Why Clickbank "hacking" is embarrassing you

34 replies
A small number of people in the IM community product ebooks (or reports) on how to scam vendors.

A common one is modifying Clickbank sales data to try and get the best deal possible.

Yes, people actually teach this method in the hope that you can take advantage of a vendor's oversight.

Basically it's akin to walking into a shop and swapping a price tag from the box of tissues onto a Rolex, and trying to buy the Rolex for $2.99

I'm not going to go into details about it, because those that use it already know what it is, and there's no point in spreading more propaganda to those that don't know about it.


But here's the thing - Most serious Clickbank vendors now use protection against this kind of "hack".

So even if you swap the price tags, when you take it to the counter the download security system says "Hey, this isn't a box of tissues. It's a Rolex."

And then you just end up embarrassed for being caught, and have to make up some kind of on-the-spot excuse.

"Errr, there must be something wrong with your cash register. I want a refund!"


It doesn't happen terribly often for me anymore, but from time to time I get a little chuckle as someone tries to use this old theft technique, thinking they're getting a bargain, but then end up with an error message and have to make up some excuse to Clickbank why they need a refund.

So here's my community service announcement for the day: Don't try and scam vendors, as most serious ones will have implemented some download protection, and then you'll just have to ask for a refund and will probably be too embarrassed to buy the product correctly after the whole mess dies down.



I think someone may have spiked my coffee...I'm feeling awfully mellow...

cheers
Sam


PS. NO, this isn't about affiliate link swapping, or using your own links, it's about modifing actual sales data.
#clickbank #embarrassing #hacking
  • Profile picture of the author TimAtkinson
    If your not true to your success, how can you grow? People that modify actual sales will never be anyone in IM. They will always be a wannabe- Some might make the argument -Act as if- fine line and modifying actual sales is crossing the line
    {{ DiscussionBoard.errors[1575103].message }}
  • Profile picture of the author Nickolie0990
    This is so true, I have personally seen some people call there download page something like: download.html or thank-you.html or anything that is so brain dead simple to figure out.
    {{ DiscussionBoard.errors[1575111].message }}
    • Profile picture of the author CDarklock
      Originally Posted by Nickolie0990 View Post

      so brain dead simple to figure out.
      If it's appropriately secured, it doesn't matter if you figure it out.
      Signature
      "The Golden Town is the Golden Town no longer. They have sold their pillars for brass and their temples for money, they have made coins out of their golden doors. It is become a dark town full of trouble, there is no ease in its streets, beauty has left it and the old songs are gone." - Lord Dunsany, The Messengers
      {{ DiscussionBoard.errors[1575313].message }}
      • Profile picture of the author samstephens
        Originally Posted by CDarklock View Post

        If it's appropriately secured, it doesn't matter if you figure it out.
        That's true.

        My download page is called "download.php"

        The only time you need to worry about what your download page is named is when you're not using security for your page or links.

        cheers
        Sam
        Signature
        DLGuard v5 - The Warrior Edition
        Full integration with JVZoo, DigiResults, and WSO Pro for secure WSO's and WSO memberships.

        www.dlguard.com
        Serving the Warrior Forum since 2004
        {{ DiscussionBoard.errors[1575512].message }}
        • Profile picture of the author Ken Strong
          Originally Posted by samstephens View Post

          My download page is called "download.php"
          Thanks -- MWA HA HA ha ha ha! *rubbing hands together in evil fashion*
          {{ DiscussionBoard.errors[1575544].message }}
          • Profile picture of the author Steven Wagenheim
            Sam, DLGuard prevents against this, right?
            {{ DiscussionBoard.errors[1575568].message }}
            • Profile picture of the author samstephens
              Originally Posted by Steven Wagenheim View Post

              Sam, DLGuard prevents against this, right?
              Hi Steve,

              Yes, it certainly does!

              If you try this with DLGuard, you end up with an error message at the other end.

              cheers
              Sam
              Signature
              DLGuard v5 - The Warrior Edition
              Full integration with JVZoo, DigiResults, and WSO Pro for secure WSO's and WSO memberships.

              www.dlguard.com
              Serving the Warrior Forum since 2004
              {{ DiscussionBoard.errors[1575881].message }}
              • Profile picture of the author thegabrieljibril
                Banned
                [DELETED]
                {{ DiscussionBoard.errors[1575903].message }}
                • Profile picture of the author samstephens
                  Originally Posted by thegabrieljibril View Post

                  but why will people teach this kind of stuff, it is terrifying to realise the extent to which one can harm others to gain a minuscule cash
                  Usually it's spending money - they want to buy a sausage roll and a can of drink from the school canteen.

