68 {{ upvoteCount | shortNum }}
68 {{ upvoteCount | shortNum }}

Here's how I realized I was being robbed by a Clickbank affiliate

by Chris Thompson
56 replies
Hi everyone.

I'll make this quick because it's important to know & easy to fix (usually).
I started a thread about an hour ago here. I felt there was an affiliate who had hacked my website and was cookie stuffing. This means that anyone buying my product would create illegal revenue for the fraud affiliate. It robs me and it robs my honest affiliates.

I found the problem in the popular Audio Player plugin. I noticed that Nov 24th someone FTP'd into my hosting account and uploaded a single audio-player.js file to overwrite the original. Obviously a hacked version of the file that cookie stuffs.

I verified that if I deactivate the plugin, the problem goes away. So I have left the plugin deactivated.

HOW TO FIND THESE PROBLEMS YOURSELF:

If you suspect something fishy is going on in your website the best thing to do is narrow down the date to a best guess as to when the problem started. For me it was easy. I looked at the first date when this new affiliate made a sale.

Then either check your web host logs (FTP logs, etc) or simply FTP into your account and look at the "date modified" field so you can see when files were changed in your account. Whatever files were modified around the date of the problem are suspicious files and you should look at them.

If, as happened to me, a plugin was modified and you know you didn't touch it, you can be confident you've found the problem.

In my case, the FTP account used was my MAIN account with a secure password. So I'll be changing that password.

Hope this helps someone ...
#affiliate #clickbank #realized #robbed
  • Profile picture of the author RobHiness
    Thanks for the heads up, this will definitely be useful for the future. Of course if anything unfortunate were to happen.

    Does anyone recommend a blog or an article anywhere to learn more about avoiding issues like these?...
    Signature
    “It’s much easier to double your business by doubling your conversion rate than by doubling your traffic.”
    {{ DiscussionBoard.errors[5144922].message }}
    • Profile picture of the author Looking4Mentor
      Hi Chris,

      Sorry to hear this happened. I appreciate you sharing this with the rest of us. I would have never known to look there in order to see if someone has hacked my website.

      Appreciate it!
      {{ DiscussionBoard.errors[5144964].message }}
  • Profile picture of the author tpw
    Did you report the fraudster to Clickbank?

    I am sure they would be happy to void all of his affiliate commissions.
    Signature
    Bill Platt, Oklahoma USA, PlattPublishing.com
    Publish Coloring Books for Profit (WSOTD 7-30-2015)
    {{ DiscussionBoard.errors[5144993].message }}
  • Profile picture of the author Chris Thompson
    Yeah, I reported it at first when I smelled a rat, and then again when I had the evidence. I am sure they'll reverse the commissions. That seems like a no brainer. I'm not sure if they'll give up the guy's name to me.

    I've also send the audio-player.js file to a friend to see if he can decode it and uncover exactly what was done to the file. Because I'm curious.

    I traced the IP address of the FTP session back to my home city too, which is really weird. It almost makes me think someone who personally knows me did this on purpose. What are the chances of this being a local hack otherwise? Or maybe it was routed through someone else's server just to hide his identity.

    Anyway, I forgot to mention that the plugin was AudioPlayer by 1Pixelout. It's REALLY common and I'm sure someone just hacked the public version of it somehow. So if you use that plugin perhaps double check your sites!
    {{ DiscussionBoard.errors[5145013].message }}
  • Profile picture of the author LMC
    Chris,

    If you want to send me the file I bet I can find it in a jiffy.
    Signature
    {{ DiscussionBoard.errors[5145085].message }}
  • Profile picture of the author tpw
    If you are on a wireless connection at home or in the coffee shop, someone was probably sniffing packets and picked up your FTP login and password.
    Signature
    Bill Platt, Oklahoma USA, PlattPublishing.com
    Publish Coloring Books for Profit (WSOTD 7-30-2015)
    {{ DiscussionBoard.errors[5145201].message }}
  • Profile picture of the author peteisneat09
    I didn't even know that was possible. Thanks for the information. Cookie stuffing is so cheating lol
    {{ DiscussionBoard.errors[5145213].message }}
  • Profile picture of the author celente
    Sucks chris. Sorry to hear.

