Gotcha... caught red handed trying to steal

by KarlWarren 24 replies
I was just browsing through my Statcounter results and noticed someone who had been trying to steal products...

They were using Alexa (as usual) trying search terms to find thank you pages - strangely the search string also included the term "WSO" so I assume this person, at one stage has been part of WF. Incidentally, unless this person was using a proxy, they are also from the US

I have a number of DUMMY thank you pages set up on my server with no product download on them, so on this occasion the fruit was too high to be picked

If you don't use Statcounter, or a tracking program that lets you analyse the search engine terms people use to find your site, I highly recommend you start doing so - it will help you to locate holes in your security.
#main internet marketing discussion forum #caught #gotcha #handed #red #steal
Avatar of Unregistered
  • Profile picture of the author Greg Cooksley
    Hey Karl,

    Thanks for the heads up on this one....

    I must admit that I'm very green when it comes to the subject
    of hacking into sites etc. It's amazes me that so many people
    engage in these activities "just because they can". I love reading
    stories about how these guys get caught.

    Regards

    Greg
    amazing
    how
    these
    guys
    try
    and
    get
    {{ DiscussionBoard.errors[38884].message }}
    • Profile picture of the author Colin Evans
      Hi Karl,

      I also get a number of these attempts each month...

      It's amazing how people can stoop so low as to try and pinch discounted WSO products, I guess they deserve all the failure they attract.
      Signature

      Sig not working today - too hung over...

      {{ DiscussionBoard.errors[38921].message }}
      • Profile picture of the author peteinoz
        Seriously..

        are you telling me your not marketing to these people?

        who said you cannot release software/report virally via this method?

        report with affiliate links in it..

        or strictly for branding purposes?


        These can take off like wild fire..

        think about it.. someone puts a link to something on your server and puts in on a black hat board or similar..... tons of people get it.. because they think they are getting something for free..

        Signature
        HangoutMillionaire.com World Premeire Automated Video Marketing Software, Streams YouTube Live and Google Hangouts. Special Offer Link!
        Follow me on Twitter http://twitter.com/peterdrew
        {{ DiscussionBoard.errors[38969].message }}
        • Profile picture of the author KarlWarren
          Originally Posted by peteinoz View Post

          are you telling me your not marketing to these people?

          No, at the moment, my business model is solely relating to minisite design. I used to release PLR products and reports, it is something I will be doing again in future.
          Signature
          eCoverNinja - Sales Page Graphics & Layout Specialist
          {{ DiscussionBoard.errors[38974].message }}
          • Profile picture of the author braver55b
            Thanks for the tip, I will start putting the code in my download pages, I currently only use it in my sales pages.
            {{ DiscussionBoard.errors[38998].message }}
        • Profile picture of the author Michael Oksa
          Originally Posted by peteinoz View Post

          Seriously..

          are you telling me your not marketing to these people?

          who said you cannot release software/report virally via this method?

          report with affiliate links in it..

          or strictly for branding purposes?


          These can take off like wild fire..

          think about it.. someone puts a link to something on your server and puts in on a black hat board or similar..... tons of people get it.. because they think they are getting something for free..

          The problem is that these are the type of people who are willing to steal. If they see a link in your report, all they will do is try to track down the free version of that too.

          Also, I fear with these people the only 'branding' you're doing is that of, "Hey! This is the guy we steal products from".

          Just because it is going 'viral' on a black hat board or similar doesn't mean you will attract one single new customer.

          That's the way I see it.

          ~Michael

          p.s. Karl, thanks for all the good ideas.
          Signature

          "Ich bin en fuego!"
          {{ DiscussionBoard.errors[39013].message }}
          • Profile picture of the author peteinoz
            Originally Posted by Michael Oksa View Post

            The problem is that these are the type of people who are willing to steal. If they see a link in your report, all they will do is try to track down the free version of that too.

            Also, I fear with these people the only 'branding' you're doing is that of, "Hey! This is the guy we steal products from".

            Just because it is going 'viral' on a black hat board or similar doesn't mean you will attract one single new customer.

            That's the way I see it.

            ~Michael

            p.s. Karl, thanks for all the good ideas.

            Hey Michael..

            I can see, that would be the way youve seen it..

            Unless youve seen it first hand like I have

            Let me put it this way, these are not criminal genius's these are people trying to make a buck online like you or I.

