Home > General > Affiliate Marketing Forum

Guide: How to Safeguard LPs from Chrome Flagging (6)

06-09-2018 10:22 PM #1 thedudeabides (Moderator)
Guide: How to Safeguard LPs from Chrome Flagging


A few years ago I was running desktop toolbar installs on pop traffic, the usual media player/software update type pages. Chrome’s domain flagging .and exe flagging was quite an issue. I came up with a low-tech domain flagging solution that worked for me, so well I think kept running on the same domain for probably a good year, and stopped due to other reasons.

I’ve debated a lot about releasing this script because I don’t like the idea of making it easier to promote malware, aggressive tech support offers, etc. On the other hand, those running very aggressive offers are almost certainly cloaking anyway, which also accomplishes the same thing to a greater degree.

The “trick” is really pretty simple. The main cause of domain flags is just people reporting urls. The more traffic you drive, the greater the chance someone reports your url. This is why flagging is especially common on pops.





The solution is to make it so whatever url a visitor reports doesn’t actually work, or alternatively shows a different ‘safe’ page. This could be accomplished via a cloaker, but there’s also simple script solution : using HTML5’s browser history API to rewrite your urls.

Here’s the script:

HTML Code:
 <script>
    (function(){
      var url = window.location.href;
      var newFile = (Math.random() + 1).toString(36).substr(2, 4);
    //   var newFile = 'hardcoded_name';
  
      var split = url.split("/");
  
    //   console.log(window.location.pathname)
    //   console.log(split[split.length - 1]); // ouput 
  
      // check if url path ends in trailing slash
      if (window.location.pathname.slice(-1) === "/") {
        split[split.length - 2] = "" + newFile;
      // otherwise assume it's a index file
      } else {
        index = split[split.length - 1];
        indexPrefix = index.substr(0, index.indexOf('.')); // get index prefix name
        indexSuffix = index.substr(index.indexOf('.')); // get everything starting from period
        split[split.length - 1] = newFile + indexSuffix; // rewrite prefix name + re-concatenate everything else
  
      }
  
      var newUrl = split.join("/");
  
      if (typeof window.history.replaceState === 'function') {
          history.replaceState({}, '', newUrl);
      }
    })();
  </script>
It works for non-root domain pages, eg

examle.com/lp1/
example.com/lp1.html

And rewrites the urls to random url like:
example.com/a912/
example.com/a912.html

Or you can swap out the ‘newFile’ lines and define a hardcoded filename.

Additional Notes:

It also rewrites your referrer url without any added redirect latency like a double meta-refresh adds. However it’s by no means bulletproof, and bots with javascript disabled for example could still pass on your LP referrer if they click your links. I haven't tested this thoroughly in a long time though.

It breaks view-source as well, but ‘save page as...’ and chrome inspect tools still work.

Be mindful of using relative paths for your assets (eg css, js, img) like “css/style.css” as many will break. You’ll either need to set absolute urls “/css/style.css” or place them up one directory like “../css/style.css”

Also this script makes it super annoying to edit and refresh pages locally, so I’d recommend disabling it until you’re finished editing.

06-09-2018 10:25 PM #2 vortex (Senior Moderator)

Into the newsletter this goes!! Mark my words - this will become one of the most popular posts this year!

Many thanks Kelly!



Amy

06-09-2018 11:46 PM #3 baaron (Member)

Awesome script! Thanks for sharing.


Sent from my iPhone using Tapatalk

06-10-2018 06:55 AM #4 manu_adefy (Veteran Member)

You can just have a <noscript> tag in case JS is disabled and then say to redirect to whatever other page or campaign. Doesn't happen often to get browsers with JS disabled from my experience.

I'm not sure it helps for flagging though. From my experience, Google started flagging the whole domain rather quickly if you had a page submitted.

One way to have fewer issues is to use many domains for your landers and split them based on something so not all get flagged at the same time.

Anyway, another thing that could help is to block some ISPs that are not users but are crawlers, including some anti-virus companies. I have an older list that I shared but seems a fitting place to share it again.

06-10-2018 07:45 AM #5 thedudeabides (Moderator)

Quote Originally Posted by manu_adefy View Post
You can just have a <noscript> tag in case JS is enabled and then say to redirect to whatever other page or campaign. Doesn't happen often to get browsers with JS disabled from my experience.
You mean in the case of the referrer still passing? That part was just a side effect, I'm sure there are better ways to mask referrers if that's a critical need.

I definitely don't think this script is going to let everyone off the hook - far from it, but it should at least help in making last domains longer and costs nothing to implement.

Nowadays I'm guessing the human element of reporting malicious urls in being superseded by software scanners like: https://www.virustotal.com

Quote Originally Posted by manu_adefy View Post

I'm not sure it helps for flagging though. From my experience, Google started flagging the whole domain rather quickly if you had a page submitted.
I believe google webmaster tools lets you know if your site has received a report or maybe it was only after the flag had been given - is that what you're referring to by having a page submitted?

06-10-2018 07:56 AM #6 manu_adefy (Veteran Member)

Quote Originally Posted by thedudeabides View Post
You mean in the case of the referrer still passing? That part was just a side effect, I'm sure there are better ways to mask referrers if that's a critical need.

I definitely don't think this script is going to let everyone off the hook - far from it, but it should at least help in making last domains longer and costs nothing to implement.

Nowadays I'm guessing the human element of reporting malicious urls in being superseded by software scanners like: https://www.virustotal.com



I believe google webmaster tools lets you know if your site has received a report - is that what you're referring to?
No, so what I mean is that with that script you keep the same domain, you can only spoof the portion after it.

So if Google gets enough complaints, it will just flag the whole domain., with everything in its subdirectories.

In my experience, what helped more was just having a bunch of domains, and splitting traffic between them. That way, the number of complaints per domain got much much lower so each domain lasted longer as a consequence.

Longer is relative though, it's usually based on visits, not on days so if you run high volume with non-compliant pages, no way around the churn and burn of domains

Home > General > Affiliate Marketing Forum