Theft Via Alexa...

[Allen Graves]

Has anyone figured out a way to get Alexa to stop frickin showing our ClickBank thank you pages in the search results?

I even have a note above the link stating that download without paying would be considered theft...and 4 people have proceeded to do so in the last 24 hours!

I am trying to block via the robots.txt file, but it doesn't seem to work.

Help.

AL

[CSwrite]

Allen,

Not sure if this will help now, have you tried any of the following code in your robots.txt file?

From their site:

To exclude just one directory (and its subdirectories), say, the /images/ directory, the file should look like this:

User-agent: *
Disallow: /images/

Web site administrators can allow or disallow specific robots from visiting part or all of their site. Alexa's crawler identifies itself as ia_archiver, and so to allow ia_archiver to visit (while preventing all others), your robots.txt file should look like this:

User-agent: ia_archiver
Disallow:

To prevent ia_archiver from visiting (while allowing all others), your robots.txt file should look like this:

User-agent: ia_archiver
Disallow: /


Hope this helps!
Cary

[GarrieWilson]

Yeah, block w/ that robots.txt file so I can just type:

domain.com/robots.txt

and see all your good content.

If you want to block the toolbar (where the dat comes from), you will need to block it's users. Try adding the following line to your .htaccess file:

Code:

RewriteCond %{HTTP_USER_AGENT} ^alexa Toolbar [NC,OR]

You could redirect them saying to a page telling them to disable it.

Garrie

[Allen Graves]

Good points from both of you.

I'm sure there are others here who sell on ClickBank...how do you go about blocking Alexa other than a robots file?

I don't mind using a service or software to help.

I'm sure these people wouldn't buy it in the first place, so it may not matter monetarily, but if they are going to use my info to make a profit that others have to purchase...I want to block it.

AL

[Paul Myers]

Quote:

Yeah, block w/ that robots.txt file so I can just type:

domain.com/robots.txt

and see all your good content.

Unless I'm missing something, that would still leave you having to guess the file names.

Using the rewrite engine is a better approach, but robots.txt is fine for blocking everything, as long as the crawler honors it. Some don't.


Paul

[Jesus Perez]

Not sure about PHP. But in Coldfusion, you have the ability to display a page ONLY if the "referer" is from a specific page. If the referer does not match, it automagically redirects to another page.

So, all you would need to do is specify only visits from Clickbank's API are allowed, anything else redirects to the home page.

I know how to do it in Coldfusion...but not PHP.

Here's the code I use in one of my pages at the very top. The page before it specifies an ID in the url. This can easily be changed to simply matching a referring URL. This might get some PHP guys thinking...

Code:

<cfif not isdefined ("url.id")>
<cflocation url="store.cfm">
</cfif>

[clanspring]

Allen,

The .htaccess approach is the most secure, short of a software solution. It is enforced by your server in that case, rather than relying on the robots honoring or not.

One of my next projects is to write a download protection script. Although that probably does not fit your timeframe, if you want me to notify you when it is ready for pre-release, shoot me a PM and I'll put your name on the list.

Quote:

Originally Posted by BlueSquares

Not sure about PHP.

It is easily done with PHP.

[ecoverartist]

Wouldn't DLGuard.com work in a case like that?

[Mark Riddle]

Alexa isn't using the robots text to tell them where people are downloading, As said before its when people are downloading with the alexa tool bar that identifies the download page.

The only effective method is to require the alexa tool bar to be disabled.

It then adds that information to their index.

Requiring the Referral URL will only work for those who are downloading directly from the web, if you also send them a URL in e-mail, the link not work because of improper referrer.

Mark

[GarrieWilson]

Quote:

Originally Posted by Paul Myers

Unless I'm missing something, that would still leave you having to guess the file names.

Using the rewrite engine is a better approach, but robots.txt is fine for blocking everything, as long as the crawler honors it. Some don't.


Paul

If he totally blocks alexa, robots.txt would work. In theory. But I was looking at it from blocking download pages only since thats what he asked about.

Allen,

You could use dlguard for the quickest solution.

Garrie

[clanspring]

Quote:

Originally Posted by BlueSquares

So, all you would need to do is specify only visits from Clickbank's API are allowed, anything else redirects to the home page.

I see a problem with this approach: the problem would show up if for any reason the customer is unable or unwilling to download immediately after their purchase. In that case, they would arrive at your download page without the referrer url coming from Clickbank, and would be unable to download.

One possible way to solve the problem would be to test the referrer url from Clickbank on the user's first visit to your "Thank you/Download" page, and set a cookie. Keep in mind that approach is not 100% secure. Referrer URLs can be spoofed, for one thing. However, you could look at it like locking your car door. If someone really wants in, they'll get in. But it will keep most people out.

