homepage Welcome to WebmasterWorld Guest from 54.234.2.88
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Affiliate Commission Theft
Using htaccess to stop affiliate commission theft
twist




msg:1502181
 7:13 pm on Mar 10, 2005 (gmt 0)

On another thread someone suggested searching google for the words "Affiliate Commission Theft" but this mostly led to software packeges and no real answers so I did a search on WW and nothing of any use came up. So here it is.

Is there a way to disguise your affiliate link by using .htaccess?

I've heard of using a 302 redirect, is this acceptable, and if so, how?

I wouldn't want to cloak the website just hide my affiliate number, i.e. if affiliate link is example.com?affiliate_number=12345 could I just use a link like example.com and have a RewriteRule add my affiliate number? Would this stop commission theft?

 

too much information




msg:1502182
 7:20 pm on Mar 10, 2005 (gmt 0)

what exactly do you mean by 'commission theft'?

I don't understand how someone could steel your commissions by having your affiliate ID number

twist




msg:1502183
 8:58 pm on Mar 10, 2005 (gmt 0)

From what little I understand in briefly reading about it, the user gets some type of spyware or malicious software on their computer that sniffs websites they visit for affiliate links to affiliates they also have accounts with. Then when your visitor clicks on your affiliate link example.com?affiliate_number=12345 the software replaces your affiliate number with theirs 54321. Now when the user visits your affiliates website it shows it as if it was coming from them.

So far I have read about javascript solutions to hide your affiliate number directly in the scripts but many of these programs look these javascript workarounds, and since it would be easier to hide it in an htaccess file I was wondering if it was possible.

Example, my affiliate number is 12345, so my webpage link looks like this,

ht*p://example.com/affiliate_link

and when they click the link, the Rewriterule changes it to something like this,

ht*p://affiliate_site.com?affiliate_number=12345

I was just curious how to do it and if it will even work, sometype of 302 redirect I think.

jdMorgan




msg:1502184
 10:03 pm on Mar 10, 2005 (gmt 0)

By definition, you'd have to do this client-side, which is why you find only JS solutions.

Jim

too much information




msg:1502185
 2:52 pm on Mar 11, 2005 (gmt 0)

You could do a 302 redirect, but it would be more work than it is probably worth.

Set up your affiliate link to some dummy page on your site, then use .htaccess to 'redirect 302 dummy_page.htm true_affiliate_link.htm' (not sure of the exact format)

But you would have to do this for each affiliate link separately.

kasiem




msg:1502186
 5:17 pm on Mar 13, 2005 (gmt 0)

You want to do a 301 redirect, not a 302.

Here are some more resources to read:

[internetbasedmoms.com...]

[affiliatetip.com...]

For more info put ".htaccess" + affiliate in google.

I am trying to figure it out on my own and not having much success finding anything written in plain english.. Perhaps after I figure everything out, I will write an article on it :)

Hope this help!

Kasie Morgan

Lord Majestic




msg:1502187
 5:21 pm on Mar 13, 2005 (gmt 0)

The solution will have to be done by advertisers who issue those Affiliate links, perhaps by the virtue of forcing affiliates to register sites where they placed their links so that every ID is checked against site from which click came from, perhaps having referers would be sufficient since it is reasonable to expect one affiliate per unique page.

kasiem




msg:1502188
 5:52 pm on Mar 13, 2005 (gmt 0)

So far here is the best info I have found on using a redirect for affiliate links..

[associateprograms.com...]

Best regards,

Kasie Morgan

HughMungus




msg:1502189
 5:56 pm on Mar 13, 2005 (gmt 0)

I use internal links with a number corresponding to a database entry and a redirect to the corresponding affiliate link. I do this for tracking purposes and, also, to hide my affiliate codes to help (?) prevent affiliate ID hijacking. However, if someone has spyware installed, I'm not sure if this would help protect against hijacking or not (since whatever goes through the browser, including my redirect page, can be affected by the spyware). Anybody know if this is an effective solution or not?

