10 {{ upvoteCount | shortNum }}
10 {{ upvoteCount | shortNum }}

Strange email - How to protect digital products?

by BarryOnline
9 replies
I received a very strange email yesterday through the contact form on my product site.

The person who emailed me said that the download link for my main product (PDF eBook) is dead and that I need to update the download link so that customers are able to view the product.

The thing is, my product is not complete yet and my product is not set up with any payment processor. None of the 'add to cart' buttons are active.

I find this email quite alarming because it means someone has been on my download page and tried to download the product which is not available for sale yet.

I'm aware that there's a lot digital products stolen from sites so I've taken some measures to secure my product, but not enough obviously.

Here's what I've done so far to secure my product:

Set the download page to 'no index' so it won't show up in Google
Made the download page URL up of random letters and numbers
Made the product PDF URL up of random letters and numbers
Secured the /wp-content/uploads/ so that it returns a blank page

Is there something I've missed?

Does anyone know of others ways someone could access my product or download page, and what extra measures I could take to further secure my product?

Thanks
#digital #email #products #protect #strange
  • Profile picture of the author Shaun OReilly
    I place most download products in a non-web accessible
    folder (above public_html) so that the folders and files
    are not accessible to general visitors.

    Doing this also ensures that the download pages and
    download links are not indexed in Google or elsewhere.

    I then use download protection scripts like DLGuard or
    RapidActionProfits to provide expiring download links so
    that my products are only accessible to people who
    have actually paid for access.

    Another option is to create a members area where
    the only people who can access the pages are those
    who have paid for membership.

    Dedicated to mutual success,

    Shaun
    Signature

    .

    {{ DiscussionBoard.errors[7845369].message }}
    • Profile picture of the author BarryOnline
      Originally Posted by Shaun OReilly View Post

      I place most download products in a non-web accessible
      folder (above public_html) so that the folders and files
      are not accessible to general visitors.

      Doing this also ensures that the download pages and
      download links are not indexed in Google or elsewhere.

      I then use download protection scripts like DLGuard or
      RapidActionProfits to provide expiring download links so
      that my products are only accessible to people who
      have actually paid for access.

      Another option is to create a members area where
      the only people who can access the pages are those
      who have paid for membership.

      Dedicated to mutual success,

      Shaun
      Shaun, thanks for the suggestion. I will look into implementing some of those.
      Signature

      We are the universe contemplating itself - Carl Sagan

      {{ DiscussionBoard.errors[7845423].message }}
  • Profile picture of the author khooster1
    Hi Barry,
    Theses stuffs happen everyday..
    There is only so much you can do.

    I rather focus on creating more sales.
    This matter the most, isn't it?
    {{ DiscussionBoard.errors[7845377].message }}
    • Profile picture of the author BarryOnline
      Originally Posted by khooster1 View Post

      Hi Barry,
      Theses stuffs happen everyday..
      There is only so much you can do.

      I rather focus on creating more sales.
      This matter the most, isn't it?
      True, getting sales is what matters. But I would rather avoid having lots of free copies of my product circulating online before I've even launched it.

      I want to make it as difficult as possible for people to steal my product.
      Signature

      We are the universe contemplating itself - Carl Sagan

      {{ DiscussionBoard.errors[7845419].message }}
      • Profile picture of the author Shaun OReilly
        Originally Posted by BarryOnline View Post

        I would rather avoid having lots of free copies of my product circulating online before I've even launched it.

        I want to make it as difficult as possible for people to steal my product.
        Exactly.

        At the outset, you're better off blocking off most of the
        avoidable leaks so your product doesn't fall into too many
        of the wrong hands.

        It's harder to manage once the horse has bolted.

        However, there's a balance to be had between making
        your product as secure as possible and not actually
        inconveniencing your valued customers too much.

        Dedicated to mutual success,

        Shaun
        Signature

        .

        {{ DiscussionBoard.errors[7845441].message }}
  • Profile picture of the author WillR
    Put your products in a membership area.

    Open download pages are so 1800's
    Signature

    .


    .

    {{ DiscussionBoard.errors[7845807].message }}
  • Profile picture of the author yakim1
    I created a software that makes all my download pages dynamic. The actual download page is in the database.

    When a product is delivered the correct products are added automatically to the download page. The person downloading the products never sees the actual download link and the one he does receive in an email expires after x amount of download attemps.

    When the files are downloaded they have generic file names so the actual file name is never known. The Generic file names are like... zip1.zip, zip2.zip and zip3.zip

    This use to happen to me all the time. Maybe as much as 3 to 5 times a week.

    As you have seen they have a very hard time finding the zip files, but it is the html or php file of your download page is what they can find.

    That is why I have NO real download pages, but instead the one dynamic download page from the database that automatically loads the correct product files needed for the download.

    The url the customer sees for the download page is something like this...
    yourdomain.com/GetFile#xx

    Not a reall link. So everything is hidden.

    I went nuts when I found out I was losing so much money because people were stealing my stuff. So that is why I created my system of delivering products.

    There are products you can purchase to help protect your downloads, but you are using wordpress and it is full of security holes.

    I don't have to make any more download pages.

    Good luck,
    Steve Yakim
    {{ DiscussionBoard.errors[7845881].message }}
  • Profile picture of the author rosetrees
    Are you 100% certain that the person actually accessed your download page? Take a look at your site stats and see if anyone has actually visited it.

    Sounds like a phishing contact email to me. Probably that person sent the same message to any site they could find that appeared to be selling stuff in the hope that the site owner would panic, apologise and send them the download link.
    {{ DiscussionBoard.errors[7846490].message }}
    • Profile picture of the author NewRiseDigital
      If you are just selling an eBook and don't need a fully fledged membership system, use a service like e-Junkie to deliver your product.

      Services like e-Junkie encrypt the download links so that each person gets delivered a unique download link after purchase, which can be set for use for a limited number of times.

      It won't stop people sharing your eBook after download though, (and don't even think of wrapping it up in DRM or getting your buyers to jump through hoops to access it, you're sales will dry up very quickly if you do that).

      Concentrate on connecting with the people that want to genuinely buy your product instead of worrying about people stealing it.
      Signature
      Interviews With The Top Digital Marketing Experts - Get The New Book "Essential Digital Marketing For Small Business http://newrisedigital.com/book
      {{ DiscussionBoard.errors[7846527].message }}

Trending Topics