1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[GUIDE] Traffic source cloaking with shared hosting.

Discussion in 'Black Hat SEO Tools' started by Bot Solutions, Nov 19, 2015.

  1. Bot Solutions

    Bot Solutions Regular Member

    Joined:
    Aug 19, 2014
    Messages:
    223
    Likes Received:
    368
    Occupation:
    Bot maker
    Location:
    Hungary
    Hello bhw folks.


    My traffic is not 100% legit.
    I guess I'm not alone haha, so I just wanted to share the setup I coded for cloaking my traffic source.


    0. All the files you will create goes to your site's root directory.


    1. Create a .htaccess file with the following code:
    Code:
    #Your apache will process html files as php files. PHP extension can be suspicius for your account manager.
    AddType application/x-httpd-php5 .html .htm
    #turning off server signatures
    ServerSignature Off
    #Turning off a PHP easter egg. Explained here: http://stackoverflow.com/questions/10458610/how-can-i-disable-phps-easter-egg-urls
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC]
    #Needed for previous line
    RewriteRule .* - [F]
    #Apache won't show the files in case you have no index file in the directory.
    IndexIgnore *
    #Show not found if somebody wants to access to your landing page template file.
    RedirectMatch 404 lp.tpl
    

    2. Create a .html file with the following code:
    Use a random string as the name, so in case your account manager reads this post, he won't be able to get you busted easily.
    I know the chances are pretty low, it's just a small tweak that makes this method 100% secure.


    For example, the name of the file should be 'FrnUJAASt4UVgmiD47tm.html' <-- As I mentioned you should use an other random string, please don't use this.
    Code:
    <!DOCTYPE html>
    <html><head> 
    <!--
    Javascript redirects the visitor to the site root.
    Make sure you don't put the name of the index file after the dash, so it won't appear in the referer string.
    -->
    <script type="text/javascript">
        location.href = "/";
    </script>
    </head></html>
    

    3. Create an index.html with the following code. Make sure to do the settings in line 4, 6, and 8


    Yes, you need a HTML file. Your apache will process it as a PHP code due to the .htaccess file you just created.
    PHP extension might be suspicius to your account manager.


    Code:
    <?php
    /*SETTINGS*/
    //Your domain name. Check if you use it with or without the www subdomain
    $allowed_host = "www.example.com";
    //string from the other html file without the html extension
    $trusted_referer_key = "FrnUJAASt4UVgmiD47tm";
    //your affiliate link. You can use the url http://whatismyreferer.com for testing purposes 
    $affurl = 'http://whatismyreferer.com';
    /*SETTINGS END*/
    
    
    //referer url
    $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "";
    //host name
    $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : "";
    //path of the current document
    $referer_path = parse_url($referer, PHP_URL_PATH);
    //add a dash and the extension to $trusted_referer_key
    $trusted_referer_path = '/' . $trusted_referer_key . '.html';
    
    
    
    
    //function for including the landing page and ending further processing
    function Lp() {
        include("lp.tpl");
        die();
    }
    
    
    //Hiding php.
    //It's just budget workaround for shared hosting.
    //You should follow this guide in case you have access to php.ini http://php.net/manual/en/security.hiding.php
    //It works fine, it's just not a good practice to hide your php this way.
    Header("X-Powered-By:");
    
    
    //Check if the site was accessed using your domain, otherwise show your landing page.
    //Protecting you against domain alias
    if ($host !== $allowed_host) {
      Lp();
    }
    
    
    //check if there's a referer, otherwise show your landing page.
    if ($referer) {
        //Save the referer to referers.txt if it's not coming from the $trusted_referer then call Lp function
        //You may want to take a look who else is referring to your site
        if ($trusted_referer_path !== $referer_path) {
            $referers = fopen("referers.txt", "a");
            fwrite($referers, $referer . '\n');
            fclose($referers);
            Lp();
        } else {
            //otherwise redirect the user to the affiliate url with js
            echo '<!DOCTYPE> <html> <head> <script type="text/javascript"> location.href="' . 
            $affurl . 
            '"; </script> </head> </html>';
        }
    } else
        Lp();
    
    
    ?>
    

    4. Create a file named lp.tpl. This is the landing page you want to show your affiliate account manager.
    Don't worry about the extension. Just change the .html to .tpl


    5. Send your traffic to www.example.com/FrnUJAASt4UVgmiD47tm.html (Of course replace the domain and the path with yours.)
    The aff manager will see as the traffic is coming from www.example.com
    Noone will get redirected to your aff url without knowing your secret random string.