                  Okay, that's a little tounge in cheek, but still pretty close to the mark. They're hoping to make a bit of money, and they don't care who they hurt to get there.

                  It's greed mixed with a complete lack of respect or decency towards other online vendors. It's what happens when you put your own desires first without considering other people.

                  Don't make the mistake of fearing them, though. They're not to be feared. They're to be pitied as you go about your own business, making real income from selling real products.

                  cheers
                  Sam
                  Signature
                  DLGuard v5 - The Warrior Edition
                  Full integration with JVZoo, DigiResults, and WSO Pro for secure WSO's and WSO memberships.

                  www.dlguard.com
                  Serving the Warrior Forum since 2004
                  {{ DiscussionBoard.errors[1576558].message }}
          • Profile picture of the author samstephens
            Originally Posted by KenStrong View Post

            Thanks -- MWA HA HA ha ha ha! *rubbing hands together in evil fashion*
            Haha, I don't know if I like the sound of that kind of laugh and evily fashioned hand rubbing from a man with multi-coloured snaked growing out of his head
            Signature
            DLGuard v5 - The Warrior Edition
            Full integration with JVZoo, DigiResults, and WSO Pro for secure WSO's and WSO memberships.

            www.dlguard.com
            Serving the Warrior Forum since 2004
            {{ DiscussionBoard.errors[1575876].message }}
        • Profile picture of the author CDarklock
          Originally Posted by samstephens View Post

          The only time you need to worry about what your download page is named is when you're not using security for your page or links.
          Brain-dead simple example: send a parameter to your download page. Like I send your download link, and it says "please go to download.html?parm=gabbagabbahey to get your product."

          When you go to download.html, I look up your "parm" value in a database, and it tells me who you are and what you're supposed to download. There's a row in a database that says something like this:

          gabbagabbahey - Bob - bob@server.com - "My Really Cool Ebook"

          (Actually, the database on my server is going to be in Boyce-Codd normal form, so this row more likely to say "1532 1217 372 1957" and all the human-readable data is in other tables.)

          So I say "Welcome back, Bob, here's your copy of My Really Cool Ebook."

          And if there's no "parm" at all, I say "hey, check your email for the link to download your product, or just enter your name and email address here and we'll send you a new one."

          So if you're just guessing filenames, you're not downloading squat off that page.

          And of course, if you enter your email address... I look it up. If you're not in our database, I sign you up to my list and send you the confirm email, which in the end sends you to my download page to get your freebie anyway. :p

          But hey, now you can gloat over figuring out how to opt-in to my list through guile and subterfuge, instead of just filling out the form on my main site.
          Signature
          "The Golden Town is the Golden Town no longer. They have sold their pillars for brass and their temples for money, they have made coins out of their golden doors. It is become a dark town full of trouble, there is no ease in its streets, beauty has left it and the old songs are gone." - Lord Dunsany, The Messengers
          {{ DiscussionBoard.errors[1575702].message }}
  • Profile picture of the author Dennis Gaskill
    So you're saying someone can change something on your Clickbank order page and get the product for less? I don't care to know how to do it, but how do you prevent it?
    Signature

    Just when you think you've got it all figured out, someone changes the rules.

    {{ DiscussionBoard.errors[1576667].message }}
    • Profile picture of the author gotdmw
      can u explain how do this? sounds very promising...
      {{ DiscussionBoard.errors[1576741].message }}
      • Profile picture of the author GeorgR.
        Originally Posted by gotdmw View Post

        can u explain how do this? sounds very promising...
        uhm..certainly not

        And know that tampering with such payment data is basically being in jail with one foot...this is taken very serious.
        Signature
        *** Affiliate Site Quick --> The Fastest & Easiest Way to Make Affiliate Sites!<--
        -> VISIT www.1UP-SEO.com *** <- Internet Marketing, SEO Tips, Reviews & More!! ***
        *** HIGH QUALITY CONTENT CREATION +++ Manual Article Spinning (Thread Here) ***
        Content Creation, Blogging, Articles, Converting Sales Copy, Reviews, Ebooks, Rewrites
        {{ DiscussionBoard.errors[1577293].message }}
    • Profile picture of the author samstephens
      Originally Posted by Dennis Gaskill View Post

      So you're saying someone can change something on your Clickbank order page and get the product for less? I don't care to know how to do it, but how do you prevent it?
      Originally Posted by scrofford View Post

      So how do you protect yourself from this unless you use DL Gaurd? If you are using Clickbank, how do you stop it?