[Allen Graves]

For me, the simplest way would be to rename the download page file every week or so, then just change my ClickBank account to go to that new filename, but it would be a hassle.

I'll check out dlguard now.

Thanks everybody!
AL

[Angela V. Edwards]

Good grief. I can't believe what some people will do. Because of a theft of one of my own products, I was alerted by an astute poster to a forum that allows free downloads of products stolen from all over the internet, including here. There's not a chance that I would take a single one of them.

Quote:

Originally Posted by Allen Graves

I even have a note above the link stating that download without paying would be considered theft...and 4 people have proceeded to do so in the last 24 hours!



AL

[Allen Graves]

Quote:

Originally Posted by netmalls

Alexa isn't using the robots text to tell them where people are downloading, As said before its when people are downloading with the alexa tool bar that identifies the download page.

The only effective method is to require the alexa tool bar to be disabled.

It then adds that information to their index.

Requiring the Referral URL will only work for those who are downloading directly from the web, if you also send them a URL in e-mail, the link not work because of improper referrer.

Mark

Actually Mark, it's right there in their main directory. If you do a search for "<product name> download" or any other combination of search terms that ClickBank requires, it'll pop right up in the number one result.

If anyone cares, since I posted this thread, the download page has been hit 3 times from an Alexa search. Fortunatey I changed it to send me an email for the product until I can get this resolved.

AL

[sparrow]

Alexa is famous for letting the world know all about your pages they ignore all the bot program instructions.

There is not much you can do about this I get 20-50 hits everyday from Alexa looking for my thankyou pages

For a while I would only hand deliver my products but I have found a way for the moment has thrown them off the trail

You could password your pages so they don't get crawled and don't show, then change them frequently

I personally would hire a programmer on the cheap to make you a little program or you could DL Guard which works real well

Ed

[Johnny Slater]

Unless you use a software solution there honestly is no way to really secure your download pages. The only secure method would be to have the page behind a secure login so that only members who have the proper username and password can even see the download page.

Even then, you have the situations where people share login information.

Using tricks like htaccess and robots.txt only stop a very small amount. The only way to truely secure your downloads is behind a script that handles security. Anything else and truthfully your just kidding yourself about how secure your downloads are.

[e-mail2u]

Allen,

There are a couple of possibility's, use a program like dl guard, Password protect the directory using your c panel then send them to a different page thanking them for their purchase and to check their inbox.

This way even if they do get the url you need a password to access it. I use possession defender to protect my stuff. Has the same principle as download guard.

[jjpmarketing]

Could you possibly block the alexa.com ip address, within cPanel?

Another option... Have a programmer write a script that might create ghost locations to send the alexa bot to. Maybe even send that alexa bot in circles. When alexa bot comes to your site, have it redirect back to one of their pages.

You might even be able to request that alexa remove your site from their index entirely... or threaten a lawsuit since they are facilitating theft of your products with their software.

[samstephens]

Hi Al,

I'm the owner/developer of DLGuard, so you if you have any questions about it, I'm more than happy to help!

Basically Alexa will list anything it pleases, ignoring robots files and meta tags.

To stop people from stealing stuff through Alexa, you just make the URL that Alexa lists useless.

DLGuard does this by limiting download attempts and expiring download pages automatically.

Your links will be expired a long time before Alexa even lists your download pages to the public.

cheers
Sam

[JonnyAndrews]

2 fast ways to fix that problem:

#1: never put the actual words "thank you" on the download page.

#2: use one of those close-to-free membership site scripts floating around and make buyers optin.

[jjpmarketing]

That was actually what I was trying to think of... some way to create a dynamically changing download link. DLGuard is just awesome!

[Floyd Fisher]

If Alexa doesn't care, maybe we should sue them?

[gareth]

Why not wait till its indexed in alexa and then just scramble your file path so its wrong in alexa.

As far as I know alexa wont update the links too often.

[Ken Leatherman]

Allen,

I'm the most techicie challenged guy in the world, but I can use DLGuard and I do. Sam Stephens is the Cat's Meow when it comes to customer support.

You need to get it. That way not everybody in the world can steal the good stuff I get from you. LOL.

Ken
The Old Geezer

[Mike Montgomery]

Have you tried putting Clickbanks information into an image
and then putting the image on your page?

It works for me perfectly.

[Mark Riddle]

The Real Deal

Alexa Download Secrets
Using Alexa to build more Business

Now there is a fast and easy way to take advantage of all your wanna be hackers that really want your product but are too cheap or too poor to buy it.