IamStang




msg:1502190
 2:12 am on Mar 15, 2005 (gmt 0)

My opinion:

You can use whatever means you want to try to disquise your affiliate id. It wont make a difference if the visitor has a spyware program "hijacking" your code.

Why? Correct me if I am wrong, but your site has to send your actual url (including your code) to the visitors browser. Otherwise, the visitor's browser has no clue where to go. Therefore, the spyware will hijack your code.

Unless (maybe), one could write a script that would load the affiliate site without sending the url at all. But even then, wouldn't the spyware hijack the first link the visitor clicked at the affiliate site?

I could be completely off base on this, so take it for what it is worth. Just my 2 cents.

incrediBILL




msg:1502191
 2:38 am on Mar 15, 2005 (gmt 0)

If you're using *nix and Apache then it's a simple thing to do...

Redirect /afflink1 [exampleafflink.com?afid=12345...]
Redirect /afflink2 [someotherexampleafflink.com?afid=12345...]

Then you would have links to your site:

[examplemysite.com...]

When would redirect to:

[exampleafflink.com?afid=12345...]

Easy 'nuff.

Visit Thailand




msg:1502192
 3:00 am on Mar 15, 2005 (gmt 0)

Am I right in saying that this theft occurs on the viewers pc and not server side for all viewers? Is it such a big problem?

twist




msg:1502193
 7:07 am on Mar 15, 2005 (gmt 0)

Thats what I originally thought incrediBILL. Anyone know why that solution wouldn't work?

kasiem




msg:1502194
 2:39 pm on Mar 15, 2005 (gmt 0)

Thai,

I think for me the big problem is disguising the link to get the click in the first place. Once you get the click, cookies are stored for a certain amount of time anyhow.

However, the biggest problem I am having is with ClickBank.
(my opinion. Not 100% sure if it is happening all the time)
I send the visitor and they can easily change the affiliate id to whomever and the last affiliate id to send the visitor gets the commission.

Even if I use a 301 redirect.

But, say with #*$!, I don't have to worry. They have lifetime cookies.

I have been looking at some software that encrypts the cookie on the person's system. This way they don't even have to click on my link in order for me to get commission. Pretty cool and great if the person leaves my site and trys to go to the merchant directly!

Best regards,

Kasie Morgan

incrediBILL




msg:1502195
 2:55 pm on Mar 15, 2005 (gmt 0)

I send the visitor and they can easily change the affiliate id to whomever and the last affiliate id to send the visitor gets the commission.

Even if I use a 301 redirect.

Would you mind explaining this?

If you use a REDIRECT, there is no affiliate ID data passed except yours.

The affiliate ID is buried on your server side, how in the heck would they replace it unless the machine is infected and all page transitions are trapped and URLS are modified, but not alot you can do to stop an infected computer.

kasiem




msg:1502196
 3:09 pm on Mar 15, 2005 (gmt 0)

Perhaps I am doing the redirect wrong. Here is how I did it.

redirect 301 /copy-writing [hop.clickbank.net...]

Should I be doing it another way?

Best regards,

Kasie Morgan

mykel79




msg:1502197
 4:41 pm on Mar 15, 2005 (gmt 0)

The affiliate ID is buried on your server side, how in the heck would they replace it unless the machine is infected and all page transitions are trapped and URLS are modified, but not alot you can do to stop an infected computer.

I'm not sure exactly how these malwares work, but I guess they could check the final destination the surfer arrived at and refresh the browser to the same site, just with a different affiliate id. The last aff id stays in the cookie, so the cheaters win.

twist




msg:1502198
 7:45 pm on Mar 15, 2005 (gmt 0)

I'm not sure exactly how these malwares work, but I guess they could check the final destination the surfer arrived at and refresh the browser to the same site, just with a different affiliate id. The last aff id stays in the cookie, so the cheaters win.

If this is true then there is no way to stop them. If there is no way to stop them then all these companies selling programs to stop the malware don't work and they are no worse than the malware companies by selling useless software.

This brings me back to the 302's. If you could trick the browser into loading the affiliates page while keeping your url in the address bar then the malware wouldn't know that you are actually at the affiliates site possibly.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved