what exactly do you mean by 'commission theft'?

I don't understand how someone could steel your commissions by having your affiliate ID number

From what little I understand in briefly reading about it, the user gets some type of spyware or malicious software on their computer that sniffs websites they visit for affiliate links to affiliates they also have accounts with. Then when your visitor clicks on your affiliate link example.com?affiliate_number=12345 the software replaces your affiliate number with theirs 54321. Now when the user visits your affiliates website it shows it as if it was coming from them.

So far I have read about javascript solutions to hide your affiliate number directly in the scripts but many of these programs look these javascript workarounds, and since it would be easier to hide it in an htaccess file I was wondering if it was possible.

Example, my affiliate number is 12345, so my webpage link looks like this,

ht*p://example.com/affiliate_link

and when they click the link, the Rewriterule changes it to something like this,

ht*p://affiliate_site.com?affiliate_number=12345

I was just curious how to do it and if it will even work, sometype of 302 redirect I think.

By definition, you'd have to do this client-side, which is why you find only JS solutions.

Jim

You could do a 302 redirect, but it would be more work than it is probably worth.

Set up your affiliate link to some dummy page on your site, then use .htaccess to 'redirect 302 dummy_page.htm true_affiliate_link.htm' (not sure of the exact format)

But you would have to do this for each affiliate link separately.

You want to do a 301 redirect, not a 302.

Here are some more resources to read:

[internetbasedmoms.com...]

[affiliatetip.com...]

For more info put ".htaccess" + affiliate in google.

I am trying to figure it out on my own and not having much success finding anything written in plain english.. Perhaps after I figure everything out, I will write an article on it :)

Hope this help!

Kasie Morgan

The solution will have to be done by advertisers who issue those Affiliate links, perhaps by the virtue of forcing affiliates to register sites where they placed their links so that every ID is checked against site from which click came from, perhaps having referers would be sufficient since it is reasonable to expect one affiliate per unique page.

So far here is the best info I have found on using a redirect for affiliate links..

[associateprograms.com...]

Best regards,

Kasie Morgan

I use internal links with a number corresponding to a database entry and a redirect to the corresponding affiliate link. I do this for tracking purposes and, also, to hide my affiliate codes to help (?) prevent affiliate ID hijacking. However, if someone has spyware installed, I'm not sure if this would help protect against hijacking or not (since whatever goes through the browser, including my redirect page, can be affected by the spyware). Anybody know if this is an effective solution or not?

My opinion:

You can use whatever means you want to try to disquise your affiliate id. It wont make a difference if the visitor has a spyware program "hijacking" your code.

Why? Correct me if I am wrong, but your site has to send your actual url (including your code) to the visitors browser. Otherwise, the visitor's browser has no clue where to go. Therefore, the spyware will hijack your code.

Unless (maybe), one could write a script that would load the affiliate site without sending the url at all. But even then, wouldn't the spyware hijack the first link the visitor clicked at the affiliate site?

I could be completely off base on this, so take it for what it is worth. Just my 2 cents.

If you're using *nix and Apache then it's a simple thing to do...

Redirect /afflink1 [exampleafflink.com?afid=12345...]
Redirect /afflink2 [someotherexampleafflink.com?afid=12345...]

Then you would have links to your site:

[examplemysite.com...]

When would redirect to:

[exampleafflink.com?afid=12345...]

Easy 'nuff.

Am I right in saying that this theft occurs on the viewers pc and not server side for all viewers? Is it such a big problem?

Thats what I originally thought incrediBILL. Anyone know why that solution wouldn't work?

Thai,

I think for me the big problem is disguising the link to get the click in the first place. Once you get the click, cookies are stored for a certain amount of time anyhow.

However, the biggest problem I am having is with ClickBank.
(my opinion. Not 100% sure if it is happening all the time)
I send the visitor and they can easily change the affiliate id to whomever and the last affiliate id to send the visitor gets the commission.

Even if I use a 301 redirect.

But, say with #*$!, I don't have to worry. They have lifetime cookies.

I have been looking at some software that encrypts the cookie on the person's system. This way they don't even have to click on my link in order for me to get commission. Pretty cool and great if the person leaves my site and trys to go to the merchant directly!

Best regards,

Kasie Morgan

I send the visitor and they can easily change the affiliate id to whomever and the last affiliate id to send the visitor gets the commission.

Even if I use a 301 redirect.

Would you mind explaining this?

If you use a REDIRECT, there is no affiliate ID data passed except yours.

The affiliate ID is buried on your server side, how in the heck would they replace it unless the machine is infected and all page transitions are trapped and URLS are modified, but not alot you can do to stop an infected computer.

Perhaps I am doing the redirect wrong. Here is how I did it.

redirect 301 /copy-writing [hop.clickbank.net...]

Should I be doing it another way?

Best regards,

Kasie Morgan

The affiliate ID is buried on your server side, how in the heck would they replace it unless the machine is infected and all page transitions are trapped and URLS are modified, but not alot you can do to stop an infected computer.

I'm not sure exactly how these malwares work, but I guess they could check the final destination the surfer arrived at and refresh the browser to the same site, just with a different affiliate id. The last aff id stays in the cookie, so the cheaters win.

I'm not sure exactly how these malwares work, but I guess they could check the final destination the surfer arrived at and refresh the browser to the same site, just with a different affiliate id. The last aff id stays in the cookie, so the cheaters win.

If this is true then there is no way to stop them. If there is no way to stop them then all these companies selling programs to stop the malware don't work and they are no worse than the malware companies by selling useless software.

This brings me back to the 302's. If you could trick the browser into loading the affiliates page while keeping your url in the address bar then the malware wouldn't know that you are actually at the affiliates site possibly.