1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ClickJacking - Idea on hiding refferal traffic through another website.. can it work?

Discussion in 'Black Hat SEO' started by CommercialMedia.ca, Aug 29, 2011.

  1. CommercialMedia.ca

    CommercialMedia.ca Newbie

    Joined:
    Aug 17, 2011
    Messages:
    34
    Likes Received:
    2
    Occupation:
    Commercial Media Inc.
    Location:
    Canada/USA/Russia
    Home Page:
    Guys maybe cuz I am new to this and this idea has already been discussed ... but I had this IDEA of sending Purchased or Adult Traffic through/TO a whitehatsite/directory/-> that redirects that traffic from that URL to a Clickjacking domain for example... so the REFERRAL will be from whitehatsite and not from the purchased-traffic website.???

    what you guys think about that? can it work so that google doesn't see the Purchased traffic referral??
     
  2. alexj.affiliate

    alexj.affiliate Junior Member

    Joined:
    Dec 26, 2010
    Messages:
    148
    Likes Received:
    314
    i dont know if its possible but why dont you send the paid traffic to a anonymized link for example create one at http://anonym.to/ if you create a anonymous link at anonym.to then the reffer will be hidden and it will redirect to your landing page
     
  3. phpbuilt

    phpbuilt Jr. VIP Jr. VIP

    Joined:
    May 16, 2011
    Messages:
    1,650
    Likes Received:
    5,208
    Occupation:
    $ from websites I own.
    Location:
    putting monkeys in paypal
    From wikipedia

    You might want to define what exactly you mean by clickjacking.

    Adult visitors barely convert for adult websites, they certainly aren't going to buy anything or convert after being redirected several times. I can only imagine you're wanting to do this to up your traffic numbers to look more legitimate to support some other fraud system (like balancing out traffic to make clicking on your own links a more legitimate clickthrough rate)?

    Blackhat means you're using clever methods to outsmart Google's ranking algorithms, not to commit fraud. I can't imagine any reason to up your traffic with non-converting visits for any other reason than fraud (except maybe to up your alexa numbers on a website you're going to flip) ... even then it'll be fraud for whoever buys the site.
     
  4. facebookdude

    facebookdude Elite Member

    Joined:
    Feb 28, 2010
    Messages:
    1,506
    Likes Received:
    2,489
    Not sure how clickjacking works into it. I would suggest you fake or blank referrer :)
     
  5. Crazy

    Crazy Jr. Executive VIP

    Joined:
    Jun 13, 2009
    Messages:
    640
    Likes Received:
    319
    Occupation:
    VB, C#, XHTML, CSS, PHP, MySQL, JavaScript, jQuery
    Location:
    Everywhere
    Yes, this idea is used all the time to act as a buffer referrer (to hide original referrer). There are many ways to do this, some people use custom scripts, others user WP plugins that offer this option. It can help with anything, not just for the purpose of having a click jacking destination.
     
  6. Four Seasons

    Four Seasons Regular Member

    Joined:
    Aug 22, 2011
    Messages:
    409
    Likes Received:
    206
    Location:
    Cottonballs
    Yeah but its very shady, take note blanking,faking the referrer isn't 100% efficient, I've tested this already.
     
  7. blackhatcodex

    blackhatcodex BANNED BANNED

    Joined:
    Aug 28, 2011
    Messages:
    144
    Likes Received:
    248
    Actually it doesn't...I think you may have to brush up on your dictionary. Whitehat SEO is a means of using clever methods to outsmart Google Rankings. Google ranking are meant to be organically created...so anything that you do in attempt to change this original intention is "cleverly using methods to outsmart Google's Rankings".

    With that said, here is Wikipedia's excerpt on Blackhat:
    Clickjacking isn't fraud...it's just cleverly redirecting or changing the action of a user's "click" when they are on your web property.

    ** Use caution next time you try to decide that you want to call someone out for "comitting fraud". - just a thought
     
  8. Crazy

    Crazy Jr. Executive VIP

    Joined:
    Jun 13, 2009
    Messages:
    640
    Likes Received:
    319
    Occupation:
    VB, C#, XHTML, CSS, PHP, MySQL, JavaScript, jQuery
    Location:
    Everywhere
    But BH does include fraud. BH includes a ton of illegal shit, thus why it's called BH.

