Cookie Stuffers trying to stuff from my forum!

[PokerXtra]

(GWPA I couldn't find where to post this, I hope it is OK to post here)

A warning to ALL webmasters, who have sites where the public can post!

I have recently had attacks on my forum from cookie stuffers!

They were creating accounts at my forum, and posting like a normal user!

The only difference is they were trying to post using 'off-site' smileys!

they control the image that they have linked to, and they can insert the cookie stuffing code into the image file!

resulting in cookie stuffing any user who tries to load the image!

TIP: Don't allow people to embed images that are stored 'off-site'

I don't agree with cookie stuffing, especially when they try to steal MY commissions!

I have had to report the cookie stuffer to the appropriate affiliate managers, as they cookie stuffer kept creating forum accounts and I was unable to get any reply from the cookie stuffer!

I have also managed to prevent any further attacks from the cookie stuffer, but I will always be looking out for them, and suggest that ALL webmasters should be aware of cookie stuffing and how it is done so that you can combat and report them all!

I hope this post is useful to you all

FULL POST: affiliates.pokerxtra.com/forum/discussion/5/cookie-suffing-forums-blogs-and-social-sites

[PokerXtra]

The problem is, now my eyes are open!

I see LOTS AND LOTS of very big sites cookie stuffing! (even big branded sites)

I am very shocked at how many sites cookie drop/stuff, and there are many methods of cookie dropping too!

EASY WAY TO CHECK IF A SITE IS COOKIE DROPPING:
1) Open your browser and goto the site you want to check
2) Delete ALL of your cookies
3) refresh the site/page that you want to check
4) check you cookies, if you see any cookies for sites you have not visited it may be likely that they were stuffed

NOTE: You may notice a few cookies from third party sites for stats or google adverts etc..

But if you see a Amazon or eBay or Gaming Site cookie, and you have not visited the site directly, then the offending site has stuffed those cookies onto your computer!

Hope this helps

[F.C.Dosh]

Just looked at that full post, but I dont get it....

Cookies in a gif file??

[PokerXtra]

Just looked at that full post, but I dont get it....

Cookies in a gif file??

you can save a .php file as a .gif

when you load the .gif file in a browser the php code is ran by the browser regardless of the extension of the file

NOTE:
the cookie stuffer that I found on my site was using script or .htaccess to control when the .gif file was swapped for the cookie stuffing code!
(this way the image is loaded some of the time to make icon/smiley seem real)

I hope this makes more sense to you!

[Voids]

So is there anyway to stuff all of your affiliate links into one image o.O ?

If you can is it ethical?

[F.C.Dosh]

Ah, so its a php file cloaked as a gif.

Right I get it..thanks for the explanation.

[F.C.Dosh]

So is there anyway to stuff all of your affiliate links into one image o.O ?

If you can is it ethical?

Methinks that would be very much black hat..

[PokerXtra]

So is there anyway to stuff all of your affiliate links into one image o.O ?

If you can is it ethical?

Yes it is possible, but they tend to stuff only one or two at a time, so that they don't get caught

Ethical = NO (Definatley a Black Hat Technique, Could argue Gray Hat if they stuffing there own sites)

They control the image file, so they can run any script and change it at any time too

Cookie stuffing can be done in many ways not just via embedding an image file!

But I am not here to teach people how to cookie stuff!
I DO NOT AGREE WITH COOKIE STUFFING - MOST STUFFERS ARE OUT TO STEAL COMMISSION

[Voids]

I was more thinking of using it on my own site, I've been liaising with a few visitors of my site, and they say that they have seen and offer and wanted to use it, but decided to manually type the link in, rater than using the click-through. The fact that they wanted to sign up because of my site, but I won't get commission is annoying!

[PokerXtra]

Ah, so its a php file cloaked as a gif.

Right I get it..thanks for the explenation.

Yes cloaked is one way they can do it with .htaccess file!

But they can literally save a file.php as a file.gif
then load the file.gif in a browser and the browser will still run the php code (even tho it is a .gif)
the image wont load as it is not an image, but the php code will still run

[PokerXtra]

I was more thinking of using it on my own site, I've been liaising with a few visitors of my site, and they say that they have seen and offer and wanted to use it, but decided to manually type the link in, rater than using the click-through. The fact that they wanted to sign up because of my site, but I won't get commission is annoying!

Using on your own site would still be considered Gray Hat, as the user is not clicking to receive the cookie!

Some ideas for you that may be better for you:
1 - RECOMENDED) Promote better on you page to get your users to use your links
2) You could cloak you links, or use a redirection page (may increase clickthroughs)
3) Some affiliate programs may allow you to do either a popunder or popup (annoying tho), but you could use that method to get your affiliate cookie on to your users! (still cookie stuffing in my eyes, but may be allowed for some affiliate programs)

[xYassassinYx]

I was more thinking of using it on my own site, I've been liaising with a few visitors of my site, and they say that they have seen and offer and wanted to use it, but decided to manually type the link in, rater than using the click-through. The fact that they wanted to sign up because of my site, but I won't get commission is annoying!

I agree with PokerXtra's post, you should improve some aspects of your site to improve conversions.

I checked your site and most CTA's seem to just be banners. Personally I've always found text links or a nicely designed table (displaying site, logo, bonus, and 'visit site' button, or something along those lines) to be WAY more effective than just a banner.

Also your aff links are displaying and would be much better if you put these all in a /visit/ folder so your visitors would see your external links as .com/visit/bet365/ for example - much less spammy looking, plus sites often change aff links and this means instead of going through every age to update the links you just have to go to one and change it.