    Did happen to me a while back where an clickbank affiliate somehow got a malware on my computer that changed the main sales page to his affiliate ID.

    Stole about 1k, and caught on straight away, (when I noticed sales suddenly going to zero) had to change all my passwords and do it from an uninfected machine too. They (clickbank) deleted the affiliates account as soon as I showed them what happend and video proof too. I was not a happy chappy. I guess the affliate could have created another account, but clickbank were very good in dealing with this situation.

    Just hope you have worked out the problem and this theif gets his own coming.
    Signature
    Create a $5000 USD a month Business. 1-on-1 Coaching. By 6 figure marketer! - CLICK HERE
    {{ DiscussionBoard.errors[5145238].message }}
  • Profile picture of the author Chris Thompson
    This guy is so screwed.

    I send the .js file to a friend. It had been compiled down to machine code. My buddy decoded it in a few minutes and emailed it back to me.

    He sends visitors over to his domain into a simple PHP file and then sends back a cookie. Decoding the .JS file unveiled his domain.

    A whois unveiled his REAL name, address, etc.

    The guy actually has his real name attached to this same affiliate ID on Twitter. A real genius. And he's here in Canada. He's literally 20 minutes from my house. He is a kid who graduated high school a few years ago and now works as a software coder locally. He grew up here. He doesn't know me, but I'm curious how he got my FTP info. I don't use any Wi-Fi logins for FTP.

    Anyway, I don't even have to spend a dime to hunt him down. I can send my evidence to the local police and have the kid thrown in jail. He deserves it.
    {{ DiscussionBoard.errors[5145252].message }}
    • Profile picture of the author Barry Unruh
      Originally Posted by Chris Thompson View Post

      This guy is so screwed.

      I send the .js file to a friend. It had been compiled down to machine code. My buddy decoded it in a few minutes and emailed it back to me.

      He sends visitors over to his domain into a simple PHP file and then sends back a cookie. Decoding the .JS file unveiled his domain.

      A whois unveiled his REAL name, address, etc.

      The guy actually has his real name attached to this same affiliate ID on Twitter. A real genius. And he's here in Canada. He's literally 20 minutes from my house. He is a kid who graduated high school a few years ago and now works as a software coder locally. He grew up here. He doesn't know me, but I'm curious how he got my FTP info. I don't use any Wi-Fi logins for FTP.

      Anyway, I don't even have to spend a dime to hunt him down. I can send my evidence to the local police and have the kid thrown in jail. He deserves it.
      Please do report him to the authorities. The odds are very high if he did this to you he is also doing it to all of his clients.

      I'd suggest you do a thorough scan of your PC and verify security of any mobile devices you might use for accessing your internet sites. He captured or sniffed your information somewhere along the way.

      Do you have a laptop you use in public locations for accessing your sites? Like a coffee shop, McDonald's, the Library...
      Signature
      Brain Drained...Signature Coming Soon!
      {{ DiscussionBoard.errors[5145306].message }}
      • Profile picture of the author Daniel Evans
        People make use of the strangest ways to hack into websites.

        I'm quite impressed by your initiative to go and hunt for a modified file!

        A lesson for all I'm sure.
        {{ DiscussionBoard.errors[5145324].message }}
    • Profile picture of the author JollyJack07
      Good job Cris.....Please post (if you can) the answer to the question; "How." (your FTP info).
      {{ DiscussionBoard.errors[5145404].message }}
    • Profile picture of the author celente
      Originally Posted by Chris Thompson View Post

      This guy is so screwed.

      I send the .js file to a friend. It had been compiled down to machine code. My buddy decoded it in a few minutes and emailed it back to me.

      He sends visitors over to his domain into a simple PHP file and then sends back a cookie. Decoding the .JS file unveiled his domain.

      A whois unveiled his REAL name, address, etc.

      The guy actually has his real name attached to this same affiliate ID on Twitter. A real genius. And he's here in Canada. He's literally 20 minutes from my house. He is a kid who graduated high school a few years ago and now works as a software coder locally. He grew up here. He doesn't know me, but I'm curious how he got my FTP info. I don't use any Wi-Fi logins for FTP.

      Anyway, I don't even have to spend a dime to hunt him down. I can send my evidence to the local police and have the kid thrown in jail. He deserves it.
      nice investigation work.

