Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: phranque
The usual method for IP spoofing without control of routers/gateways and possibly DNS, is to use another machine in a network you've cracked, usually, as Brett said, it involves using multiple machines from multiple networks to cover your tracks. Even this can be thought of as spoofing the IP one way, because almost always a different IP is used to retrieve the results.
joined:Nov 20, 2000
How about a script to repeatedly open the top entry on Goto, with a different IP address each time? Blows a bit of a hole in PPC if it works... how do they prove it's a spam, and in particular, which IP address's are spam?
Obviously, as an Emperor, I am not suggesting any such a course of action, but in theory, could it work?
The question that also arises is.. is THIS illegal?
One thing that I could see goto doing to prevent IP spoofing would be to require cookies to charge fore a click. I don't think that is happening now. That would be by a well thought out script that takes advantage of proxies.
Perhaps the thing that has prevented this from happening is an 'uneasy truce' among those who are in this game. Such activity would quickly lead to fortunes being lost.
Very true Littleman..but, how long can this last? I'm young but something I've learned is that people are primarily looking out for their own wellfare...
Let's take John Doe for example...he has many casino sites and that's how he earns a living...Xmas is here and he has 3 young children...he is a great programmer and has mastered perl...John Doe needs a lot of money to buy playstations and scooters for his kids, clothes and gifts for his wife, etc...If John Doe has the ability to write up such a program, personally, I don't think John Doe is going to hesitate that much...what can he do, he needs more money and being #1 on AOL, AV, and Hotbot will do it for him...
Again, I'm being very pessimistic here...but, just like Littleman, I'm just amazed that this issue isn't being properly addressed and GoTo hasn't installed other "security" measures...
I'm hoping either this will happen or that this model will "implode" so that another, more reliable model is established.
joined:Nov 20, 2000
Not being an expert in this area, the next question that comes to mind is why shouldn't the 'clicking program/script' also delete all cookies prior to each change of IP address. This sounds simple... maybe it isn't as straightforward as it appears.
I still don't understand why this scenario has not yet materialised, assuming that it is indeed as achievable as it seems. Maybe it just needs the hacking/etc newsgroups and boards to become aware of the possibility (which they are bound to in time).
In the meantime... a bit of a dilemma... whether to invest in something that may be blown apart at any stage. That is, of course, apart from the dilemma of whether to invest in something that many people think is bad news for the net in general and SEOs in particular.
Why don't the pay per clicks protect against something like this? I don't know that I would have the malice to do something like this, (unless I was absolutely sure I was doing it in direct, verifiable retaliation) (which I don't see happening ;) )but who's to say some other people wouldn't hesitate?
I've heard some clients before say that seo firm such and such bad mouthed another, which to me was kind of sad. Why bother doing that, it only leaves a bad taste in peoples mouthes? Same thing here, if you sink to the next low level, what's to prevent the guy you just hijacked from doing you one worse?
Although, I think the direction that Little started on, if I may presume to be on the right track, is getting the optimized stuff out of somebody's system which does ip verification...is that right? If that is the angle you started this with, bravo...I've been contemplating doing that for months...but I don't have the programming savvy to pull it off...as a matter of routine, I like to learn from my peers, by getting at as much of their code, templates, link strategy, etc. that I can.
And I honestly don't see a problem with that. I mean, we all share here, and if you are listed in the engines, eventually, somebody will get your code. I'm not malicous about it, I don't straight dupe competitor's work...I achieve good results as is. It's just nice sometimes to see other's approach, and that might inspire me to do something new...:)
joined:Nov 20, 2000
I don't see what they could do. A clever script using different IP addresses, bulk attacking several (or more) different sites with different search words and deleting and cookies left around... I don't see how they could differentiate between this and 'legitimate' activity.
I also don't think that the 'malice' you refer to is against other SEOs... surely the target is most likely to be 'big business'... the concept that the deepest pocket will always win (as ultimately it will if PPC dominates!!!).
This is also why I think it is inevitable that the PPCs will be attacked in this way... because many of the guys who hack seem to be driven by this sentiment.
I am not encouraging this of course, but it seems to me to be how it is. Time will tell.
Finally... I've just spotted your surname MR Solo... to clear up doubt, I am Napoleon Bonapart, not Napoleon Solo (from 'Man from Uncle')! If you have no idea what I am talking about, don't worry about it (it just means I am older than you!).
I'm hoping they also already have an answer to this potential problem, and are, very naturally, not showing their hand. Seems to me they could establish a baseline for any keyword and then set some kind of "click frequency" alarm to trigger a human look at what was going on in the click traffic. Am I just being a pollyanna here?
And looking at the logs I've seen about traffic, one day to the next there can be sizeable fluctuation...
I guess they could filter out things we've been discussing, multiple ip's through on one account, or multiple accounts listed for the same keyword, without cookies, and then try tracking the surfer/(s) who were "abusing" the system.
I have to agree with Napoleon, and the bulk of the people here, I think their system could be easily debunked by somebody creative, and malicious. BTW, I have no idea who Napoleon Solo is, I recall a post mentioning it before, but though I'm old enough to have grey hair, I'm not familiar with what you mean...must've been before me.
No, that isn't what had in mind. Not that I wouldn't if it were possible, but one way spoofing could not do that. I actually am interested in this for something completely different - not related to any of the above topics. I do every legal thing I can to crack other people's cloaks, and have cracked quite a few. But, you can't crack a cloak with a one direction spoof.
>Not being an expert in this area, the next question that comes to mind is why shouldn't the 'clicking program/script'
also delete all cookies prior to each change of IP address. This sounds simple... maybe it isn't as straightforward as itappears.
It's a little more complicated. If you are IP spoofing you can't accept and hand off a cookie, because the communication is one way. This isn't the case when you rotate public IPs however. If someone rotated IPs and user agents and flushed cookies on every request it would be nearly impossible to detect. There are several screens that could be done, say like verifying the visitor with an image call - but that can be overcome too. If someone was slick there would be no way of knowing.
Please don't think I am advocating such a thing.