Within minutes you can build a successful Alexa search that will EXPLODE YOUR INCOME.

We've all had it happen, you build a site get some traffic and you're really happy and proud that your business is going to go through the roof.

But Then It Happens:
YOUR DOWNLOAD PAGE
IS HACKED BY ALEXA

Don't panic, don't even worry, here is the ultimate solution

The Alexa IMPACT SYSTEM

• First Create a PDF or Video download that Thanks them for their purchase.
• Second in this PDF or Video explain that you are certain they are going to have success using your new method of Whatever.
• Third Talk about the product that they thought they stole and why it is so effective and a must have for any serious marketer, but unfortunately its going to be discontinued VERY SOON, but this is their LAST CHANCE.

That is why you are offering a FREE INSTANT UPGRADE.

Scroll down to the box below and enter your email address to get a THEIR FREE UPGRADE INSTANT DOWNLOAD EVEN IF ITS 2AM

Capture their email address and have them banned for life from Clickbank!

[clanspring]

Netmalls,

I actually like your idea. I'd modify it a little, like so:

1. Put the "real" paid product under lock and key, using a DLGuard or similar solution.

2. For the download page, decide what criteria to use that will alert you to an attempt at getting an unpaid copy of the product.

3. Create a free, or preview version of the product, making sure it contains links and information about the paid version along with promoting other products.

4. When you detect the intruders, give them the authorization code to download the freebie.

[Tristan Bull]

I think DLGuard is the quickest solution and the most effective.

[dmayne]

Quote:

Originally Posted by clanspring

Netmalls,

I actually like your idea. I'd modify it a little, like so:

1. Put the "real" paid product under lock and key, using a DLGuard or similar solution.

2. For the download page, decide what criteria to use that will alert you to an attempt at getting an unpaid copy of the product.

3. Create a free, or preview version of the product, making sure it contains links and information about the paid version along with promoting other products.

4. When you detect the intruders, give them the authorization code to download the freebie.

That is why I love this place. Two very different approaches to the same problem can be seen here in the two posts above. One the hack and slash, the other a little more friendly and it might even increase your income. Very zen. Thanks for the reminder.

[Gail Sober]

You could be taking advantage of that.

Create hundreds of fake "product name" + "download", etc.. pages. (Honey Pots).

They can be downloading sales pages or watered down ebooks full of affiliate links (or you can get a lot more creative) instead of your actual products.

At least it will make it less productive for people to mine for product there.



edit: Didn't see Clansprings post when I posted but that's the general idea!

[Allen Graves]

hmmmm...an ebook full of affiliate links. NICE!

Does DLGuard allow you to redirect like that when they come from a certain domain or show up "out of the blue" without a ClickBank ID or "secret code?"

Also, I run a membership site. How is DLGuard's Membership capab ilities?

Thanks EVERYONE!

AL

[GailTrahd]

Hi Allen -

I don't know about DLGuard's cababilities but I do know about the reputation which is spotless.

I have had the same problem and resorted to having the article packets hand delivered from the SuperStore at PLR-Health-Wizard until I can get another solution in place. I found out from a buyer who emailed me to say that he downloaded the articles first. He wanted to be sure that they would stand up to his quality specifications. When they did he sent me the money and a note telling me how he did it!

One of those inexpensive membership scripts is Instant Membership Site Creator | Membership Ease Software which came recommended by Rachel Rofe and Brian McElroy. I haven't tried out yet -

Hope you find a solution you can live with!

[Eric Lorence]

You can locate your downloads folder above the public "root" directory, above your website files.

This will make it inaccessible from a browser.

However you will also need a script to handle the downloads for your legit buyers.

Here is a good FREE one here: PHP-SCRIPTS - STADTAUS.com

A few other simple things to add security:

Add a index HTML or PHP file to your downloads folder-

Name your download products by number and not the name which can be guessed.

Change the download file name weekly.

Use a name other that "Thank-You" for the download page.

Use a redirect from you download page, instead of a static link.

Use a name other than "Downloads" for your downloads folder.

Never keep your product and download page in the same place/folder.

Just for those newbies that can't afford a professional downloads solution.

Good Luck!

[Angela V. Edwards]

Thank you for the explanation, Sam. I've been wondering how that worked. From everything I've heard, DL Guard is the best thing on the market to protect your download pages.

Quote:

Originally Posted by samstephens

Hi Al,

I'm the owner/developer of DLGuard, so you if you have any questions about it, I'm more than happy to help!

Basically Alexa will list anything it pleases, ignoring robots files and meta tags.

To stop people from stealing stuff through Alexa, you just make the URL that Alexa lists useless.