    Just to clarify, I'm not condoning fraud, just that there is always this debate about "what is BH," because a lot of people enjoy the title to feel edgy and cool, but rarely cross into the GH area, let alone BH.
     
  9. blackhatcodex

    blackhatcodex BANNED BANNED

    Joined:
    Aug 28, 2011
    Messages:
    144
    Likes Received:
    248
    Agreed.
     
  10. jeka1sv

    jeka1sv Registered Member

    Joined:
    Aug 23, 2011
    Messages:
    87
    Likes Received:
    10
    I also agree with Crazy
     
  11. phpbuilt

    phpbuilt Jr. VIP Jr. VIP

    Joined:
    May 16, 2011
    Messages:
    1,650
    Likes Received:
    5,208
    Occupation:
    $ from websites I own.
    Location:
    putting monkeys in paypal
    Thanks for clearing that up for me. Except name one reason anyone would do this that isn't based on fraud.

    Whitehat SEO is ranking in Google using methods that Google condones, which are legal. Blackhat SEO is ranking in Google using methods that Google does not condone, which is still legal. Google cannot dictate how someone builds their website or structures their links, there is nothing illegal about buying links or building a network of websites to exploit Google's algorithm. Google's only course of action is to remove them from their index if they desire -- but never is it a question of legal or not legal.

    Fraud = go to jail if you're caught doing something like forcing clicks through an affiliate system that the user didn't originate. And if you disagree with me, look up BHW terms of service, I'm certain you'll find that you aren't to discuss methods on this website which are illegal.

    You have your own definitions of clickjacking and blackhat, and that's fine. I'll stick with the wikipedia definition, and the fact that every other thread on BHW that has the OP asking about clickjacking has everyone going "what are you talking about".
     
  12. Crazy

    Crazy Jr. Executive VIP

    Joined:
    Jun 13, 2009
    Messages:
    640
    Likes Received:
    319
    Occupation:
    VB, C#, XHTML, CSS, PHP, MySQL, JavaScript, jQuery
    Location:
    Everywhere
    Lol, you're not going to jail for click-jacking, believe me. I'm highly conscious of what I do and don't do, and click-jacking is far from "illegal." You might face some civil liabilities against the network you're trying to game, but nothing like Wire Fraud, etc.

    BH is by definition malicious in intent and does encompass illegal activity. That doesn't mean illegal activity is a necessary condition.

    Even if you don't do anything that can get you sent to prison, if you haven't done anything that can put you in a court room up against some private entity, you're not BH.
     
  13. phpbuilt

    phpbuilt Jr. VIP Jr. VIP

    Joined:
    May 16, 2011
    Messages:
    1,650
    Likes Received:
    5,208
    Occupation:
    $ from websites I own.
    Location:
    putting monkeys in paypal
    Yeah I guess that's the reason why Shawn Hogan, owner of DP forums, was arrested by the FBI for cookie stuffing amazon affiliates and now has his passport held so he doesn't flee the country while awaiting trial.

    Cookie stuffing is nothing more than a URL redirect not authorized by the web surfer, done in an iframe, which made amazon think that Shawn had sent a visitor to them when he hadn't. Then later on if that person ever did go directly to amazon to purchase something, he would get the commission.

    So you think that is entirely civil only and nothing illegal huh? Why did the FBI get involved? Why was he arrested? Why did he have his passport confiscated awaiting trial?

    You think its not illegal, thats fine you keep doing it. Meanwhile, every dollar that gets sucked out of systems through fraud is all that much less money for the affiliate program, and that money has to come from somewhere ... i.e. for everyone who is not frauding ... less commissions, harder to sign up, parent company goes out of business from fraud and affiliates never receive their commissions.

    BH is not by definition malicious in intent. I can buy 20 websites, is that evil? No. I can buy hosting on 20 different IP addresses, is that malicious? No. I can stick up 20 websites, anything wrong with that? No. I can point links from those 20 websites to my own website, is that illegal? No. Who has been harmed by this so far? No one. Google sees my linking structure and gives me a bonus in their SERPs, has Google been harmed? No. Is that blackhat? Yes. Why? Because Google doesn't want you manipulating their algorithm like that, but there's nothing harmful or malicious associated with it.
     
