1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP Script - Protect Referral Link - Need Feedback On Possible Uses!

Discussion in 'Black Hat SEO' started by NetBrilliance, Jul 2, 2008.

  1. NetBrilliance

    NetBrilliance Newbie

    Joined:
    Jan 18, 2008
    Messages:
    7
    Likes Received:
    23
    I've been working on gathering information on the best methods of blanking or spoofing referral information in affiliate cookies be used on ebay and other auction sites. I know this has been a widely discussed topic here and wanted share/get feedback on possible uses for this script.

    It has an admin section with default login of admin/admin that displays campaign name, real affiliate link url, and encrypted (hashed) url you place on your web pages to make creating/updating links on your webpages as easy as a copy and paste.


    Heres the script:

    <?php
    ######################################################################
    #
    # referral link cloaker and forwarder
    #
    # showcase.php
    #
    ######################################################################
    #
    # SETUP: Your referrral link ad campaigns
    #
    # Array ( "campaign name--referral link url" );
    #
    # -- is default delimiter between campaign name and referral url
    $referral_campaigns = array(
    "campaign 1--http://referrer-website-1.com/?referral_id=fdbfbrererehrehr444",
    "campaign 2--http://referrer-website-1.com/?referral_id=hjyj4t43t43t43tgfff",
    "campaign 3--http://referrer-website-1.com/?referral_id=hjgfdgfrrrrjtye4544",
    "campaign 4--http://referrer-website-1.com/?referral_id=gy54y45y4ufggfnfgnn",
    "campaign 5--http://referrer-website-1.com/?referral_id=5y7u65u76j56j5656j5",
    "campaign 6--http://referrer-website-1.com/?referral_id=greerercvvvvvvvvvvv",
    "campaign 7--http://referrer-website-1.com/?referral_id=k86kk6h5hb4nnnnnnnn",
    "campaign 8--http://referrer-website-1.com/?referral_id=grg43g34g43g34g4g43",
    "campaign 9--http://referrer-website-1.com/?referral_id=rbbnerbrbreberbrerb",
    "campaign 10--http://referrer-website-1.com/?referral_id=gngfngfngngngngfnn",
    "campaign 11--http://referrer-website-1.com/?referral_id=asasasasasasasaasa",
    "campaign 12--http://referrer-website-1.com/?referral_id=123456789012343788",
    "campaign 13--http://referrer-website-1.com/?referral_id=j76j7j65h35fsdfdff",
    "campaign 14--http://referrer-website-1.com/?referral_id=3t45tty3453g344g43",
    );
    #
    # $phpself finds the URI to this script
    #
    $phpself = "http://" . trim($_SERVER['HTTP_HOST'], "/") . $_SERVER['PHP_SELF'];
    #
    # ADMIN DISPLAY
    #
    # to access admin: http://your-website.com/path/to/this/script.php?admin
    #
    if (isset($_GET['admin']))
    {
    #
    # change username and password to your preference
    #
    $admin_password = "admin";
    $admin_username = "admin";
    if ((isset($_POST['submit'])) && ($_POST['admin_name'] == $admin_username) && ($_POST['admin_password'] == $admin_password))
    {
    echo "<html><head><title>referral link admin</title><style type='text/css'>th{border: 2px solid black;}td{border: 1px solid black;}</style></head><body>";
    echo "<table width='100%'";
    echo "<tr><th>campaign name</th><th>real referral link</th><th>encrypted referral link</th></tr>";
    foreach ($referral_campaigns as $individual_campaign)
    {
    $campaign_array = explode("--",$individual_campaign);
    echo "<tr><td>".$campaign_array[0]."</td><td><a href='".$campaign_array[1]."'>".$campaign_array[1]."</a></td><td><a href='".$phpself."?id=".md5($campaign_array[1])."'>".$phpself."?id=".md5($campaign_array[1])."</a></td></tr>";
    }
    echo "</table>";
    echo "</body></html>";
    exit;
    }
    else
    {
    #
    # dislay admin login
    #
    echo "<html><head><title>please login</title></head><body>";
    echo "<form name='login' method='POST' action=''>";
    echo "<p><input name='admin_name' type='text' MAXLENGTH='50' /> :Username</p>";
    echo "<p><input name='admin_password' type='text' MAXLENGTH='50' /> :password</p>";
    echo "<p><input name='submit' type='submit' value='Login' /></p>";
    echo "</body></html>";
    }
    }
    #
    # if id QUERY_STRING is set
    #
    if (isset($_GET['id']))
    {
    #
    # loop through the array
    #
    foreach ($referral_campaigns as $individual_campaign)
    {
    #
    # make new array out of each line
    #
    $campaign_array = explode("--",$individual_campaign);
    #
    # if the URI QUERY_STRING equals the hashed value of the array_key 1 data (afiliate url)
    #
    if ($_GET['id'] == md5($campaign_array[1]))
    {
    #
    # redirect immediately to the affiliate url
    #
    header("Location: ".$campaign_array[1]."");
    exit;
    }
    }
    }
    #
    # if script is accessed directly or if 'id' isnt in the array, do nothing and show a blank page
    #
    #
    ?>
     
  2. goawayplease

    goawayplease Regular Member

    Joined:
    Apr 10, 2008
    Messages:
    299
    Likes Received:
    67
    Things like this aren't so much a referrer blank or spoof as it is a cloaking method.

    Redirects like this are nifty because they can cloak your referrer in predictable ways, and are generally easy to test/verify.

    Using a JS Variant you could probably even do things like load Google Analytics to track hits.

    The major drawback that I've noticed is that it's hard to explain why your traffic is cloaked, and it's hard to implement these redirect methods on your site in a way that doesn't scream "cookie stuff!"

    The real holy grail of referrer spoofing would be something more like:

    I came from myspace.com/blackhat, but your server logged me as coming from mydomain.com/offer/ which is the registered affiliate page for this program.