A buddy of mine who is a big affiliate told me this once when he heard I was using Imobitrax.
I didn't really pay much attention to it, until this thing happened this week:
We use imobitrax to run our own offers in house, so these aren't affiliate campaigns.
We noticed something very strange last friday.
We had a phone number submit on the site, from a number unknown to us, that had as a tracking id ' TEST '.
Now there are 2 ways that tracking id could be there:
- 1. Someone clicked on an ad/link, got to the landing page, and then manually changed the tracking id in the browser bar to TEST.
- 2. Someone was in the imobitrax account, clicked on 'test link', then imobotrax automatically gives the tracking id TEST to this click.
Option 2 here is the most likely scenario. Because why would anyone trying to test out the comnversion funnel go through the hassle of changing the tracking id, and then also change it exactly to the TEST id imobitrax would? That doesn't make sense.
So we are fairly sure someone was in the account.
However, the only 2 people having access is my business partner and myself, and it was neither of us.
So either someone got around the login process, or uncovered the password somehow.
We feel the most likely scenario was that it was an inside job.
Has anyone here had similar issues, or has an opinion about what might saved happened here ?
Firstly did you delete the install.php and db_install.php? If not then you are leaving a backdoor to your tracker. If you are using the latest version of imobitrax lock the login page to your IP only and change the login page to another name.
The thing is the 'test link' does not store any data in tracker. You can test it on a new campaign and you will see the data has no clicks and data stored when you click the 'test link'. It is more likely that somebody has found your campaign by spying and is going through your funnel. I have been running with imobitrax since they came out and have not had any red flags in my data.
I've inadvertently clicked on that test link a few times when I actually wanted to see the stats.
It's an easy mistake to make.
If you're still suspicious check the server logs.
Hi Hangman, thank you for your reply. I've looked in the folder where imobitrx is installed but I cannot find those files. O also know that I havent removed them. So maybe they've been automatically removed, or I'm looking in the wrong place.
What folder should these fils be in?
Also to reply on your second point. I saw thew TEST tracking id show up on our back end, in the system where the transaction takes place. Usually this is where the imobitrax tracking id shows up, in order to track the payments. When clicking on the test link, this is where TEST will show up instead of the tracking link. Someone really has to have clicked the TEST LINK button in my account for that to happen. (Or manually changed the tracking id, burt that doesn't make any sense).
Best,
Did you submit a campaign to your traffic source mate? It could be a reviewer was checking stuff. Trackers nowadays have access to your data even some of the self-hosted ones which is why I hate encoded software. I normally get a tech to audit programming if they are open source or even encoded with stuff like ioncube and also a server guy to make sure nothing funny is happening.
--edit--
When applicable, you should add geoip check to your login or lock to your ip as mentioned above.
Never used imobitrax, but generally speaking if an insider would want to steal something then surely they would know a better way than leaving such a massive footprint.
I've analysed imobitrax and a few other trackers for my product which is integrated with them, but I didn't see any suspicious networking activity. Ioncube can be decoded, so if some self-hosted tracker owners would try something like that, it will be over.
Most probably, it was simply a mistake from your guys, but also might be some vulnerability that some other guys took advantage of, like keeping the CHMOD of config files open for everyone or you haven't deleted some files that were critical to be removed after installation.