  14. CommercialMedia.ca

    CommercialMedia.ca Newbie

    Joined:
    Aug 17, 2011
    Messages:
    34
    Likes Received:
    2
    Occupation:
    Commercial Media Inc.
    Location:
    Canada/USA/Russia
    Home Page:
    I was actually referring to buy traffic say from LinkTrackers and send it to one BH site where a clickjacking script is installed ... to clickjack say FB LIKE button or Twitter Subscribe button, etc. (can be many purposes).
    However, some people use it to ClickJack an adsense code and ask me how to fake their purchased traffic Referrer in a CJ site. So I thought of the idea of sending through a whitehat domain Purchased or Adult traffic.

    So can someone answer if this can be done or not?
    I don't care if you call it BH or not. just need to know what referrer will be shown.
     
  15. blackhatcodex

    blackhatcodex BANNED BANNED

    Joined:
    Aug 28, 2011
    Messages:
    144
    Likes Received:
    248
    I think you got lost and are in the wrong forum...

    Proxies: Used to purposefully hide your location
    Content Generators: Used to purposefully trick the user and google into thinking you have real content
    Comment Spam tools: Maliciously spamming 3rd party blogs
    Forum Posting Software: Maliciously spamming 3rd part forums

    Just to name a few blackhat items on this forum.

    Now..let's look at recent posts....

    - Be careful with this IP for your google adsense!!
    - Bulk Yahoo answers level 2 Accounts Required
    - Video View Increasing Bots??
    - Case Study - Beating Panda With An Autoblog
    - What is the best link cloaking solution for wprobot in wordpress subdomain multisite?
    - Removing Negative Competition from top 10

    ...Just to name a few...about 90% of these threads could be taken down and OP's taken to court over "Loss of Revenue Actions" among other things.

    The point is, your in a forum that revolves around the basis of finding, locating, and sharing ideas on how to increase both SEO ranks and Money Making.

    Don't sit here and call FOUL.

    It's like going into a strip club and then complaining that women are taking off their shirts!

    ************************************

    By the way...

    Hacking = Malicious
    Blackhat = Exploitation
     
    • Thanks Thanks x 1
  16. Satan Claus

    Satan Claus Regular Member Premium Member

    Joined:
    Aug 25, 2010
    Messages:
    217
    Likes Received:
    193
    The difference between manipulating G's algo and stuff like clickfraud & rogue CPA e-mail submits is that the former is a terms of service violation and the latter is wire fraud. (Ironically, a lot of blackhats think defrauding CPA companies is OK, but burn to the ground anyone involved in click fraud.)

    Wire fraud:

    I don't know the details of the Amazon cookie stuffer, but I wouldn't be surprised if he's being charged with wire fraud. Blackhat is not a synonym for criminally illegal, but rather operates between the very border and within it. Blackhats risk their rankings, their earnings and their reputations; Not jail time. Having said that, I'm definitely not without sin. You won't ever see me cast the first stone.
     
    • Thanks Thanks x 1
    Last edited: Aug 29, 2011
  17. astbnboy

    astbnboy Registered Member

    Joined:
    Apr 7, 2010
    Messages:
    64
    Likes Received:
    122
    Location:
    california
    Dude I'm pretty sure that google considers blackhat tactics to be fraud. There is a fine line here, there may be a few levels of separation between what you are talking about and what he is talking about but lets not ride a "I'm better than that" horse. If you doubt me just look at this community and the information we provide.
     
  18. phpbuilt

    phpbuilt Jr. VIP Jr. VIP

    Joined:
    May 16, 2011
    Messages:
    1,650
    Likes Received:
    5,208
    Occupation:
    $ from websites I own.
    Location:
    putting monkeys in paypal
    There is nothing illegal about hiding your location. Legitimate reasons for hiding location would be to create multiple accounts at Google, blogger, yahoo, facebook. It may be against the terms of use of these websites to create multiple accounts with them. It is certainly not illegal.

    You got to be kidding me. If I write an article and spin it into 100 versions, put it onto 100 websites that I own ... exactly how is that illegal? Just because Google doesn't like being tricked like this does not make it illegal. Their only option if they don't like it is to discover it and remove you from their search engine, but it never was a question of legality.