      I hate these sort of people they cost you income, and look at all the time you spent away from your business. They cost you time and money and I know what you are going through.

      I would do the scare tactic, wait until he is riding his bike by himself one day and pay him with a friendly visit. I did this to my newphews bullies one day as I am heavily built and nearly 7ft tall, they got the picture.
      Signature
      Create a $5000 USD a month Business. 1-on-1 Coaching. By 6 figure marketer! - CLICK HERE
      {{ DiscussionBoard.errors[5145410].message }}
    • Profile picture of the author J Bold
      Originally Posted by Chris Thompson View Post

      This guy is so screwed.

      I send the .js file to a friend. It had been compiled down to machine code. My buddy decoded it in a few minutes and emailed it back to me.

      He sends visitors over to his domain into a simple PHP file and then sends back a cookie. Decoding the .JS file unveiled his domain.

      A whois unveiled his REAL name, address, etc.

      The guy actually has his real name attached to this same affiliate ID on Twitter. A real genius. And he's here in Canada. He's literally 20 minutes from my house. He is a kid who graduated high school a few years ago and now works as a software coder locally. He grew up here. He doesn't know me, but I'm curious how he got my FTP info. I don't use any Wi-Fi logins for FTP.

      Anyway, I don't even have to spend a dime to hunt him down. I can send my evidence to the local police and have the kid thrown in jail. He deserves it.

      Wow, that is nuts. I'd let the authorities deal with it if you want to take it that far. No reason to go lone soldier on this one.

      I would guess that him living so close to you is not coincidence, but I could be completely wrong. Perhaps he DOES know who you are. Just seems like too much of a coincidence but stranger things have happened.

      Please be careful!
      Signature
      {{ DiscussionBoard.errors[5146290].message }}
  • Profile picture of the author EricBaglio
    Wow, I had no idea someone could do that. It kind of makes me worried about some of my affiliate sites. Thanks for the great post though.

    Sorry to hear about your loss. Hopefully they not only take the money away from the crook but also pay you back for the money you lost.
    Signature

    "TAKE ACTION" is the first thing everyone tells you and then they leave it at that. I'll add a second part: TRACK EVERYTHING" - It's the only way to ensure your ACTION leads to results.

    {{ DiscussionBoard.errors[5145271].message }}
  • Profile picture of the author Milton
    Thanks for the info Chris
    Can't get enough info on how to beat the deadbeats.
    Milton
    {{ DiscussionBoard.errors[5145350].message }}
  • Profile picture of the author sbucciarel
    Banned
    Glad you caught him. Always worries me that someone could get my ftp info. How do they get that?
    {{ DiscussionBoard.errors[5145405].message }}
    • Profile picture of the author CoMpUtErGoD20XX
      Originally Posted by sbucciarel View Post

      Glad you caught him. Always worries me that someone could get my ftp info. How do they get that?
      If someone really wants access to you it is really just a matter of time. They don't have to sniff your FTP password they can simply brute force a password attack. This is especially true if you use a simple password.

      To be as safe as possible make sure your password contain upper case letter, lower case letters, numbers, and symbols (critical). I would also recommend that your password be at least 16-20 characters long and don't use the same passwords on other sites.
      {{ DiscussionBoard.errors[5145464].message }}
      • Profile picture of the author Chris Thompson
        A few people have asked how this guy managed to get my FTP password. Keep in mind the password was very VERY unusual. Just a random combination of numbers and letters using both upper case and lower case.

        I did some digging on the guy. I found his Google+ profile, multiple websites he owns, where he lives, his parents' phone number, etc.

        Part of the fun was finding how many forums he participates in. He seems like a highly social geek. He admitted to using a packet sniffing tool on one forum, so I suspect it may have been WiFi after all.

        There is a possibility that I used FTP while on an open network at some point in my city where he happened to be sniffing that day. Must have been a while ago because I have not been out of my house with my computer lately and the hack only happened this week.

        This guy is not your typical criminal. He's a hobby criminal and a bad one at that. Clever, technically, but stupid enough to get caught.

        I mean I even have the IP address he used from his DSL provider to do the FTP job. Everything points right back to him.

