| 11:02 am on Apr 10, 2011 (gmt 0)|
daily checks sound like work.
if there is a consistent term to search for, you could write a little program to search daily backups for that term, like "affid=number" .
look for any number that is not yours.
| 11:29 am on Apr 10, 2011 (gmt 0)|
Search using what ? At the moment,the only way I can do it is to "view source" and then search for ClientID but thats on hundreds of pages ! Not really practical.
Obviously, Google doesn't index source code.
The devilment isn't done on my local network and then sent up via FTP - it's done on the hosting server so the search has to be done online somehow.
Not easy! If indeed it can be done !
| 12:15 pm on Apr 10, 2011 (gmt 0)|
are you saying the files are messed with on the webhosting server?
I use a small program called editpadlite to search many html pages at once (files on my hard drive). very handy.
but there is -bound- to be a program to search a directory of html files.
after you download a regular backup of your files, you can search them on your hard drive.
| 8:34 pm on Apr 10, 2011 (gmt 0)|
am i missing the point? why haven't you just informed the police - i should think this is a serious criminal offense in any country.
... then inform the company you are an affiliate of and tell them what has happened and include the crime report reference.
>>it's done on the hosting server so the search has to be done online somehow.
first you must at the very least change all passwords and also inform your host of what has happened, if they have any security questions that they ask to retrieve 'forgotten' passwords, then change them.
if your site is database driven, just write a query to search for the wrong id's in the database.
if it is hard coded the easiest way would be to download the entire site and then one of the many available programs that can search through text files en masse - your current text editor may be able to.
if the server is a linux server and you can run commands, then using grep will enable you to search for the unwanted id's without downloading any files at all.
| 1:21 am on Apr 11, 2011 (gmt 0)|
the punishment ( police ) is another matter. I am trying to avoid any repeat - not from the same person but from future employees who see a very easy way to make money dishonestly.
The websites are all database driven and it's easy to check on the local server but someone with FTP access could easily change the affiliate ID on one or more of the high traffic sites to an affiliate ID of their own. Even temporarily would hurt. I am beginning to think that this is the responsibility of the Affiliate Host. They should be able to marry the affiliate ID to the website and track if another affiliate ID is offered from one of my websites.
And yes ! I have changed all passwords and even the host.
| 12:38 pm on Apr 11, 2011 (gmt 0)|
>>but from future employees who see a very easy way to make money dishonestly.
in which case why have employees got ftp access? this is a MAJOR hole in your security. only appropriate employees should have that kind of access not all of them, you should also set appropriate permissions on the server to prevent changing files.