    3rd party blogs make the availability to post on their blog public. It was their option to allow other people to post on their blog. They may not like the fact that their blog receives automated links on it, but that is an issue of terms of service if anything (not even that because how many blog websites have you seen with a terms of service that say please do not automate comments to my website -- none). Again, nothing illegal here.

    Google doesn't have an absolute right to profile anyone who uses their service. There are 100s of anonymity websites out there and none of them are illegal. If anything this would be a terms of service violation, although I'm fairly certain that Google does not have in their TOS "do not hide your IP from us". Again, never a question of legality.

    So what? Yahoo doesn't like someone creating multiple accounts at their service, but it isn't illegal. It is not illegal to go against the terms of service of a website. I repeat just in case you haven't let that set in ... and don't make me go google up the actual lawsuits that prove my case (because it has been proven in courts) it is not illegal to go against the terms of service of a website.

    TOS violation, not illegal.

    Trying to overcome a google algorithm is not illegal. Automatically generating blog posts is a terms of service violation, not illegal.

    Hiding links from Google because their algorithm penalizes links to affiliate websites ... how in the world can any sane person think this is illegal.

    If Google's algorithm can be manipulated to take a website down, that is Google's problem. The person who was moved down in ranks and lost money could theoretically have a civil suit -- but that's assuming they were entitled to the Google SERPs they originally had. I'm not particularly in favor of Google bowling, but that being said -- its not illegal to build backlinks to a website you don't own.

    The OP clarified what they were looking for. They want to cookie stuff CJ. It's illegal, fraud -- the FBI would be just as justified knocking on the OPs door as they were knocking on Shawn's door.
     
  19. phpbuilt

    phpbuilt Jr. VIP Jr. VIP

    Joined:
    May 16, 2011
    Messages:
    1,650
    Likes Received:
    5,208
    Occupation:
    $ from websites I own.
    Location:
    putting monkeys in paypal
    The biggest point I'm trying to make -- is that everything you just quoted as being malicious -- has no one suffering financial harm through wire fraud.

    If someone has a blog they want comments on, but get some that are automated comments that they have to delete -- they're not being scammed out of hundreds or thousands of dollars.

    If someone creates 100 accounts with yahoo and sells them, yahoo might (accumulated) have to hire an employee to handle 100s of millions of spam account deletion ... but they're not losing a penny over someone creating 100 accounts on their service.

    If google's algorithm is manipulated to show one website at the top of the SERPs over another, that website might be higher quality ... Google may even end up benefitting from it.

    Cookie stuffing, however, is real theft. Any affiliates that were due a commission before a client was clickjacked lost real money out of their pockets. If there wasn't a cookie already set for commission, the parent company lost real cash by paying a commission when they really didn't have to. That is real money being taken, real theft, real fraud, real damages, its illegal.

    Why do I care? Because for every idiot that hatches up a fraud campaign, everyone else suffers. Its not particularly easy to sign up with CPA because of all the frauds. I used to take funds from my paypal account and forward it to myself using a site called xoom.com ... they disabled that service because they were frauded too much.

    All the money lost from fraud has to come from somewhere, it comes out of the parent company profits, other affiliates pockets -- in general it just screws up opportunities for people who are not trying to steal. If you're working this hard trying to commit fraud, why not take all those energies and start trying to rank websites and get money legitimately.
     
  20. kboxer7

    kboxer7 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 25, 2010
    Messages:
    872
    Likes Received:
    700
    It's late...and maybe my thinking is off but let's look at the following scenarios...

    Scenario #1: Website owner pays for traffic (PPC or whatever). Site owner directs this traffic to a URL with his/her affiliate ID that is set to "forward" to the affiliate site. If those visitors buy anything site owner gets paid.

    Anything wrong with this? The web visitors were NOT defrauded in any way.

    Scenario #2: Same as above, but instead of a "forwarded URL" the traffic was sent to a site with a CJ script installed that sent the user to the affiliate site.

    NOTE: The outcome of both scenarios was the SAME.

    Which if any are considered "Fraud?" What is the real difference between this and paying a PPC company to send those clicks directly to an affiliate site?

    I understand why CS is illegal. But I cannot wrap my mind around why using a CJ script on your OWN site to send traffic you PAID for to an offer is illegal. Against TOS probably, but illegal?

    Thoughts?