Home > General > Affiliate Marketing Forum

Protecting Landing Pages From Spying Advertisers (script included) (20)

09-20-2011 10:03 PM #1 constantin (Member)
Protecting Landing Pages From Spying Advertisers (script included)

so on a landing page i ahem...found...it had a very interesting javascript tied into the end. I believe it scrubs referrer info but i was hoping someone else could explain and maybe say if there is a better way to set this up.

On the landing page at the end of body:
<input type=hidden id=hidLocation value="http://yourdomainhere.com"/>
<script type="text/javascript" src="landing.js"></script>

landing.js:

var queryEngSec = getQueryUrl("engsec");
var hidLocation = document.getElementById("hidLocation");
if (queryEngSec!=null && queryEngSec!="0" && !isNaN(queryEngSec) && hidLocation!=null && hidLocation.value!='')
{
setTimeout( "trackEngage()", queryEngSec*1000);
}

function getQueryUrl(ji) {
hu = window.location.search.substring(1);
gy = hu.split("&");
for (i=0;i<gy.length;i++) {
ft = gy[i].split("=");
if (ft[0] == ji)
return unescape(ft[1]);
}
return null;
}

function trackEngage()
{
var pic=document.createElement('img');
pic.setAttribute("src", hidLocation.value + '/adeng.php');
pic.setAttribute("style", "display:none");
hidLocation.parentNode.appendChild(pic);
}

var keyStr = "ABCDEFGHIJKLMNOP" +
"QRSTUVWXYZabcdef" +
"ghijklmnopqrstuv" +
"wxyz0123456789+/" +
"=";

function encode64(input) {
var output = "";
var chr1, chr2, chr3 = "";
var enc1, enc2, enc3, enc4 = "";
var i = 0;

do {
chr1 = input.charCodeAt(i++);
chr2 = input.charCodeAt(i++);
chr3 = input.charCodeAt(i++);

enc1 = chr1 >> 2;
enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
enc4 = chr3 & 63;

if (isNaN(chr2)) {
enc3 = enc4 = 64;
} else if (isNaN(chr3)) {
enc4 = 64;
}

output = output +
keyStr.charAt(enc1) +
keyStr.charAt(enc2) +
keyStr.charAt(enc3) +
keyStr.charAt(enc4);
chr1 = chr2 = chr3 = "";
enc1 = enc2 = enc3 = enc4 = "";
} while (i < input.length);

return output;
}

function checkdirect(c,l,i)
{
if (i===undefined)
i='';
document.write('<img src="' + hidLocation.value + 'adck.php?c=' + c + '&l=' + l + '&id=' + i + '&r=' + encode64(document.referrer) + "&rnd=" + Math.random() + '" />');
}



I'm a bit confused by adeng.php and adck.php. when i went there on the original domain they were pages with single pixels.

09-20-2011 11:25 PM #2 abcd (AMC Alumnus)

That is the javascript included with cpvlab. It's used to track direct visitors to the landing page.

09-20-2011 11:37 PM #3 nusolutionz (Veteran Member)

thanks for the share...lp rips are a common problem you unfortuanly can't fight....there are options like copyrighting/dmca the page but in the end the best weapon is to be the first one that launches

09-21-2011 01:02 AM #4 constantin (Member)

track in what way? just where they come from? it looks like theres definitely a cloaking element involved but my javascript skillz are wack.

09-21-2011 01:44 AM #5 polarbacon (Moderator)

Quote Originally Posted by constantin View Post
track in what way? just where they come from? it looks like theres definitely a cloaking element involved but my javascript skillz are wack.
this is the tracking code for CPVlab.....there really is nothing funky going on here

09-21-2011 12:20 PM #6 constantin (Member)

okay then...to redirect the conversation to the funky. is using the cloaking built into Prosper dependable at all? I want to my pages to be invisible.

09-21-2011 04:32 PM #7 dario (Member)

For what i know cloaking ON in prosper hides the subid to the Aff Networks.
No other features included.