        The question now is what to do that maximizes the impact while reducing my time investment.

        I'll think of something.

        (Oh, and I did send all of the evidence including decoded file to ClickBank)
        {{ DiscussionBoard.errors[5145514].message }}
    • Profile picture of the author Tim3
      Originally Posted by sbucciarel View Post

      Glad you caught him. Always worries me that someone could get my ftp info. How do they get that?

      It is not something I thought either Suzanne until I had an email from Hostgator server security, who told me my ftp had been hacked and a program had been installed that sent out 10,368 spam emails from my server.

      24 hours later they emailed again saying they had found two more malicious files of the same type

      Looks like it may be time to use some impossible to remember passwords with £)*&^$%")~}{ in them.
      Signature

      {{ DiscussionBoard.errors[5158656].message }}
  • Profile picture of the author Newbieee
    this suks man.

    why cant everyone play fair.

    why jack on someone else;s effort.

    cant they think, would it be nice if someone did that to them?

    this kind of thing should be sentenced life. lol. teach people a lesson.

    or at least same charge as stealing.

    Charge 1 : Stealing affiliate commissions.
    Charge 2 : hacking into online property
    Charge 3 : being a jack-ass?

    lol im not into law, so i dont know. any others to add in?
    i know just for doing 1 thing there can be lots of charges. lol..
    Signature
    Pain is a perception, so is defeat & happiness!
    {{ DiscussionBoard.errors[5145414].message }}
  • Profile picture of the author caseycase
    Chris, just a head's up to you or anyone who wants to make sure they know if something funky like this is happening to their site, you can install Website Defender (no affiliation) - Ensure your website security online with WebsiteDefender

    It will let you know via email if any files change on your site. The version I have right now is free and seems to work great.
    Signature

    Free IM Info, No Junk - http://www.ironcladim.com



    {{ DiscussionBoard.errors[5145427].message }}
  • Profile picture of the author AuthenticHealthCoaching
    That's scary! Thanks for posting this
    Signature

    #1 Amazon Bestselling Author of The Kindle Publishing Bible, Secrets of the Six-Figure Author and founder of Ebook Publishing School

    {{ DiscussionBoard.errors[5145571].message }}
  • Profile picture of the author HairyPoppins
    Geez man thanks for the heads up. I never would have even given that a thought. People can really suck sometimes. I thought you Canadians up there were supposed to be a bunch of saints.

    On another note you have his address and I've been waiting to bust this out for awhile and you have a good enough reason so may I suggest poopsenders - the ULTIMATE gag gift - SWEET revenge at its finest In my opinion Elephant would be most appropriate.
    Signature
    {{ DiscussionBoard.errors[5145575].message }}
  • Profile picture of the author John Romaine
    Clickbank is just getting dirtier and dirtier.

    Go around and scare the **** out of him.
    Signature

    BS free SEO services, training and advice - SEO Point

    {{ DiscussionBoard.errors[5145599].message }}
  • Profile picture of the author JustLight
    Thanks Chris for bring this issue up. Its really a a pathetic one for the guy. I support that you pay the guy a friendly visit to let him know about what he has done. He will be scared to death to know that someone within his vicinity has found him out.
    {{ DiscussionBoard.errors[5145732].message }}
  • Profile picture of the author pcpupil
    What is so special about a .js file?
    Can a hacker use any type file,or is this .js file easier,or more common.
    I have seen this .js file in quite a few products or downloads.
    Signature
    I will be your Digital Assistance for cheap.PM me.
    I can help relieve your work load.Pm me
    {{ DiscussionBoard.errors[5145940].message }}
  • Profile picture of the author J Bold
    I responded too soon and now read your other post.

    Crazy how much information you were able to find, obviously the guy's not a pro at this.

    I would think the sniffing tool sounds plausible as you found him on a forum saying he'd used one!

    That's nuts.

    As for anyone advocating violence or you going to try and intimidate him, that's just stupid.

    Leave it to the authorities...
    Signature
    {{ DiscussionBoard.errors[5146308].message }}
  • Profile picture of the author Brendan Vraibel
    Love your initiative to go after him like that. Please let us know what the almighty Clickbank has to say about it, I'd love to hear that.

