GoFuckYourself.com - Adult Webmaster Forum - View Single Post

dcortez · 05-17-2006, 09:25 AM

RE: Trojan-laced sites -- I have noticed that it does not require too many clicks from top SE results to land on pages which drop a Trojan on the surfer (even the SE cached pages are not safe as they redirect).

So, the opportunity to infect large volumes of surfers with 'unfriendlyware' is significant.

But, let's not blame SEO on this - there seems to be a growing binding between 'SE guys' and affiliate traffic jacking. That's an unfair generalization.

RE: Technical remedies for 'unfriendlyware' which redirects affiliate traffic -- Do we know if these Trojans are able to actively update their sponsor link db? If they do not, then maybe sponsors could use EXPIRING affiliate codes which are generated by the afiliate in the sponsor admin area (like 'pin codes' of the old (honest) iBill days) and are passed up to the sponsor from the affiliate's website using a script which knows the correct affiliate code to be sending.

The idea is to EXPIRE the validity of the Trojans by making the codes they send invalid (ie. the infection goes stale).

If the Trojans do actively update their db on the infected computer, then firewalls should be picking up these attempts.

Of course if the Trojan simply redirects to a jacker site which bounces again to the sponsor or substitute sponsor (with the new improved expiring affiliate code) this won't work .

The other angle of expiring the Trojans is to make it more difficult for the trojans to recognize a sponsor. Similar to changing the affiliate codes, it may be cost justified for sponsors to use rotating/expiring domains to receive affiliate traffic - changing frequently enough that Trojans can't recognize sponsor hits.

RE: Affiliates reverting to paysite owners -- After further reflection, affiliates who decide to run their own paysites to recoup more of the conversions for their traffic would still be vulnerable to Page jacking.

As someone indicated earlier in this thread, a jacker can send any traffic to anywhere. So there would be nothing to prevent a surfer from being sent to a Jacker's own family of niche sites from any outbound link (sponsor program or indy paysite owner).

RE: Legal avenues -- It really is unfortunate that this 'industry' is unwilling to commit to galvanizing its constituents and establishing its legitimate place in world economy - instead it's always running from issues shooting backwards (like 2257).

Most industries can engage considerable market/trade/legal resources for problems like this one. If someone tried the equivalent of jacking Hollywood properties, you can be assured that the FBI would be on the case.

This (jacking) is commercial fraud, but because the DOJ assumes that the 'Porn' industry is always 1/2 step from illegal by (their) definitions, we don't stand a chance of garnering the kind of defence that other industries enjoy by default.

So, here is a great reminder for all of us that we really should consider working our way up a notch or two. Rather than running like lemmings to FSC whenever there is a scary peep from DOJ, we should be sorting this biz out (including serious critical peer revue) and demonstrate to those who malign or act aggregiously towards us they are subject to the same legal wrath anyone else messing with an established trade is.

05-17-2006, 09:25 AM
dcortez DINO CORTEZ™ Industry Role: Join Date: Jun 2003 Location: Vancouver Island Posts: 2,145	RE: Trojan-laced sites -- I have noticed that it does not require too many clicks from top SE results to land on pages which drop a Trojan on the surfer (even the SE cached pages are not safe as they redirect). So, the opportunity to infect large volumes of surfers with 'unfriendlyware' is significant. But, let's not blame SEO on this - there seems to be a growing binding between 'SE guys' and affiliate traffic jacking. That's an unfair generalization. RE: Technical remedies for 'unfriendlyware' which redirects affiliate traffic -- Do we know if these Trojans are able to actively update their sponsor link db? If they do not, then maybe sponsors could use EXPIRING affiliate codes which are generated by the afiliate in the sponsor admin area (like 'pin codes' of the old (honest) iBill days) and are passed up to the sponsor from the affiliate's website using a script which knows the correct affiliate code to be sending. The idea is to EXPIRE the validity of the Trojans by making the codes they send invalid (ie. the infection goes stale). If the Trojans do actively update their db on the infected computer, then firewalls should be picking up these attempts. Of course if the Trojan simply redirects to a jacker site which bounces again to the sponsor or substitute sponsor (with the new improved expiring affiliate code) this won't work . The other angle of expiring the Trojans is to make it more difficult for the trojans to recognize a sponsor. Similar to changing the affiliate codes, it may be cost justified for sponsors to use rotating/expiring domains to receive affiliate traffic - changing frequently enough that Trojans can't recognize sponsor hits. RE: Affiliates reverting to paysite owners -- After further reflection, affiliates who decide to run their own paysites to recoup more of the conversions for their traffic would still be vulnerable to Page jacking. As someone indicated earlier in this thread, a jacker can send any traffic to anywhere. So there would be nothing to prevent a surfer from being sent to a Jacker's own family of niche sites from any outbound link (sponsor program or indy paysite owner). RE: Legal avenues -- It really is unfortunate that this 'industry' is unwilling to commit to galvanizing its constituents and establishing its legitimate place in world economy - instead it's always running from issues shooting backwards (like 2257). Most industries can engage considerable market/trade/legal resources for problems like this one. If someone tried the equivalent of jacking Hollywood properties, you can be assured that the FBI would be on the case. This (jacking) is commercial fraud, but because the DOJ assumes that the 'Porn' industry is always 1/2 step from illegal by (their) definitions, we don't stand a chance of garnering the kind of defence that other industries enjoy by default. So, here is a great reminder for all of us that we really should consider working our way up a notch or two. Rather than running like lemmings to FSC whenever there is a scary peep from DOJ, we should be sorting this biz out (including serious critical peer revue) and demonstrate to those who malign or act aggregiously towards us they are subject to the same legal wrath anyone else messing with an established trade is.