      Hi Dennis and scrofford,

      I'll put this into one, because both questions are related.

      How do you protect yourself from this happening to you? You need to implement a download security script. DLGuard is an example of one of these:

      DLGuard - Download page protector, create expiring download links

      And yes, that is my script that I wrote many years ago and have been building upon since.

      Scafford, how do you protect yourself without using DLGuard? You'll need to buy a different script.

      What it comes down to is you need a script that will check to see what has been bought before allowing someone access to the download page.


      There's a lot of misinformation floating around that says that all you need to do to protect your download page is use meta tags to stop search engine listings, use random download page names, or have your download page hosted on a different website.

      These can help stop people from looking up your download page in Google, but it doesn't stop people doing things like sharing download links and download page URL's, and in the case of this thread, modifying Clickbank sales data to grab a quick discount (or worse, get it for free).

      What it comes down to is this: for real sales, download page and link protection, you need a download management script.

      If not DLGuard, then a different one. Check around, and ask people that you respect what they recommend.

      I hope this helps!

      cheers
      Sam
      Signature
      DLGuard v5 - The Warrior Edition
      Full integration with JVZoo, DigiResults, and WSO Pro for secure WSO's and WSO memberships.

      www.dlguard.com
      Serving the Warrior Forum since 2004
      {{ DiscussionBoard.errors[1580507].message }}
      • Profile picture of the author scrofford
        Originally Posted by samstephens View Post

        Hi Dennis and scrofford,

        I'll put this into one, because both questions are related.

        How do you protect yourself from this happening to you? You need to implement a download security script. DLGuard is an example of one of these:

        DLGuard - Download page protector, create expiring download links

        And yes, that is my script that I wrote many years ago and have been building upon since.

        Scafford, how do you protect yourself without using DLGuard? You'll need to buy a different script.

        What it comes down to is you need a script that will check to see what has been bought before allowing someone access to the download page.


        There's a lot of misinformation floating around that says that all you need to do to protect your download page is use meta tags to stop search engine listings, use random download page names, or have your download page hosted on a different website.

        These can help stop people from looking up your download page in Google, but it doesn't stop people doing things like sharing download links and download page URL's, and in the case of this thread, modifying Clickbank sales data to grab a quick discount (or worse, get it for free).

        What it comes down to is this: for real sales, download page and link protection, you need a download management script.

        If not DLGuard, then a different one. Check around, and ask people that you respect what they recommend.

        I hope this helps!

        cheers
        Sam
        Thanks Sam! I guess I will be purchasing DL Guard soon then! I really appreciate your explanation.
        {{ DiscussionBoard.errors[1583194].message }}
  • Profile picture of the author iYingHang
    Like Sam said, it's not difficult at all to modify the data and I admit myself that I know how to do it although I never used it before. As an internet marketer, I wouldn't like people to take advantage of me so I wouldn't do the same to other people.
    {{ DiscussionBoard.errors[1577079].message }}
  • Profile picture of the author scrofford
    So how do you protect yourself from this unless you use DL Gaurd? If you are using Clickbank, how do you stop it?
    {{ DiscussionBoard.errors[1577237].message }}
  • Profile picture of the author GeorgR.
    It happened a few times someone bought one of my products for a penny..i emailed the person back a simple "lol"

    I assume (i dont know tho) that those purchases don't go through...i didnt find an entry in my DLG in regards to those purchases.
    Signature
    *** Affiliate Site Quick --> The Fastest & Easiest Way to Make Affiliate Sites!<--
    -> VISIT www.1UP-SEO.com *** <- Internet Marketing, SEO Tips, Reviews & More!! ***
    *** HIGH QUALITY CONTENT CREATION +++ Manual Article Spinning (Thread Here) ***
    Content Creation, Blogging, Articles, Converting Sales Copy, Reviews, Ebooks, Rewrites
    {{ DiscussionBoard.errors[1577292].message }}
  • Profile picture of the author SageSound
    I have mixed feelings about this. While I fundamentally agree with Sam, I think the problem is with sellers.