    Also makes me nervous about stuff like online banking. If it's that easy to (almost) pull off some elaborate scheme like that, how easy can it be to get our payment info?
    Signature
    Online Reputation Management
    {{ DiscussionBoard.errors[5146327].message }}
  • Profile picture of the author Thomas Wilkinson
    My guess is that the authorities won't do much to him. The laws in the U.S. are iffy and in Canada they just haven't caught up to the wireless age. Make sure to let his host know and if you can get a story in the local press, do it. At least his friends and family will find out. If he has a boss let them know if he would steal from strangers he would for sure steal on his home turf. Especially if he's cocky and feels he can't be traced. I would find a way for him to have to take responsibility.

    Thomas
    Signature
    When you hear someone telling you what YOU can't do, they are usually talking about what THEY can't do.
    {{ DiscussionBoard.errors[5146438].message }}
    • Profile picture of the author Newbieee
      Originally Posted by Thomas Wilkinson View Post

      My guess is that the authorities won't do much to him. The laws in the U.S. are iffy and in Canada they just haven't caught up to the wireless age. Make sure to let his host know and if you can get a story in the local press, do it. At least his friends and family will find out. If he has a boss let them know if he would steal from strangers he would for sure steal on his home turf. Especially if he's cocky and feels he can't be traced. I would find a way for him to have to take responsibility.

      Thomas
      theres lots of news lately that people are being charged in US for online fraud.

      they are doing their part [the government] u just gotta know which channels to go to.
      Signature
      Pain is a perception, so is defeat & happiness!
      {{ DiscussionBoard.errors[5146524].message }}
  • Profile picture of the author ryanmilligan
    Banned
    Report him. I hate fraudsters!
    {{ DiscussionBoard.errors[5146641].message }}
  • Profile picture of the author mraffiliate
    Here's an interesting video that was just published 2 days ago that should make you be very careful using your smartphone for banking, etc.

    BUSTED! Secret app on millions of phones logs key taps ? The Register
    Signature

    {{ DiscussionBoard.errors[5147899].message }}
  • Profile picture of the author DJL
    I believe the free WordPress Firewall plugin would have prevented this exploit.
    It allows you to forbid any file updates except from IP addresses that you whitelist.
    Signature

    None are more hopelessly enslaved than those who falsely believe they are free.
    --Johann Wolfgang von Goethe, Elective Affinities (1809)

    {{ DiscussionBoard.errors[5149798].message }}
    • Profile picture of the author Chris Thompson
      Originally Posted by DJL View Post

      I believe the free WordPress Firewall plugin would have prevented this exploit.
      It allows you to forbid any file updates except from IP addresses that you whitelist.
      You've misunderstood the situation. He used an FTP program to update the file. As long as he has my username and password, he can get in and upload / change ANY files. What plugins are running on Wordpress are irrelevant at that point.
      {{ DiscussionBoard.errors[5156150].message }}
  • Profile picture of the author TrafficBot
    The world is not round or flat but crooked!
    Signature
    Auto Traffic Storm
    7 Figure Success Formula
    Commission Hurricane
    Instant Profit Facebook Pages
    {{ DiscussionBoard.errors[5150903].message }}
  • Profile picture of the author zaco
    I think you should call his parents and let them know what their son did, and also engage the authorities, let them pay for raising up a crooked kid .. the kid impacted your business so its either he pays or his parents or he faces charges.. I think if someone is convicted in Canada.. they can go up to 7 years to jail in such a case..
    {{ DiscussionBoard.errors[5151191].message }}
  • Profile picture of the author flocon
    I used to not take really into consideration the idea of clocking affiliate links. Here, you have given me a reason to change my way of looking at it.
    {{ DiscussionBoard.errors[5151499].message }}
  • Profile picture of the author CoMpUtErGoD20XX
    If you install the Secure WordPress plugin and setup the free account it will send you daily alerts from scans of your website. One of the things it does is alert you to changed files.

    In addition, it also alerts you when updates are available and more. It really is a nice plugin and you can't beat the cost!

    I hope this helps.
    {{ DiscussionBoard.errors[5156202].message }}
  • Profile picture of the author Steve Faber
    Great work Sherlock!

    If he did it to you, chances are great he also did it to others. In the U.S. they cyber-crime seriously, not sure about our neighbors to the north, though.