DLGuard does this by limiting download attempts and expiring download pages automatically.

Your links will be expired a long time before Alexa even lists your download pages to the public.

cheers
Sam

[samstephens]

No worries Angela, I'm glad I could help!

And I'm glad you've heard great things about DLGuard - it means my clients enjoy using it, which means I must be doing something right

Quote:

Also, I run a membership site. How is DLGuard's Membership capab ilities?

Hi Allen,

I see a few people have talked to you about the membership areas in the other DLGuard thread, but I'll add an answer here: DLGuard DOES fully support Clickbank membership areas, including automatic access blocking after the expiry time when a cancellation is made, and instant blocking when a refund or changeback is made.

Let me know if you'd like me to clarify anything!

cheers
Sam

[Eric Lorence]

Another idea is to update and change the name of your product frequently.

Many unscrupulous types like to get a hold of IM products and post them on the P2P network.

Best!

[seasoned]

Quote:

Originally Posted by jjpmarketing

Could you possibly block the alexa.com ip address, within cPanel?

Another option... Have a programmer write a script that might create ghost locations to send the alexa bot to. Maybe even send that alexa bot in circles. When alexa bot comes to your site, have it redirect back to one of their pages.

You might even be able to request that alexa remove your site from their index entirely... or threaten a lawsuit since they are facilitating theft of your products with their software.

the way alexa works is that a user visits a page and the toolbar forwards that url to alexa. The alexa IP address is used ONLY to send the info to alexa and you never see it, etc... You COULD block the alexa IP addresses(I think there are several), but that would ONLY prevent scraping and access DIRECTLY via a link on alexas site. That, of course, will also PREVENT sales from people finding your site on alexa, but most people interested in stealing will simply come back later and get it.

Frankly, alexa doesn't really have to remove the link. You should simply disable it on YOUR end.

Steve

[Allen Graves]

OHHHHH - I get it now.

Thanks, Steve.

Sam, I think I'll be switching!

AL

[Black Hat Cat]

Quote:

Capture their email address and have them banned for life from Clickbank!

That wouldn't be a very long ban. It takes, what, less than a minute to get a new email address? Besides, are people who are looking for free products really worried about losing their ability to buy at CB?

No.

Best solution would be to block Alexa 100% - This is what I had to do with one of my websites. I had to not only blobk their bots but also block their toolbars, alexa has no access to this one site at all..

I built a php script to handle them and have not had one problem from them since. Course they say my traffic is like 20,000,000,000 or something for this one site but I really dont care about Alexa's incorrect traffic ranks to begin with.

James

[Jason Moffatt]

Because of this thread I have a variety of people trying to get my products.

They are coming from Alexa, and then signing up hoping they'll get access. But I use a password protected Joomla system.

They don't get squat.

Anyhow, it's annoying because we have to manually delete them.

This only started once this thread was initiated.

Thanks

[Tiger]

Internet Explorer has had in the past a plugin of
sorts from Alexa that a program called "Ad-Aware" considers spyware.



I assume IE still has this plugin in its browser.
If I am wrong, somebody please correct me.


One way to get Alexa out of the way is to
get the world to use Adaware, which removes
the Alexa plugin from IE.

Ad-Aware ( LINK ) is free.


Or... just say good-bye to Internet Explorer and
start using Firefox

[cowrob]

I use One Shopping Cart and a password protected directory for my download page.

When someone buys:

• They get an email automatically (autoresponder) with the username, password and link to download their product.
• On the thank you page, I give them contact info in case the download email gets blocked.
• I also include a message that says everyone who ever ordered a product from me has always received it, so not to worry if their download email is delayed.
• I change the download link every four days or so (longer if I don't have orders for that product).

Rob

[Angela V. Edwards]

Quote:

Originally Posted by Tiger

Internet Explorer has had in the past a plugin of
sorts from Alexa that a program called "Ad-Aware" considers spyware.



I assume IE still has this plugin in its browser.
If I am wrong, somebody please correct me.


One way to get Alexa out of the way is to
get the world to use Adaware, which removes
the Alexa plugin from IE.

Ad-Aware ( LINK ) is free.


Or... just say good-bye to Internet Explorer and
start using Firefox

Yeah, it does. I had to take Alexa off because of that.

[danhughes]

This is a simple thing I do...

On the site selling the product in question I put a thank you page with pre-sell material on the product.

The actual thank you page is on another random site...... The download link is then emailed to the buyer.

This method doesn't stop Alexa from pubishing your download link, but at least it's on a site that no one is really going to care about or search for.

It also gives you a chance to sell to the person that tried to download your content without paying.