra scare?
what about programs like napster that are used 10 times the amount of the tgp visitors. Should i remind you that napster loads web pages for the daily news? |
Quote:
Thanks for posting Jim. I have always heard really great things about PornMegaBucks and I used it myself a long time ago... I take your word for it that PornMegaBucks does not count the cookies... but I think we need a list of the *safe* sponsors -- and also maybe some type of watchdog agency to keep an eye on this list -- and red flag the paysites that are using cookies. |
soulrebel> if you want to get paranoic then aol/msn, etc. have nice start pages http://bbs.gofuckyourself.net/board/smile.gif
|
can anyone suggest me a good cookie book?
what about making cookies read-only this way the new site won't be able to change the info of it. |
Why does this seem scary to you guys? It's not rocket science. It's just code. Like I said, unless IBill's programmers were morons, there's no way anyone is going to get fucked. The first ref code in is the one that gets the credit. From there, it all depends on the duration of the cookie. After that, it's fair game. And a raw domain cookie will never override a ref code cookie if coded right. Someone trying to cheat the process would have to know the exact moment of cookie placement, which one it is, how long it lasts, and which one is being read on playback. And that ain't an easy task to come by.
[This message has been edited by Amputate Your Head (edited 12-06-2001).] |
Quote:
First I need to determine: a) Will IBill let me set a cookie of a paysite calling ANY URL...? I think the answer to this is YES. I can probably use the IBill code to call a 1x1 image on my own site to place the cookie for any IBill paysite that is using cookies to credit webmasters for signups. b) IF IBill only allows cookies to be set *if* the "redirected" URL (ie: the stuff after the "?") is substring searched for the domain of the paysite... THEN I would find a very small image on that paysite (like a little bullet or visa.gif) and use that image to set the cookie... Take all these little tiny images -- place them at the top of your page -- *BAM* -- you are the master referrer of all of these paysites! |
amp> do you think it's fair? say someone is at my site, clicks on a sponsor link and quickly changes his mind and come back to follow some more links, then gets to YOUR site, and YOU get him horny enough to click+sign up, and i get the credit...
is that fair? worse yet, let's say he clicked my ref sponsor link 2 days ago? |
May I suggest DMR as a billing solution?
|
I'm sorry... have I been unclear?
Roberto... you got a ref code to my site. Someone clicks on the banner with that ref code. BAM! You got the credit until that cookie's duration runs out. Whether that's three days or ten seconds. Mr. Surfer decides tomorrow that he does indeed want to buy a membership. But has a buddy named The FLY who he knows has a ref code for the same site... so he goes and clicks on The FLY's ref code and signs up.... Who gets the credit for that sale? Roberto. The only way FLY would get credit for that, is if Mr. Surfer waited until the cookie expired... or went into his hard drive and deleted his cookies and THEN clicked on FLY's ref code. What is so unfair about that? How else are you going to track a surfer for any length of time? Or do we just NOT track them at all? Is that MORE fair? Bullshit..... first ref code in gets the sale. Provided... it's within the set time period. I see nothing unfair about it. |
Quote:
The answer is no. ------------------ $60 / Free Signup! Get a $50 "welcome bonus" credit to your account just for signing up + $60 / Free Signup! |
Quote:
whatever |
Quote:
[This message has been edited by Amputate Your Head (edited 12-06-2001).] |
don't be so sure real mangoo because out there some programmers can do real magics.
|
Quote:
|
amp> i pretty much explained my point, not trying to be a smartass myself neither, but i don't understand why should i get credit for someone else's sale, or someone else getting credit for my sale (most important http://bbs.gofuckyourself.net/board/wink.gif ) i just can't see the logic.
let's say we are telemarketers, we both sell the same product and have the same prospective clients database, i call first, i suck at telemarketing and this potential customer doesn't buy to me. now 2 days later you phone the same person, actually manage him/her to buy the same shit i couldn't, and I (that previously failed to sell) get paid the commision? what's the logic?!? |
| All times are GMT -7. The time now is 09:31 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123