    If you're that proficient a researcher, you should be able to find the authorities who will do the most damage to that guy and report him to them. Need to get these scumbags locked up, hopefully in a prison with no Internet access.

    The irony is that the white collar criminals all seem to wind up in those "country club prisons" where they get much more comforts of home, like Internet access. Hopefully they make an exception for guys like him.
    Signature
    For Killer Marketing Tips that Will Grow Your Business Follow Me on Twitter Now
    After all, you're probably following a few hundred people already that aren't doing squat for you.....
    {{ DiscussionBoard.errors[5156280].message }}
  • Profile picture of the author hotpr
    man, that is great to know. I will be on the look out
    {{ DiscussionBoard.errors[5156297].message }}
  • Profile picture of the author cinereus
    I don't really understand how you found it out or how the hack worked.

    Firstly, what did you do that caused you to notice? And how can we be aware of other methods that people try to do this?

    Also, why is it necessary to hack YOUR site to cookie stuff? Or am I missing something?
    {{ DiscussionBoard.errors[5156350].message }}
    • Profile picture of the author Chris Thompson
      Originally Posted by cinereus View Post

      I don't really understand how you found it out or how the hack worked.

      Firstly, what did you do that caused you to notice? And how can we be aware of other methods that people try to do this?

      Also, why is it necessary to hack YOUR site to cookie stuff? Or am I missing something?
      Cinereus - I'll try to explain it in really simple terms.
      • I noticed that one particular affiliate was suddenly responsible for the vast majority of sales over a period of several days. I thought it was weird, but not fraud at that point.
      • I used my own computer to test out some affiliate links for REAL affiliates. I wanted to be sure their links would be working. That's when I discovered [affiliate=scammer] on the clickbank order form. That's when I realized it was a fraud.
      • I suspected he hacked my site because of Occam's Razor - the simplest solution is the most likely.
      • I checked my FTP logs from the day this fraudster started making affiliate sales. Sure enough, he had uploaded a file to my server on this exact day. So now I have the SOURCE of the problem.
      • I sent the file to my friend. He decompiled it to reveal what the fraudster had done. That revealed his domain name (because he was using Javascript code to send requests to his server)
      • Once I had his URL I did a whois search on him, plus an IP address lookup, etc. I found out everything about him including his name, address, phone number, email address, where he goes to school, what he studies, what forums he posts on, etc.

      He had to hack MY site to make commissions on MY product simply because that's the most effective way to guarantee he takes the commissions. If he hacked some other site, the chances of that other website's visitor becoming my customer (triggering a sale for him) would be remote. But if he hacks my site directly, he can capture sales from all my customers.
      {{ DiscussionBoard.errors[5157435].message }}
  • Profile picture of the author Chris Thompson
    Another quick update here ....

    I'm SURE now that he did not hack my password over my Wi-Fi connection. He probably accessed my password through a Wordpress plugin security issue that I haven't yet figured out. In other words, even though i've changed passwords and stuff .. I'm sure the same loophole still exists. So I'm investigating where the vulnerability is.
    {{ DiscussionBoard.errors[5157493].message }}
    • Profile picture of the author jrpt
      My WP sites were hacked into about 2 months ago and there's no way my passwords could have been figured out and I don't do any free wifi usage. WP has a knack for being vulnerable once the hackers get each version figured out.

      Originally Posted by Chris Thompson View Post

      Another quick update here ....

      I'm SURE now that he did not hack my password over my Wi-Fi connection. He probably accessed my password through a Wordpress plugin security issue that I haven't yet figured out. In other words, even though i've changed passwords and stuff .. I'm sure the same loophole still exists. So I'm investigating where the vulnerability is.
      Signature

      {{ DiscussionBoard.errors[5159078].message }}
  • Profile picture of the author Ben Gordon
    Wow - a very intense and interesting thread to read indeed. I would recommend taking it to authorities if you choose to let him take the blame, however, authorities probably won't do much. They aren't going to charge him with any real, large offense. I've heard some of these scenarios alike yours and it usually ends up in the situation in which nobody is liable or is just forgotten.
    {{ DiscussionBoard.errors[5158175].message }}
  • Profile picture of the author timpears
    How in hell does someone FTP something into your accunt.
    Signature

    Tim Pears

    {{ DiscussionBoard.errors[5158201].message }}
  • Profile picture of the author Andrea652
    Banned
    [DELETED]
    {{ DiscussionBoard.errors[5158360].message }}
    • Profile picture of the author bretski
      Hey Chris,

      Good catch! I don't think you were the only one that got hacked by this jag. Another vendor that I am an affiliate for who also has audio on his site was hacked. Also in Canada. Everything seems to match up including the affiliate name hint that you gave.