    Look at how many ebooks and courses and memberships there are that show how simple it is to set up a site for selling stuff on Clickbank. They almost uniformly all target the "least common denominator", which is somebody who's broke and probably thinks the $49 fee to register with Clickbank is a MAJOR EXPENSE.

    These same people would never even THINK of spending the money needed to buy something like DLGuard, RAP, or any other script that protects their downloads. Why? Well, in part because they really have no clue how much money they're LOSING because they have an unprotected DL link on a page named "download.html" or "thankyou.html" or "ty.html", just like all of those books teach them to do.

    Clickbank surely doesn't care.

    I remember one of the early releases of DLGuard allowed people to hack the price, then Sam fixed it. Same story with RAP. I think DLGuard blocks the transactions, but RAP lets you take the money but doesn't send them to the DL page. They have to contact you. I had some idiot actually hack a payment and change the price from $97 to $10 -- and when he didn't get to the DL page, he filed a dispute with PayPal!

    As long as there are locks, there will be people teaching others how to pick them. Even when most of what's being taught is obsolete. You can question the ethics of the folks teaching how to pick locks that nobody uses any more, but I'm not gonna lose a lot of sleep over people who pay for that info.

    By the same token, if someone isn't even aware they're losing hundreds of dollars worth of products each month to people who buy this info and use it to rip them off, simply because they think scripts like DLGuard or RAP are "too expensive" ... well, what can you say? That's like complaining that deadbolts for your doors are "too expensive", even though you may live in a high-crime area. <shrug>

    Who's the bigger idiot? The criminal who randomly looks for easy access targets, or people who think locks are too expensive, or too much trouble, or just too much?

    -David
    {{ DiscussionBoard.errors[1577317].message }}
    • Profile picture of the author Harvey Segal
      Originally Posted by SageSound View Post

      because they have an unprotected DL link on a page named "download.html" or "thankyou.html" or "ty.html", just like all of those books teach them to do.

      Clickbank surely doesn't care.
      Surely they do ?

      They advise at Protecting Your Product

      "Give your Thank You Page URL an obscure file name (it should not be something like thankyou.htm, which is too easy to guess)"

      Harvey


      .
      {{ DiscussionBoard.errors[1577356].message }}
      • Profile picture of the author gotdmw
        i would still love to know how to do this, can anybody explain... this would be an awesome tool in the toolbox
        {{ DiscussionBoard.errors[1579277].message }}
        • Profile picture of the author Scott Ames
          Originally Posted by gotdmw View Post

          i would still love to know how to do this, can anybody explain... this would be an awesome tool in the toolbox
          It would? Why?
          Signature

          Success consists of going from failure to failure without loss of enthusiasm. -Winston Churchill

          {{ DiscussionBoard.errors[1579301].message }}
          • Profile picture of the author gotdmw
            Originally Posted by Scott Ames View Post

            It would? Why?
            this is a very lucrative practice from what ive heard, i would be interested in testing this idea
            {{ DiscussionBoard.errors[1579913].message }}
            • Profile picture of the author samstephens
              Originally Posted by gotdmw View Post

              this is a very lucrative practice from what ive heard, i would be interested in testing this idea
              Would you want people to use this method to steal from you?
              Signature
              DLGuard v5 - The Warrior Edition
              Full integration with JVZoo, DigiResults, and WSO Pro for secure WSO's and WSO memberships.

              www.dlguard.com
              Serving the Warrior Forum since 2004
              {{ DiscussionBoard.errors[1580510].message }}
        • Profile picture of the author rosetrees
          Originally Posted by gotdmw View Post

          i would still love to know how to do this, can anybody explain... this would be an awesome tool in the toolbox
          I think you're in the wrong forum, mate. This isn't b h world - this is WF
          {{ DiscussionBoard.errors[1583404].message }}
  • Profile picture of the author Gail Sober
    The majority of product theft occurs after the sale in the form of non-legitimate refunds and file sharing. People sitting around trying to guess download pages, changing unencrypted paypal code to a penny or clickbank hacking are far and few inbetween I would imagine.