09-21-2011 04:33 PM #8 constantin (Member)

oh really??? I thought it was a double meta refresh. Why would I care if they see my subids? not much they can do with that.

EDIT: after reading up here:

http://prosper.tracking202.com/scrip...king-referers/

it does seem that turning cloaking on will enable a meta refresh to scrub referrers,

09-21-2011 04:40 PM #9 403flux (Member)

The cloaking option in prosper blanks the referrer so the advertisers can't see where your traffic is coming from. Its only about 95% effective since some referrers still get leaked, from my own experience.

A double meta refresh will blank the referrer 100% of the time and its certainly some thing you can use instead of the cloaking in prosper but IMO not entirely necessary unless you're doing something super shady like Craigslist spamming. In which case most networks will catch on to you eventually anyways.

09-21-2011 07:02 PM #10 polarbacon (Moderator)

https>http always blanks it has to......so if you wanted when directlinking send people to your 202 with a https then when it redirects to the offer no referrer will pass

09-22-2011 12:16 AM #11 constantin (Member)

so if i have an ssl installed on my tracking domain and I use https links then i should be fine? will it pop up ssl warnings or anything for the users cause that could KILL conversions?

09-22-2011 02:32 AM #12 polarbacon (Moderator)

Quote Originally Posted by constantin View Post
so if i have an ssl installed on my tracking domain and I use https links then i should be fine? will it pop up ssl warnings or anything for the users cause that could KILL conversions?
if you have a decent ssl you should be fine....

09-23-2011 07:24 AM #13 dario (Member)

Quote Originally Posted by constantin View Post
oh really??? I thought it was a double meta refresh. Why would I care if they see my subids? not much they can do with that.
Don't know you, but i pass info like keywords in the subid.
Isn't there a possibility that the advertiser (and your aff network too maybe?) steals your traffic source and keywords ?

What do you people think about this ?

BTW i use mainly neverblue so this shouldn't be a worry, i suppose

09-23-2011 12:44 PM #14 eliquid (Member)

I dont pass anything to my networks. If they want to come to me asking where I get my traffic, then they can fuck off.

All they should be concerned with is if the traffic backs out or not for the advertiser. I am not doing anything shady, but if my traffic is not working out right then they can just shave/scrub me or ask me to stop the offer. however, asking where I get the traffic and how I promote it is a totally different story where 90% of the time they want to gain more info so the AM or network can run it themselves with the same angle I have.

Been there, done that.

09-23-2011 01:30 PM #15 tijn (Moderator)

the code appended by CPVLab in the above example is used the measure "Engagement Rate" - ie the time the user spends on the page before closing it. Important in PPV so you can see whether they spend time on your popup.

09-23-2011 02:43 PM #16 dario (Member)

Quote Originally Posted by eliquid View Post
I dont pass anything to my networks.
which method do you prefer to hide this info ?



Quote Originally Posted by eliquid View Post
where 90% of the time they want to gain more info so the AM or network can run it themselves with the same angle I have.

Been there, done that.
So are you telling that it's common that AMs in their spare time just copy-paste LP and traffic sources ?

09-23-2011 03:14 PM #17 eliquid (Member)

Quote Originally Posted by dario View Post
which method do you prefer to hide this info ?
I do multiple things. One I use a lot is similar to a double meta refresh, but involves 2 domains instead of the same domain refreshing twice. First thing I do is always have my LPs in a folder on my domain like domain1.com/lps/ and I name the pages lp1 or lp2. This way my index.php in the folder and at the root are blank to stop people from spying with directory listings.

Now when someone lands on my LP at domain1.com/lps/lp1.php and clicks my offer, they get redirected to domain1.com/go/lp1.php where they spend 1 second before another refresh. I generally have something that says 'checking offer status' on that page for the 1-2 seconds they are there.

domain1.com/go/lp1.php refreshes to domain2.com/go/lp1.php now that page says something like 'congrats there are 2 offers left today' and then it refreshes to the actual network link/offer after 1-2 seconds.

I also do some other methods besides this that I can out just yet and many of you will think it is overkill, but there is a lot of stealing from AM's, Networks, and people that work at the networks that dont even know you ( IT guys, biz dev guys, etc ) that have access to info like this as well at a network.