            Do you think they email for support of these products?

            are you ready? LOL

            Of course they do..

            Do all my branded products have the ability to be downloaded for free?

            Absolutely not..

            have people transferred from using hotlinks to my products to customers? Absolutely




            Cheers

            Pete
            Signature
            HangoutMillionaire.com World Premeire Automated Video Marketing Software, Streams YouTube Live and Google Hangouts. Special Offer Link!
            Follow me on Twitter http://twitter.com/peterdrew
            {{ DiscussionBoard.errors[39056].message }}
            • Profile picture of the author Michael Oksa
              Originally Posted by peteinoz View Post

              Hey Michael..

              I can see, that would be the way youve seen it..

              Unless youve seen it first hand like I have

              Let me put it this way, these are not criminal genius's these are people trying to make a buck online like you or I.

              Do you think they email for support of these products?

              are you ready? LOL

              Of course they do..

              Do all my branded products have the ability to be downloaded for free?

              Absolutely not..

              have people transferred from using hotlinks to my products to customers? Absolutely




              Cheers

              Pete
              I certainly won't argue with results.



              ~Michael
              Signature

              "Ich bin en fuego!"
              {{ DiscussionBoard.errors[39088].message }}
              • Profile picture of the author e-mail2u
                Yet again,

                Another reason why you should protect your downloads/thank you pages. A good way to do this is incorporate to them in to a membership site. That way even if they find your thank you page through a search engine, in order to access the page they first have to join your site. This may or may not put off some, but the majority will go else where.

                Especially if the membership requires e-mail verification...
                Signature
                Blackhat surveys | geoffreyfoggon | Free link shortening hide those affiliate links....
                {{ DiscussionBoard.errors[39153].message }}
                • Profile picture of the author Faisal Anwar
                  Yeah, this happens always, thats why i use e-junkie to process my payment and delivery of my product. Haven't had any problem with thank you pages.
                  Signature

                  {{ DiscussionBoard.errors[39160].message }}
                  • Profile picture of the author Scott Burton
                    Originally Posted by Faisal Anwar View Post

                    Yeah, this happens always, thats why i use e-junkie to process my payment and delivery of my product. Haven't had any problem with thank you pages.

                    Just to be clear, the pages that I'm using the code on to be notified about are actually specifically there to notify me of people trying to get free access to my products. My actual delivery pages are not indexed and are behind protection.

                    Scott Burton
                    Signature

                    - = Signature on Vacation = -
                    (We all need a break from what we do for a living. I thought it was time my signature got a break too)

                    {{ DiscussionBoard.errors[39192].message }}
                    • Profile picture of the author Sean Donahoe
                      Here is another "Anti-Thief / Hacker" trick for you to consider. Do not put a "DENY" in yout robots.txt for your downloads, members or thank you page as anyone can easily pull that file up and see which folders are worth getting into and they are usually unprotected.

                      The robots.txt only tells search engines what they should and should not index. These pages should not be indexed at all if you can only get to that page by paying and as such the search engines will not be paying and not be exposed to that page.

                      The best protection is something like DL Guard or equivalent to protect downloads and store the files themselves outside of the webroot. For example if your website was located in this folder:
                      Code:
                      /home/myname/www
                      you should put your download files here:
                      Code:
                      /home/myname/downloads
                      That way you can point your file protector at that folder but it will never be accessible from the web.

                      Hope that helps a few people secure themselves a little better and prevent thieves from stealing your hard work.
                      {{ DiscussionBoard.errors[39230].message }}
                      • Profile picture of the author Chris Monty
                        Good tips. I've busted a few people doing this.
                        {{ DiscussionBoard.errors[39258].message }}
                        • Profile picture of the author JohnMcCabe
                          Of course, there's also the obvious one...

                          Don't name your page files things like "thankyou.html" or "download.php". Or go the other way and name them "jjZD6Hk$6Nj@.htm", either. Those just scream Hey, there's something good here!
                          {{ DiscussionBoard.errors[39271].message }}
                          • Profile picture of the author lynnw196
                            I agree with you Pete.

                            I do know some folks who have gotten a lot of products for free. They said they do it because there is so much re-hashed garbage on the net, they don't want to drop the cash for trash. But, there is almost like a code of honor among them. I was told if it is actually a good product they will use and buy thru the affiliate links as a way of saying thank you for a decent product. Believe it or not, I also know of some who after checking it out went back and actually bought it!

