Just found the most evil web application - Ecommerce forum at WebmasterWorld - WebmasterWorld

Forum Moderators: buckworks

Message Too Old, No Replies

Just found the most evil web application

Clicking agent with statistical analysis.

lgn

2:34 am on May 1, 2003 (gmt 0)

Please don't email me for the url, this application is dangerous and I will not be a party to its proliferation.

I found an applications by some guys from russia who has developed an application called a clicking agent. It appeared to be originally design to rip off ad companies by generating artificial revenue. What is unique in this application, is that it has a very sophisicated set of statistical tools to simulate typical web traffic.

The application was also developed to cheat on top 100 ladders, and to perform attacks on the competition on PPC sites such as overture and google adwords.

It uses a huge list of dynamic and anonymous and transparent proxy servers, to generate its IP list.

Looking at the statistical features of this package, I see no defence against this application.

The real annoying thing about this application, is that its has a good help file, lots of examples, and an excelent GUI interface, so even a novice good use it. It can even emulate gateway pages, with single or mulitple clicks.

If this becomes general knowledge, it will make top 100 ladders and PPC SE's common ground for fraudulent activity.

Once again, I have no intention of using this. I am just giving a heads up, that such a monster is out there.

jdMorgan

3:38 am on May 1, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Ign,

How about forwarding the URL and info to our SE friends, like GoogleGuy, OvertureGuy, etc.? Sounds like something they really need to know about - Now!

Thanks for the heads-up.

Jim

lgn

10:52 am on May 1, 2003 (gmt 0)

I will send it to both Google and Overture spam
email address. Hopefully it will not get lost,
in the pile of general spam reports.

trillianjedi

11:09 am on May 1, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Send a copy to googleguy on here also.

Safer.

TJ

Mike12345

11:15 am on May 1, 2003 (gmt 0)

10+ Year Member

Include your WW nick in your spam report to Google and it stands a better chance of not getting lost. :)

Liane

11:16 am on May 1, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Wow! That sounds pretty nasty. Send the URL to Brett. He will make sure that the proper people are informed. Its better than having it get lost in a heap of spam reports.

Very good of you to let everyone know. It could be disastrous for many, many sites out there!

[edited by: Liane at 11:17 am (utc) on May 1, 2003]

Nick_W

11:16 am on May 1, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

hehehe, think I met one of their biggest customers at Pubcon! ;)

K, where are ya?

Sounds nasty!

Nick

Shane

4:06 pm on May 1, 2003 (gmt 0)

10+ Year Member

Found the site. I can not believe those are real people with their pictures saying basically I cheated the advertisers and am proud to have ripped off their money month after month. Arghhhhhh. Do people have absolutely no ethics!?

..... Shane

linkshark

1:23 pm on May 3, 2003 (gmt 0)

10+ Year Member

Yikes, that thing looks dangerous.

I can't believe the pictures of satisfied customers.
LOL

gilmour

9:04 pm on May 5, 2003 (gmt 0)

10+ Year Member

Does the software supply values for '$HTTP_REFERER', '$HTTP_USER_AGENT' or store cookies?

nipear

10:44 pm on May 5, 2003 (gmt 0)

10+ Year Member

I wasn't at pubcon :)

But those pics are too much. I'm sure they are pirated from somewhere else. Looking at their support info, it looks like a lot of affiliate/ad serving companies can pick up on these fraud clicks. They just monitor the IP of each click and if they see some that match a list of open proxies it probably throughs up a flag. Add onto that 0 conversions, and anyone doing much volume will get picked up like they mention CJ.com..

But I don't see OV or adwords picking these clicks up. Maybe they get some, BUT on the other hand they could buy it, and block the list of IP's that the program uses in counting clicks. I don't think many people are using open proxies for surfing, so they are only going to be blocking a small number of valid clicks....

lgn

11:34 pm on May 5, 2003 (gmt 0)

My understanding is that open proxy servers are changing all the time. Since there are programs out there that scan an build a database of open proxies,I can't see how you can counteract this, unless a person is using well known stable open proxies.

Most proxy servers only last for a few hours or days until the system admin figures out, they have a security hole and closes it.

There is a mechanism to detect incoming proxies, if the user has java, activeX, javascript or leave cookies laying around. However if the fraudester follows the proper precautions, there will be no way to detect if they are using an anonymous proxy server.