I use to work at a network and I know people that have as well, and its common which is why working with great, trusted networks is a must. Even then, I just like the extra added security with my methods.

In the end, all the network will generally see for 99% of the time is the referrer being:
domain2.com/go/lp1.php - which is just a redirect to their offer and the folder and domain have nothing else in them

*maybe see* domain1.com/go/lp1.php - which is just a redirect and the folder and root domain have nothing in them

Very rarely would they ever be able to see domain1.com/lps/lp1.php, although it could happen in 1% of the cases. They would need to do other things like use compete.com or alexa and hope there is enough data that those services had collected the info. Also, make sure all your pages have "no index, no follow" in the meta tags for search engines or else they can find out if G/Y/M indexed your pages too.

Again, I do other methods as well, but those are more advanced tactics and some of them I cant really out. Lets just say they involve form redirects, JS, and GET URL variables and # symbols.

Quote Originally Posted by dario View Post
So are you telling that it's common that AMs in their spare time just copy-paste LP and traffic sources ?
I've known plenty that have, as well as networks themselves that have. I am not saying all AMs do it, but generally the ones that want to know everything about your campaign, do.

09-23-2011 03:33 PM #18 pancakes (Member)

I understand that protecting a LP is crucial with double meta redirects, but what do you guys do in the instance that you have to show the network your landing page for approval/compliance purposes?

09-23-2011 03:45 PM #19 dario (Member)

Quote Originally Posted by eliquid View Post
I do multiple things. One I use a lot is similar to a double meta refresh, but involves 2 domains instead of the same domain refreshing twice. First thing I do is always have my LPs in a folder on my domain like domain1.com/lps/ and I name the pages lp1 or lp2. This way my index.php in the folder and at the root are blank to stop people from spying with directory listings.

Now when someone lands on my LP at domain1.com/lps/lp1.php and clicks my offer, they get redirected to domain1.com/go/lp1.php where they spend 1 second before another refresh. I generally have something that says 'checking offer status' on that page for the 1-2 seconds they are there.

domain1.com/go/lp1.php refreshes to domain2.com/go/lp1.php now that page says something like 'congrats there are 2 offers left today' and then it refreshes to the actual network link/offer after 1-2 seconds.

I also do some other methods besides this that I can out just yet and many of you will think it is overkill, but there is a lot of stealing from AM's, Networks, and people that work at the networks that dont even know you ( IT guys, biz dev guys, etc ) that have access to info like this as well at a network.

I use to work at a network and I know people that have as well, and its common which is why working with great, trusted networks is a must. Even then, I just like the extra added security with my methods.

In the end, all the network will generally see for 99% of the time is the referrer being:
domain2.com/go/lp1.php - which is just a redirect to their offer and the folder and domain have nothing else in them

*maybe see* domain1.com/go/lp1.php - which is just a redirect and the folder and root domain have nothing in them

Very rarely would they ever be able to see domain1.com/lps/lp1.php, although it could happen in 1% of the cases. They would need to do other things like use compete.com or alexa and hope there is enough data that those services had collected the info. Also, make sure all your pages have "no index, no follow" in the meta tags for search engines or else they can find out if G/Y/M indexed your pages too.

Again, I do other methods as well, but those are more advanced tactics and some of them I cant really out. Lets just say they involve form redirects, JS, and GET URL variables and # symbols.



I've known plenty that have, as well as networks themselves that have. I am not saying all AMs do it, but generally the ones that want to know everything about your campaign, do.
That's a great explanation ! THX

09-23-2011 05:53 PM #20 eliquid (Member)

Quote Originally Posted by pancakes View Post
I understand that protecting a LP is crucial with double meta redirects, but what do you guys do in the instance that you have to show the network your landing page for approval/compliance purposes?
show them one that is acceptable. You only have to show it to them once.

if they want to know why traffic is coming from a diff domain/URL, explain to them thats for your tracking script.

Home > General > Affiliate Marketing Forum