                            Pete is also correct in the viral aspect. Once posted on those forums it spreads like wild fire. You would also be amazed at the amount of subscribers and traffic you can drive to your blog or other sites by "leaking" your product. So, I guess this whole topic comes down to individual percerption and marketing tactics.
                            {{ DiscussionBoard.errors[39333].message }}
                        • Profile picture of the author Tiger
                          Hey Karl,

                          I know it is more work, but if you put a 'dummy download' with
                          just-short-of-bogus information for download, the thief may
                          leave your site with it, and think he "got" something.



                          /Steve
                          Signature
                          We Get What We Settle For
                          {{ DiscussionBoard.errors[39277].message }}
                          • Profile picture of the author Jill Carpenter
                            Originally Posted by Tiger View Post

                            Hey Karl,

                            I know it is more work, but if you put a 'dummy download' with
                            just-short-of-bogus information for download, the thief may
                            leave your site with it, and think he "got" something.



                            /Steve
                            This could actually be hysterical. A dummy download that is an ENORMOUS size file and has nothing on it at all. OR it has something in the beginning so it looks good, but cuts off after the beginning. Someone tries to download and it takes forever - then when they go to look at it it just cuts out at a really good part. Kind of like when your at the movies and the stupid film breaks right in the middle of a serious fight scene (I had that happen to me a couple of times).

                            There could be a market for "fake products,"

                            People will get ticked off when they realize how much time is wasted on the download, not to mention HD space and getting only half the information.
                            Signature

                            "May I have ten thousand marbles, please?"

                            {{ DiscussionBoard.errors[39347].message }}
                            • Profile picture of the author Scott Burton
                              Originally Posted by avenuegirl View Post

                              This could actually be hysterical. A dummy download that is an ENORMOUS size file and has nothing on it at all. OR it has something in the beginning so it looks good, but cuts off after the beginning. Someone tries to download and it takes forever - then when they go to look at it it just cuts out at a really good part. Kind of like when your at the movies and the stupid film breaks right in the middle of a serious fight scene (I had that happen to me a couple of times).

                              There could be a market for "fake products,"

                              People will get ticked off when they realize how much time is wasted on the download, not to mention HD space and getting only half the information.

                              Or it could start out sounding great, then all of a sudden every other line could read, "If you really want the complete product, please return to <web address> and purchase a legitimate and licensed copy." and other statements to that effect.

                              Of course one drawback to the large download bogus product is, if several people hit it, it will accumulate a chunk of bandwidth. A lot of these thieves are running on broadband and can pull a few hundred megabytes in minutes.

                              --Scott Burton
                              Signature

                              - = Signature on Vacation = -
                              (We all need a break from what we do for a living. I thought it was time my signature got a break too)

                              {{ DiscussionBoard.errors[39411].message }}
  • Profile picture of the author Scott Burton
    Originally Posted by KarlWarren View Post

    I was just browsing through my Statcounter results and noticed someone who had been trying to steal products...

    They were using Alexa (as usual) trying search terms to find thank you pages - strangely the search string also included the term "WSO" so I assume this person, at one stage has been part of WF. Incidentally, unless this person was using a proxy, they are also from the US

    I have a number of DUMMY thank you pages set up on my server with no product download on them, so on this occasion the fruit was too high to be picked

    If you don't use Statcounter, or a tracking program that lets you analyse the search engine terms people use to find your site, I highly recommend you start doing so - it will help you to locate holes in your security.

    I've started implementing a simple set of PHP code on selected pages that generates an email to me when those pages are accessed, and it includes the referrer, IP Address of the visitor, their browser identifier and what page they reached.

    If done correctly, this can lead you at least to the proxy they were using, and I have an email in about 60 seconds of when it happens.

    I originally used this code on my 404 error page to track when an attempt was made to reach a page that wasn't there. (If a particular page got enough missed traffic, I might throw a related product page in there.)

    --Scott
    Signature

    - = Signature on Vacation = -
    (We all need a break from what we do for a living. I thought it was time my signature got a break too)

    {{ DiscussionBoard.errors[39060].message }}
Avatar of Unregistered

Trending Topics