    Thieves are thieves and you can hardly stop them. All you can do is lock the car doors, you can't stop them from smashing out your windows.

    Use a good file protection, download processing system like DLGuard and spend your time doing something productive. The thieves that are stealing your products are thieves and more than likely would not have purchased your product anyway. Chances are they are so actively into the thieving aspect of the whole thing that they will never even read or benefit from your product.
    {{ DiscussionBoard.errors[1580063].message }}
  • Profile picture of the author Melani
    Being new to the game and trying to make that all important money at the moment, this is a somewhat scary thread for me. I did look into DLGuard and other options, howeve it's one of those "once I make some money, I will purchase it" deals.

    I had to figure out Clickbank on my own, although I did follow the Protecting your Product page and have an obscure DL page name, are making use of the checks the .php script runs after a purchase etc.

    Is that enough? Or do I need to be doing more? How do I stop people from changing the price?
    {{ DiscussionBoard.errors[1580441].message }}
    • Profile picture of the author samstephens
      Originally Posted by Melani View Post

      Being new to the game and trying to make that all important money at the moment, this is a somewhat scary thread for me. I did look into DLGuard and other options, howeve it's one of those "once I make some money, I will purchase it" deals.

      I had to figure out Clickbank on my own, although I did follow the Protecting your Product page and have an obscure DL page name, are making use of the checks the .php script runs after a purchase etc.

      Is that enough? Or do I need to be doing more? How do I stop people from changing the price?
      Hi Melani,

      This thread wasn't meant to scare anymore, more just make people aware of what goes on.

      It's good business practice to invest in systems to help your business run securely and smoothly, however it's also good business practice to not spend money you don't have, so it's fair enough that you're waiting until you make a bit of money before investing further.

      If you're using the Clickbank code to check for real purchases, then you're further ahead than a lot of Clickbank vendors I've seen.

      DLGuard does have some extra protection in place that'll stop the issue mentioned in this thread, and so it's not just the Clickbank code they give you - there are extra's.

      But for now I wouldn't worry too much - just continue building your business, and when you're ready you can invest in something like DLGuard.

      I hope this helps you sleep better

      cheers
      Sam
      Signature
      DLGuard v5 - The Warrior Edition
      Full integration with JVZoo, DigiResults, and WSO Pro for secure WSO's and WSO memberships.

      www.dlguard.com
      Serving the Warrior Forum since 2004
      {{ DiscussionBoard.errors[1580530].message }}
  • Profile picture of the author Melani
    Thanks Sam!
    {{ DiscussionBoard.errors[1580642].message }}
    • Profile picture of the author gotdmw
      well thanks for replies...
      {{ DiscussionBoard.errors[1580758].message }}
  • Profile picture of the author Dennis Gaskill
    Sam, so YOU'RE the one!

    ...behind DLGuard, that is. I've been to your site, heard great things about DLGuard too, and was curious about using it for a membership site. I had some questions about it though. Care to answer them in a PM?
    Signature

    Just when you think you've got it all figured out, someone changes the rules.

    {{ DiscussionBoard.errors[1580759].message }}
    • Profile picture of the author samstephens
      Originally Posted by Dennis Gaskill View Post

      Sam, so YOU'RE the one!

      ...behind DLGuard, that is. I've been to your site, heard great things about DLGuard too, and was curious about using it for a membership site. I had some questions about it though. Care to answer them in a PM?
      Heh, yes thats right - I'm the one

      A lot of warriors have been there are the very start of DLGuard (when it was called CB Download Manager, and was designed to protect Clickbank only), so I owe a lot to this forum!

      Sure thing, feel free to PM them over and I'm happy to help!

      If they're urgent, try a support ticket at DLGuard.com, as I get them quicker than PM's

      cheers
      Sam
      Signature
      DLGuard v5 - The Warrior Edition
      Full integration with JVZoo, DigiResults, and WSO Pro for secure WSO's and WSO memberships.

      www.dlguard.com
      Serving the Warrior Forum since 2004
      {{ DiscussionBoard.errors[1582050].message }}
  • Profile picture of the author Lady
    I had know idea that type of theft was possible. Im still wet behind the ears. Thanks for the towel.
    Signature

    Best Wishes Lee

    {{ DiscussionBoard.errors[1582065].message }}

Trending Topics