All methods of Affiliate Link Cloaking

We continue this comprehensive overview about all easy-to-understand and easy-to-use "Affiliate Link Cloaking" strategies. In this Part III you will learn about "Cookie Dropping"/"Cookie Stuffing". Remember: Whatever you do, it is in your responsibility.

This blog post is a follow-up of Affiliate Link Cloaking - Part I and Part II. Please read both previous parts first, before you continue.

I got an interesting question via e-mail ref. to Part II, if, in general, iframes should not be used any longer. No, of course iframes can be used, also for visitors with IE7, but only if the merchant does not evaluate cookies for commission. If merchant is working with tracking pixel or only with Affiliate links, it's certainly no problem. Merchants are dropping cookies, but in some cases they don't evaluate them for commission. You should ask your merchant, if you are unsure.

Method 3: Cookie Dropping - Cookie Stuffing (Cookie stuffing)

Cookie Dropping/Cookie Stuffing is a fraudulent method of dropping or replacing/overwritting cookies without knowledge of visitors, respectively. Different methods exist for Affiliate beginners and more advanced Affiliates. But if you are caught, at least you will lose your business with merchant, if not merchant will make a report. Practically almost nobody cares about this risk.

Let us have a very close look at those methods.

Cookie Dropping - Cookie Stuffing with 1x1-pixel iframes

When Affiliate beginners load a bunch of merchant's websites within 1x1-pixel iframes it is the same way foolishly as e. g. backlinking with 1x1-pixels. Why? Because anyone can detect it easily by checking the source code. Furthermore it is even more foolish, because page load times explode. There are more problems:

Imagine you would work only with Cookie dropping. What will happen? Of course you may earn a lot of money online and you would have big success through a extremely high Click-Thru-Rate (CTR)... Certainly the CTR will be 100%. But be alarmed as merchants will notice.

The reason and how to avoid 100% Click-Thru-Rate?

Why up to 100% Click-Thru-Rate? If a prospective visits a website (that does not do Cookie dropping) he will not necessarily click a link. Perhaps only 10% of visitors may click a link. Then this results in a CTR of 10%. From 1000 visitors 100 will click. A click opens the merchant's website and a cookie will be dropped. - If you open the merchant's website within an iframe with every impression of your website, the CTR will be 100%. For the merchant it looks as if 100% of visitors click on the link. This can be continued. If 100% click, why only 3% order?

Some consider this and randomize the loading of iframes with PHP (e. g. function rand) to get this more natural. Only at every e. g. fifth impression the iframes are integrated. But merchants can still find them in the source code of the page. But page load time is still too long. What do you think? Is it really necessary to load the merchant's page for dropping cookies?

First we have to learn about what cookies drop. Is it really the page?

How are cookies dropped?

Have you ever wondered about Check Server Headers tools at SEO tools pages? Of course you can check HTTP status codes 200, 301, 302..., you can also check if Affiliates or merchants use "P3P Privacy Policies" from Microsoft for IE7 (see Part II of this post) and... if they drop cookies, because cookies are dropped via HTTP headers. There's no need to load the merchant's website for dropping cookies, but how can we call HTTP headers only?

If we check the HTTP header of a website, we see e. g.:
(only main details, some are deleted, all are changed)

#1 Server Response: http://www.domain.tld
HTTP Status Code: HTTP/1.1 200 OK
Date: Tue, 18 Nov 2008 19:57:41 GMT
Server: Server name
Set-Cookie: skin=noskin; path=/; domain=.domain.tld; expires=Tue, 18-Nov-2008 19:57:41 GMT
p3p: policyref="http://www.domain.tld/abcd/p3p.xml",CP="ABCDEF"
Set-cookie: ubid-main=846-635632673-5643454; path=/; domain=.domain.tld; expires=Tue Jan 01 06:00:01 2044 GMT
Set-cookie: session-token=kdf84/sWEo4ew/fj4dgf/ydff/ddjH7f3F/=; path=/; domain=.domain.tld; expires=Tue Nov 18 20:07:41 2008 GMT
Set-cookie: session-id-time=1326476; path=/; domain=.domain.tld; expires=Tue Nov 25 06:00:00 2008 GMT
Set-cookie: session-id=785-355784-3458732; path=/; domain=.domain.tld; expires=Tue Nov 25 06:00:00 2008 GMT
Connection: close

Cookie Dropping - Cookie Stuffing with <img> tag

How to call HTTP headers only?

We insert an image link incl. the Aff link in our source code:

<img scr="http://www.domain.tld/aff.php?id=a3f9h2t" alt=" ">

Mrs. Black Hat

Mrs. Black Hat

The browser tries to load this non existing image. The server of the merchant returns the HTTP Header (with 404) and drops the cookies. But, again, it's too easy to detect this image in your source code. We won't give up.

