New hack MO dealt with right

[thepogg]

I quickly want to alert the community to a new style of hack that I encountered for the first time a couple of days ago.

While doing some research for an article I found wattlawfirm.com coming up in the rankings with the standard hack urls (/?en=/some gambling related term)

What was different this time is when you open the page, rather than load the standard review page it loads a casino home page that looks identical to the casino home page (including feeds), the only difference being the url in the address bar. Specifically all the pages on this site were loading AffiliateEdge (Club World group) pages. What concerned me in the first instance was that all the links on these pages were direct links with no aff tag even going to so far as to offer the correct link to the regulator license page.

There are two purposes to this post. The first is to highlight this new style of hacked page and the second is to highlight what should be done when a program finds out one of their affiliates is engaged in hacking.

I contacted Affiliate Edge about this on Monday evening (UK time). First thing Tuesday morning I was contacted by Martyn Beacon and we took a look at the pages in question. Using a tool called Fiddler (which I'm sure many of you are familiar with but I wasn't) we managed to track the aff code on load as can be seen here;



At that point AffiliateEdge did 3 things;

1) Suspend the affiliates account
2) Contact the affiliate to offer the opportunity to explain what we'd seen
3) Waited a little more than 24h and when no response was forthcoming redirect this affiliates links to dead space.

You can test point 3 for yourself. Do a site search in google for wattlawfirm.com with any generic casino term. You'll get lots of results coming up but now (if they would have loaded up a AE venue - more about that shortly) they're loading a blank page. I sat on Skype with Martyn this morning, he asked me to load a page which came up fine, asked me to reload it less than 1 minute later and it came up blank.

The point I'm making here is that killing the affiliate's account isn't enough. If the casino continue to receive traffic from hacked sites, regardless of whether or not they're paying for it, they're receiving stolen goods. AffiliateEdge demonstrated unquestionably that it's an absolutely trivial task to redirect an affiliate's tracking code to dead space. (Let's all give it up for a program that acts responsibly)

Given that we know the hacker is deliberately leaving up killed accounts to cause confusion, redirecting affiliate links to dead space demonstrates unequivocally that the affiliate program really have shut the account and are no longer benefiting from hacked traffic. There's no reason not to do it, unless they're still looking to keep the traffic, just not pay for it.

So the question remains - why are the below programs still showing up regularly on hacked sites with active links?

888 (no board I could see)
AffActive (message left on forum)
AffClub (no board I could see)
Fortune Affiliates (message left on forum)
Revenue Jet (no board I could see)
Slot Vendor (no board I could see)
Winner (no board I could see)

These are just the aff brands I saw from a quick look and I've excluded AffPower as they've made clear they don't care.

I'll post an alert in each of the relevant forums to this post. It's time each of these vendors stepped up to the plate and stopped saying one thing while doing another. No more excuses of 'we closed the account', the traffic needs to be redirected away from the casino's site.

On a side note, this particular hack appears to have been browser specific. It seems to have been showing the AffiliateEdge properties in Chrome and FireFox and Welcome Partners properties (a primarily Russian facing operation) in other browsers. If you look closely at the screenshot above you'll see images for "wulkan", "multigam", "max casino" and "bet365", though after testing using proxy servers and different web browsers I saw the Russian facing casinos a lot but never Bet365.

Also - some of these pages started to change to the same thing but with Ace Revenue casinos last night - I've not been able to track down any Ace Revenue pages again so can't yet extract the aff code, but I would encourage Ace Revenue to review their recent affiliate sign-ups and be vigilant for this activity.

[AE-Martyn]

Thank you for the kind words Mr Pogg.

It's how we work, we're different, we're honest and want no part in receiving stolen traffic no matter how profitable it could be. I'd rather not find out.

[universal4]

Kudos to Martyn and his team, and special thanks to ThePogg.

Rick
Universal4

[mojo]

Well done to all involved!

[sweetbet]

Affiliate Edge ROCKS!! It's one of the most solid and honest programs out there

[TravG]

Nice Job guys. It is god to know there are some god people out there still and I just might give an AE brand a better placement!

[AE-Martyn]

Nice Job guys. It is god to know there are some god people out there still and I just might give an AE brand a better placement!

I took a screenshot of this, just in case.

Thanks to all for the kind words - I hope we can work more with you guys going forward. Give us a nudge should you need us.

[thepogg]

I'm now seeing Ace Revenue casinos on the previously killed Affiliate Edge pages. They're not loading consistently (sometimes the same page will load blank), but they are there. The aff tracker link included below;




I don't work with Ace Revenue and all the necessary information is already contained within this thread, but if an AR rep feels they need further information they are welcome to contact me.

[AceVentura]

Hey Mr Pogg,

Dan here from AceRevenue.com. I was JUST told about this 10 minutes ago, and following what I read on this forum, I'm also doing the following:

"At that point AffiliateEdge did 3 things;

1) Suspend the affiliates account - Done
2) Contact the affiliate to offer the opportunity to explain what we'd seen - Sent Email, awaiting response.
3) Waited a little more than 24h and when no response was forthcoming redirect this affiliates links to dead space." - Will follow up to make sure this is done as well.

I would like to thank Martyn, for not only being extremely good looking, but also ensuring a high level of integrity in a matter such as this. Its important that this industry continues to instill fair-play policies when marketing their brands.

We also do not participate in accepting any stolen traffic, and if this ever comes up again, do not hesitate to call/email/skype/ me about it.


Sincerely,

Dan

I'm now seeing Ace Revenue casinos on the previously killed Affiliate Edge pages. They're not loading consistently (sometimes the same page will load blank), but they are there. The aff tracker link included below;




I don't work with Ace Revenue and all the necessary information is already contained within this thread, but if an AR rep feels they need further information they are welcome to contact me.

[universal4]

Another group that recognizes this issue for what it is and is following up and doing the RIGHT THING.

I have not yet had the chance to take a close look at your group Ace, but I damn sure will set aside time to do so now!!

I encourage other affiliates to also add Ace Revenue to their list of possible groups to work with, based upon the above. (at least take a look to see if they are a fit on your sites)

Rick
Universal4

[AE-Martyn]

I would like to thank Martyn, for not only being extremely good looking..

LOL, you sir are a scream!

[GCG]

Hey Mr Pogg,

Dan here from AceRevenue.com. I was JUST told about this 10 minutes ago, and following what I read on this forum, I'm also doing the following:

"At that point AffiliateEdge did 3 things;

1) Suspend the affiliates account - Done
2) Contact the affiliate to offer the opportunity to explain what we'd seen - Sent Email, awaiting response.
3) Waited a little more than 24h and when no response was forthcoming redirect this affiliates links to dead space." - Will follow up to make sure this is done as well.

I would like to thank Martyn, for not only being extremely good looking, but also ensuring a high level of integrity in a matter such as this. Its important that this industry continues to instill fair-play policies when marketing their brands.

We also do not participate in accepting any stolen traffic, and if this ever comes up again, do not hesitate to call/email/skype/ me about it.


Sincerely,

Dan

account silveroakcasino.eu/click/1/164/5104/1/landing

allcasinos.name/?template=lp3&lang=us

is still active