    Suggestions and remarks regarding the guide/coding are welcomed.


    I answer questions in this thread, please don't PM!


    Good luck!
     
    • Thanks Thanks x 6
    Last edited: Nov 20, 2015
  2. Rookyb

    Rookyb Newbie

    Joined:
    Nov 21, 2015
    Messages:
    17
    Likes Received:
    2
    Occupation:
    Freelancer
    Location:
    Online
    What is it regard for? I am a noob in here :p
     
  3. Bot Solutions

    Bot Solutions Regular Member

    Joined:
    Aug 19, 2014
    Messages:
    223
    Likes Received:
    368
    Occupation:
    Bot maker
    Location:
    Hungary
    Well, if you want to promote an offer with spamming, you gotta hide where your traffic is coming from.
    Or maybe you don't want the advertiser to ruin your business by creating competition.
     
  4. taskforcenow

    taskforcenow Registered Member

    Joined:
    Nov 13, 2015
    Messages:
    94
    Likes Received:
    6
    Home Page:
    Woah, I didn't know that. I'm a newbie too. Woah Thanks for this I guess.
     
  5. ChanzGrande

    ChanzGrande Elite Member

    Joined:
    Feb 16, 2008
    Messages:
    2,487
    Likes Received:
    1,179
    Occupation:
    Accountant
    Location:
    Northern Woods Counting Money
    Not tested due to having my own internal solutions, but I don't see anything jumping out as a major issue here. Many of us have used variations of this approach over the years to keep our traffic sources safe. There are perfectly legitimate reasons to set something like this up as well as the obvious reason in your case of wanting to hide illicit traffic origins.

    As pointed out - this type of approach can also be a very effective means to prevent affiliate managers from gaming your method. Hoping the code works as described. It probably does as it looks very much like the old CPA Redirector approach. Good job OP.
     
    • Thanks Thanks x 1
  6. abhi007

    abhi007 Jr. VIP Jr. VIP

    Joined:
    Aug 31, 2010
    Messages:
    5,867
    Likes Received:
    3,947
    Location:
    Theatre of dreams :)
    I don't see why not this wont work without any hassle.
     
  7. rogerke

    rogerke Regular Member

    Joined:
    Oct 5, 2014
    Messages:
    264
    Likes Received:
    145
    It doesn't seem to work here. When I put the URL in the address bar it tries to save the html file. Triple checked all the steps, so I don't think I'm doing anything wrong.

    Any solutions?

    Edit: Fixed it with another Addtype template (AddType application/x-httpd-php .php .htm .html), but now both Chrome and FF are giving me untrusted connection warnings.

    Edit2: The issues was with the referer test URL you used. Other sites are working great.

    Thanks for this awesome guide!
     
    • Thanks Thanks x 1
    Last edited: Nov 23, 2015
  8. Bot Solutions

    Bot Solutions Regular Member

    Joined:
    Aug 19, 2014
    Messages:
    223
    Likes Received:
    368
    Occupation:
    Bot maker
    Location:
    Hungary

    So I guess everything works now, right?
     
  9. rogerke

    rogerke Regular Member

    Joined:
    Oct 5, 2014
    Messages:
    264
    Likes Received:
    145
    Yes, everything works like a charm. Desktop, Mobile and Tablet although I've only tested the latter two in Chrome.
     
    • Thanks Thanks x 1
  10. K.H.R

    K.H.R Jr. VIP Jr. VIP

    Joined:
    Dec 9, 2013
    Messages:
    3,301
    Likes Received:
    1,047
    Occupation:
    Learner
    Location:
    BHW