Major Online Forums Hacked by Affiliate Cookie-Stuffers
Here at ReveNews we strive to provide content not previously published elsewhere. The following article by affiliate expert Geno Prussakov focuses on the recent news of cookie-stuffing in major forums. It’s a timely and important subject worth revisiting.
Two days ago, a famous affiliate abuse and click fraud detective Ben Edelman (see my recent Econsultancy interview with him here), has revealed some alarming data onÂ â€œhack-based cookie-stuffingâ€ by rogue affiliates via a fairly new Bannertracker-script at online forums based on vBulletin (versions 4.x to 4.1.2).
Hereâ€™s an abstract from his article:
Perpetrators using server bannertracker-script.com have hacked at least 29 different online discussion forums to add invisible code that lets them cookie-stuff forum visitors. â€¦We have found numerous affected sites, including sites as popular as searchenginewatch.com (Alexa traffic rank #2045), webdeveloper.com (#2822) and redflagdeals.com (#3188) along with many more. Selected pages of these sites (typically the forum pages) embed hostile code from Bannertracker-script.
Conservatively, suppose 40% of users are Amazon shoppers and make an average of four purchases from Amazon per year. Then 0.4*4/365=0.44% of users are likely to make purchases from Amazon in any given 24-hour period. If Bannertracker-script can deposit one million Amazon cookies, via hacks of multiple popular sites, it will enjoy commission on 0.44%*1,000,000=4,384 purchases. At an average purchase size of $30 and a 6.5% commission, this would be $8,547 of revenue per million cookie-stuffing incidents â€” substantial revenue, particularly given the prospect of hacking other vulnerable web sites
Iâ€™ve reached out to Ben with 3 follow-up questions â€” to clarify some things â€” and would like to bring you his replies in my todayâ€™s blog post:
1. Ben what other major vBulletin-based forums, apart from the ones mentioned in your article, have you found to be affected?Â Can you give me 4-5 more here?
Edelman: Absolutely.Â Many additional vBulletin sites are affected.Â Some I found in a quick review:
â€¢ Planetsuzy.org (#1839)
â€¢ Harmony-central.com (Alexa #11739)
â€¢ Vwvortex.com (Alexa #13840)
â€¢ Macnn.com (#16844)
2. Youâ€™ve mentioned that you â€œhave primarily seen Bannertracker-script targeting Amazon.â€ Any other merchants?
Edelman: I have seen these perpetrators targeting Amazon as well as various adult web sites.Â I havenâ€™t seen them targeting other mainstream (non-adult) sites.Â Perhaps their focus on Amazon is to be expected: If you needed to guess an affiliate merchant that many users buy from, already and without any further genuine promotional efforts, Amazon would be a great bet.Â Amazon and eBay are the two merchants that come to mind, but eBay is well-known for ongoing civil and criminal litigation against affiliates engaged in cookie-stuffing.Â (Recall the Digital Point and Brian Dunning matters.)Â No other affiliate merchant has a comparable reach.
3. It is obvious what vBulletin forum owners should now do. What about merchants? How can they ensure this isnâ€™t happening in their affiliate programs?
The bigger a merchantâ€™s affiliate program, the more concerned it should be about the risk of cookie-stuffing.Â The webâ€™s very largest affiliate programs risk cookie-stuffing on an entirely random basis â€“ the practice used by this perpetrator.Â Smaller affiliate programs risk cookie-stuffing in more targeted attacks, for example cookie-stuffing using search results (coupon sites and the like), banner ads (that are targeted/retargeted to merchantsâ€™ preexisting customers), and similar.Â Merchants should diligently examine each affiliate they approve, with an eye to all manner of improprieties â€“ anything from an address that doesnâ€™t match the affiliateâ€™s phone number and IP reverse lookup; to inexplicable jumps in impressions, clicks, or sales; to missing or suspicious HTTP Referrer headers.Â Even then, merchants should anticipate their own fallibility.Â Best practice is to seek indemnification from an affiliate network: If a merchant can later prove it had losses to fraud, the affiliate network should certainly return any fees it charged on the fraudulent traffic.Â And a network should be willing to certify that it uses its best efforts to catch and prevent fraud.Â If merchant A tells affiliate network X about fraud by affiliate Y, then X must take action to protect its other merchants B, C, and D â€“ or else X is essentially complicit in the fraud.Â Unfortunately I have seen some very troubling instances of affiliate networks taking action only on a merchant-by-merchant basis, when the fact is that networks have received compelling proof that a given affiliate is rotten through and through.
Ben Edelman will be keynoting Affiliate Management Days West 2012 â€” which is being held in San Francisco on March 8-9, 2012 â€” where he will address specifically the topic of the Newest Adware & Affiliate Marketing Abuses. If you are reading this as a merchant (or an affiliate manager), I hope to see you there.
This article originally appeared at Affiliate Marketing Blog by Geno Prussakov.
About Geno Prussakov
Evgenii Prussakov was voted the “Best Outsourced Program Manager of the Year” for three years in a row (2006, 2007 and 2008) by the largest online affiliate marketing community, ABestWeb.com. He is an undisputed professional in this field and would like to help you sail your ship through the ocean of affiliate marketing by educating you (or your affiliate program manager) on affiliate marketing’s best practices.
Latest posts by Geno Prussakov (see all)
- Major Online Forums Hacked by Affiliate Cookie-Stuffers - March 2, 2012