      I was in contact with the vendor and he also pinned it down to the 24th. The weird things was that it wouldn't drop the rogue affiliate cookie every time. Only about half the time. Weird stuff but I'm glad that you got things cleaned up and I hope that this POS does jail time. I don't know what CB will do with the money but I doubt that I'll see any of it.

      I must admit and I do feel bad because at first I was sure that it was the vendor. I feel like an idiot now and if he reads this... sorry dude!
      Signature
      ***Affordable Quality Content Written For You!***
      Experience Content Writer - PM Bretski!
      {{ DiscussionBoard.errors[5158521].message }}
      • Profile picture of the author Chris Thompson
        Originally Posted by bretski View Post

        Hey Chris,

        Good catch! I don't think you were the only one that got hacked by this jag. Another vendor that I am an affiliate for who also has audio on his site was hacked. Also in Canada. Everything seems to match up including the affiliate name hint that you gave.

        I was in contact with the vendor and he also pinned it down to the 24th. The weird things was that it wouldn't drop the rogue affiliate cookie every time. Only about half the time. Weird stuff but I'm glad that you got things cleaned up and I hope that this POS does jail time. I don't know what CB will do with the money but I doubt that I'll see any of it.

        I must admit and I do feel bad because at first I was sure that it was the vendor. I feel like an idiot now and if he reads this... sorry dude!
        Bretski - you got it. He wrote a PHP program to assign a random number, and if the random number matches certain criteria he put his cookie in place, otherwise he doesn't. That way he is only stealing about half the commissions ... you know ... so he's only half a thief

        I guess this confirms he has attacked multiple vendors.
        {{ DiscussionBoard.errors[5164918].message }}
  • Profile picture of the author sierraskatherine
    Thanks for the heads up. And it is a big problem, I think.
    {{ DiscussionBoard.errors[5158666].message }}
  • Profile picture of the author Jake Draper
    Chris Kent
    Are you sure that he didn't hack someone else's site? I know the domain owner is a coder and has been doing packet sniffing but it's possible that someone hacked him and used his connection/machine as cover.
    I was thinking the same thing. It seems as if the kid is smart enough to hack, but yet so stupid.:confused: hmm, although you did state the kid has used sniffer before.

    Chris Thompson, thanks for the post. I've learned quite a bit from your posts. I'm glad you caught on quick and stopped the madness.
    Signature

    {{ DiscussionBoard.errors[5158922].message }}
  • Profile picture of the author Joe J
    Originally Posted by Chris Kent View Post

    Are you sure that he didn't hack someone else's site? I know the domain owner is a coder and has been doing packet sniffing but it's possible that someone hacked him and used his connection/machine as cover.

    I think Chris makes a good point here. It was mentioned after his post that it may have happened to another person , and maybe by the same person.

    After reading Chris' post, I'm wondering why noone else picked up on this or is it just something that's not possible? My thought is that it's possible since large company's and government computers get hacked but is it something a little guy that goes after Clickbank's customers is capable of?

    Joe
    {{ DiscussionBoard.errors[5158943].message }}
  • Profile picture of the author Chris Thompson
    Originally Posted by Chris Kent View Post

    Are you sure that he didn't hack someone else's site? I know the domain owner is a coder and has been doing packet sniffing but it's possible that someone hacked him and used his connection/machine as cover.
    I'm as sure as I can be. Too many idiot things this guy did. Like the fact that his clickbank ID match his Twitter ID. The fool.
    {{ DiscussionBoard.errors[5164893].message }}
  • Profile picture of the author jannatus
    Chris, thanks for thinkin of us.
    {{ DiscussionBoard.errors[5169788].message }}

Trending Topics