GoFuckYourself.com - Adult Webmaster Forum - Sponsors And Processors

If you run a sponsor program (adult or mainstream) or work for any sort of billing processor that takes online transactions, I hope you'll take a few minutes out of your time to read this and spend the rest of the day considering it. I also encourage you to pass this along to anyone else you can think of.

Deceptive Advertising Evolves To Flat Out Fraud
The company behind Zango and their related "software" is stealing money from each and every one of us. Until now, it's been mostly the affiliate webmaster that has been suffering from the actions of this scumware company and their deceptive advertising practices. However, a few days ago it was revealed that now their software is not only being used to pop unauthorized ads over web sites, but they are actively opening alternate join/sign-up pages over legitimate membership sign-up forms in an attempt to defraud the surfers, the site owners, the affiliates, and the billing companies/card processors all in one step.

Affiliates Get Screwed
A Zango infected surfer steals from the affiliate in at least two ways. First, the surfer will get advertising shown over your site which not only takes away from their experience on your site, but you don't get paid for any of the advertising that Zango is placing on your pages. And second, when you refer a surfer to your paid advertisers, Zango can open new windows to the same sponsor with alternate referral codes, stealing your commissions.

Sponsors Get Screwed
A sponsor may think there is no real threat to them, since all sales lead to them in the end. It doesn't matter who refers the sale, the sponsor still gets the same deal every time, right? Wrong. Affiliates can also screw the sponsor thanks to our friends at Zango. An affiliate can use Zango to place ads that will pop up over type-in traffic too. Any sponsorship program needs those "no ref" type-in sales to pump up the bottom line and keep everything running in the black. A surfer can type in your domain, coming in completely on his own where you SHOULD get 100% of the sale, but Zango can pop another window containing an affiliate code (that will receive a cookie valid in any browser window), so now the affiliate will get his referral commission for a sale he didn't even refer. Someone could literally buy up keywords of the most popular sites and "refer" type-in traffic all day long and make a killing without ever putting up a web site or lifting a finger once they've started their zango campaign.

Billing Companies Get Screwed
With the recent discovery of the sign-up page switching, it's obvious that this practice will increase chargeback ratios. What surfer isn't going to call his CC company and get his money back after he figures out he didn't sign up with the site he wanted? Of course, rival companies in less friendly areas of the world could also use this type of practice to steal the entire transaction, just by targeting keywords that appear on card processing pages.

A Small Step In The Right Direction
Of course it's going to take a lot to completely end Zango and other software like it, but until we get to that point, there is at least one small and easy thing all of us can do to help at least lessen the damage. 3 quick lines added to the configuration files on any Apache powered web site can help to both stop zango from showing their ads, and also educate infected surfers about what is going on.

Many of us (affiliates) try to block this infected traffic from our sites, but it's like trying to defend a mountain from the bottom. There's too much space, too many paths to the top to block them all. We need to move to the top of the mountain, where we can see what's coming and take it out with a centralized defense. The pay sites and the processors are the top of the mountain. If these sites were actively blocking/redirecting surfers that show a zango infected user-agent, then Zango would not be able to show their "ads" at the point of sale. It would help to stop the problem of join-page switching, affiliate code planting or switching, and also shrink the available web space where zango can sell "advertising".

Below are 3 lines of code that, when placed in an Apache .htaccess file, will redirect zango infected surfers to an informational page with links to help remove the infection. If you don't have an .htaccess file, just create one with these lines in it. If you already have one, you can most likely just paste these lines on the end and it will work.

Code:

RewriteEngine  On

RewriteCond %{HTTP_USER_AGENT} zango|seekmo|hotbar|hbtools [NC]

RewriteRule ^$ http://www.thefilthyfew.com/zango.html [R,L]

This will block Zango and it's variants that identify themselves in the browser user-agent. You can check to see if it works on your site by using the free tool at http://www.wannabrowser.com

If you don't like the page it's redirecting to, simply change the last line to a URL of your choice, but make sure it's not on a domain where you are installing this code. (The page in the code above is permanent and will not be changed to include any advertising or anything other than Zango removal information.)

If you need help getting it to work on your site, please ask.

Thanks for reading this, and please help spread the word.