I loved your betting previews for the football matches.

(Sorry i know this was off-topic but visitors should never be telling you they manually typed the site in, seems a lack of trust in your website).

[PokerXtra]

Also your aff links are displaying and would be much better if you put these all in a /visit/ folder so your visitors would see your external links as .com/visit/bet365/ for example - much less spammy looking, plus sites often change aff links and this means instead of going through every age to update the links you just have to go to one and change it.

I recommend this manual method of cloaking links!
I either use the folder option eg:- sitename.com/go/carbonpoker/ OR i use a subdomain to manage links eg:- go.pokerxtra.com/carbonpoker
I started to use this method a few years back!

Benefits:
1) Don't loose traffic from old links
2) When you need to update a link you only have to update it once (not thousands of links)
3) You are linking to your own site every time you post a link
4) If you need to display a notice or review page before they leave your site, this can be done easily and edited easily!
5) Gives you more control of your traffic

[universal4]

In my opinion, (not shared by all) this is why ALL cookies should be over-writable...that way the person that generates the click (closes the sale) gets the credit for the referral not someone that A) stuffed a cookie or B) sent the visitor previously but failed to close the sale.

Rick
Universal4

[PokerXtra]

In my opinion, (not shared by all) this is why ALL cookies should be over-writable...that way the person that generates the click (closes the sale) gets the credit for the referral not someone that A) stuffed a cookie or B) sent the visitor previously but failed to close the sale.

ALL cookies are over-writeable in my opinion

This does not solve the cookie stuffing, the cookie stuffers are cashing in on traffic that you don't convert (generally speaking)
Unless the affiliate program they are stuffing cookies for pays on a first referral basis (such as 32red)

But if the visitor gets stuffed then revisits the affiliate product site the following day via a non-tracked source, such as typing URL in browser or via a search engine, the stuffer may get paid too!
(even if the visitor clicked your affiliate link last)

[universal4]

While I agree that cookie stuffing is bad and certainly wrong when someone tries to pull it off on YOUR site....

...if a cookie is over-writeable, then the cookies that was stuffed would be over-written with the cookie set when the visitor clicks through on a normal link thus giving credit to the affiliate that sent the visitor.

This is not always the case though....and there have been many many discussions here at the GPWA about this for years....

But back to the original issue, have you identified the indivuidual(s) responsible for this?
Have you banned them and possibly their ip?
Do you know if this individual is a member here?

Rick
Universal4

[PokerXtra]

But back to the original issue, have you identified the indivuidual(s) responsible for this?
Have you banned them and possibly their ip?
Do you know if this individual is a member here?

No I don't know if they are a member here, doubt it as they a black hat team!

I have my suspicions on what site is responsible, as they cookie stuff from there main site! (have not reported their site)

I reported the individual cookie stuffer to the relevant poker sites, and gave ALL of the cookie data so they can see if the cookie stuffer is 'faking referrer'. I was thanked

Didn't see the point of banning IP as I know that it is probable they will be using proxy IP addresses

My solution to stop the cookie stuffer was to use a word censor to replace his domain name with mine. So when the cookie stuffer tries to stuff their image it will show my image (my image is a big red warning sign that says cookie stuffing failed)
NOTE: I will have to do this again if he tries to stuff from another domain, but easy to add words to my censor list!




Going back to cookies, ALL cookies are writable (except flash cookies, they can be undeletable).

It is just some affiliate programs pay on the oldest cookie, which would result in a pay for the cookie stuffer!

I DON'T UNDERSTAND WHY ANT AFFILIATE PROGRAM WOULD WANT TO PAY THE FIRST REFERRER?

but hey 32red do and that's why I wont bother promoting them anymore, I made signups and did not get awarded !
can read more about my 32red issue here: http://affiliates.pokerxtra.com/foru...-last-referrer

[universal4]

If a cookie is over-written, the "old" cookie no longer exists....so the "new" cookie becomes the "oldest" cookie so the theory about all cookies being over-writeable doesn't stand up to this logic....

Rick
Universal4

[lots0]

you can save a .php file as a .gif

when you load the .gif file in a browser the php code is ran by the browser regardless of the extension of the file

NOTE:
the cookie stuffer that I found on my site was using script or .htaccess to control when the .gif file was swapped for the cookie stuffing code!
(this way the image is loaded some of the time to make icon/smiley seem real)

I hope this makes more sense to you!

Your server has to be specifically configured to run a .gif as a .php. This is NOT the default for most servers.

@PokerXtra, Looks like you use a lot of .swf files. You might want to take a look at this
http://yuilibrary.com/support/2.8.2/
There is a security bug which "allows JavaScript injection exploits" in 2.8.1 and earlier swf files.

[PokerXtra]

Your server has to be specifically configured to run a .gif as a .php. This is NOT the default for most servers.

ALL browsers will run a .gif file as a .php, you dont need to configure servers .htaccess

Example: get a file.php and write some php code in it then rename it to file.gif, then load the file.gif in MOST browsers and the php code will be ran
(no special server configuration needed)

This is a security floor for browsers, if browsers treat a php coded file as php regardless of the file extention
(not a hosting server issue)

The attackers ARE using their own servers to disguise and cloak their files using .htaccess
(but this is so they have control who they cookie stuff)

@PokerXtra, Looks like you use a lot of .swf files. You might want to take a look at this
http://yuilibrary.com/support/2.8.2/
There is a security bug which "allows JavaScript injection exploits" in 2.8.1 and earlier swf files.

Thank you for the Java exploit, have read and checked, I think I am safe from these types of attacks