Welcome to WebmasterWorld Guest from 54.226.146.15

Forum Moderators: DixonJones & mademetop

Message Too Old, No Replies

checking the correct Affliate ID is on websites

     

keevill

10:09 am on Apr 10, 2011 (gmt 0)

10+ Year Member



I have a bunch of websites - around 20 - and we are affiliates of a major player in our industry. Traffic is tracked via a ClientID string number and sales made are tracked and paid monthly.
Recently I discovered what I perceived to be a wrong ClientID reference string on one of our websites and to cut a long story short, I went on to discover that the number was the affiliate number of an ex-employee who had set up a number or very similar websites to mine and had registered as an affiliate of the same major player.
Using his ClientID on my websites in order to claim OUR sales commissions as his.
Customers booking on our websites were credited to HIS affiliate ID.
Using the waybackmachine Internet archive, I went on to discover this had been going on for 2 years over most of our websites.
My question is , what is a clever way to detect/police this activity for the future ?
ClientID's are sprinkled throughout the websites and it would take a huge amount of time to check each website daily.
Of course, doing all the coding myself and not relying on staff would do the job, but it's not practical because of the size of the websites. I need to use labour.
Trust and verify but how to verify in the most effective manner.
Any ideas please how to lock the door after the horse ... etc...?
-keevill-

creeking

11:02 am on Apr 10, 2011 (gmt 0)

5+ Year Member



daily checks sound like work.


if there is a consistent term to search for, you could write a little program to search daily backups for that term, like "affid=number" .

look for any number that is not yours.

keevill

11:29 am on Apr 10, 2011 (gmt 0)

10+ Year Member



Search using what ? At the moment,the only way I can do it is to "view source" and then search for ClientID but thats on hundreds of pages ! Not really practical.
Obviously, Google doesn't index source code.
The devilment isn't done on my local network and then sent up via FTP - it's done on the hosting server so the search has to be done online somehow.
Not easy! If indeed it can be done !
-keevill-

creeking

12:15 pm on Apr 10, 2011 (gmt 0)

5+ Year Member



are you saying the files are messed with on the webhosting server?

change webhosts.


I use a small program called editpadlite to search many html pages at once (files on my hard drive). very handy.

but there is -bound- to be a program to search a directory of html files.

after you download a regular backup of your files, you can search them on your hard drive.

topr8

8:34 pm on Apr 10, 2011 (gmt 0)

WebmasterWorld Senior Member topr8 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



am i missing the point? why haven't you just informed the police - i should think this is a serious criminal offense in any country.

... then inform the company you are an affiliate of and tell them what has happened and include the crime report reference.

>>it's done on the hosting server so the search has to be done online somehow.

first you must at the very least change all passwords and also inform your host of what has happened, if they have any security questions that they ask to retrieve 'forgotten' passwords, then change them.

if your site is database driven, just write a query to search for the wrong id's in the database.

if it is hard coded the easiest way would be to download the entire site and then one of the many available programs that can search through text files en masse - your current text editor may be able to.

if the server is a linux server and you can run commands, then using grep will enable you to search for the unwanted id's without downloading any files at all.

keevill

1:21 am on Apr 11, 2011 (gmt 0)

10+ Year Member



the punishment ( police ) is another matter. I am trying to avoid any repeat - not from the same person but from future employees who see a very easy way to make money dishonestly.
The websites are all database driven and it's easy to check on the local server but someone with FTP access could easily change the affiliate ID on one or more of the high traffic sites to an affiliate ID of their own. Even temporarily would hurt. I am beginning to think that this is the responsibility of the Affiliate Host. They should be able to marry the affiliate ID to the website and track if another affiliate ID is offered from one of my websites.
And yes ! I have changed all passwords and even the host.
-keevill-

topr8

12:38 pm on Apr 11, 2011 (gmt 0)

WebmasterWorld Senior Member topr8 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



>>but from future employees who see a very easy way to make money dishonestly.

in which case why have employees got ftp access? this is a MAJOR hole in your security. only appropriate employees should have that kind of access not all of them, you should also set appropriate permissions on the server to prevent changing files.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month