Let us think more advanced. How can we call the header of a merchant's website without using the Affiliate link in our source code?

It's that easy. Remember in connection with Affiliate Link Cloaking we talk about many methods of redirecting:

<img scr=" http://www.yourdomain.tld/ images/welcome.jpg" style="width:1px; height:1px; border:0">

If checking the source code of any website you find many images that are integrated. That's natural. But for what does this "welcome.jpg" stand? Does it exist?

Of course it does not exist, but will be redirected server-sided via htaccess or PHP by using the Affiliate link to a merchant's website. Here it does neither not exist and will return a 404 HTTP header. Nonetheless, cookies are dropped.

This solution is better than those mentioned above, but more advanced merchants will check all images at your page for redirection. We would need to recognize them to cloak their request. Perhaps we should show them another page instead of Aff link. But which one? I suggest to redirect them with another Aff link to Amazon. Perhaps merchants buy some products there?!

Honestly it's not the problem what to do. The problem seems to be how to find out who's the merchant that tries to load the images. Sometimes you find the solution if you think vice versa. As we will never get to know the IP addresses of merchants we only know one important fact. They will not visit our site via search engine. They have no referer. With HTTP_REFERER in PHP we check if there's no referer and redirect them with header("HTTP/1.0 404 Not Found"); to 404. Of course we redirect a few others that block their referer with this method to 404, but this percentage is not worthwhile to think about. Only if a merchant uses a fake referer we are trapped...

Have you realized those width:1px and height:1px in a. m. <img> tag? This looks pretty much suspicious.

Gets tricky?

I have seen a real good improvement...:

<img scr="http://www.yourdomain.tld/images/welcome.jpg" style="width:110px; height:25px; border:0; display:none">

That's brilliant... But what's more suspicious?

I found an outstanding sample in this:

<img class="logo" scr="http://www.yourdomain.tld/images/welcome.jpg">

I checked the external CSS file and found .logo {width:110px; height:25px; border:0; display:none}. Who would have thought of checking the CSS?

Cookie Dropping via Toggle page

You will find many other ideas if you check websites. Have you ever been redirected via a toggle page? You click a link, a new page asks you to wait for redirect and if you are not redirected within 5 seconds, you should click a link to redirect manually. This toggle page may include Cookie Dropping methods and use those few seconds to call merchant pages or merchants' HTTP headers.

Another day I found a page that displayed three banners at this toggle page and dropped cookies with <img> tag. Interestingly enough, those dropped cookies came from the same merchants like the banners. Perhaps this Affiliate thought to impress the merchant, when the latter comes to investigate the toggle page, and to stop him from deeper crawling?

Cookie Dropping with AdSense

Really cool are websites that simultaneously drop cookies from merchants that are shown in AdSense. For a long time I did not understand how this was possible. Some day I updated the page again and again and wondered about continuously the same Ads from AdSense. After some research with Google I found a hint: It was called AdLogger. AdLogger logged clicks on AdSense. A big amount of those logged clicks were valuable as AdLogger provided for those the linked merchants in AdSense Ads. With this information Affiliates blocked all Ads nobody clicked via Competitive Ad Filter at their AdSense account. At the end almost all shown Ads had been filtered. Only a handful lasted. At those merchants they became Affiliates and started dropping appropriate cookies. Later they used asRep.

Some more advanced methods of Cookie dropping are possible with PHP. Perhaps some day this story will be told...

Why Super Affiliates are to master the rules of Poker...

The answer is as easy as it can be. Why shouldn't it be useful to learn Poker if you can get rich with Poker Affiliate? And if you can drop images in forums and other places that are redirected one or, even better two times? Of course many of the Super Affiliates work legally, but if you look around the world also many of them directly do the opposite and drop cookies. This is no issue for becoming personal. I don't mind if they do so, because they have good reasons for it:

Let us play with some amounts as example. If a visitor of your site plays Poker at your Poker merchant and spends US-$ 100, you earn US-$ 25 or so. But if this visitor spends US-$ 1,000, you earn US-$ 250. As there are visitors that spend perhaps US-$ 10,000 to 40,000 a month you can earn (take a deep breath) up to US-$ 16,000 a month with only one big fish. This is a Straight Flush or perhaps Royal Flush. There exist different Affiliate payment models. Another model is to get commission in advance for any new player. Perhaps US-$ 75 to US-$ 150. Nothing will prevent them from completing their life's dream of becoming rich and independent.

In PART IV of this post you will learn about more interesting methods like "JavaScript Link Cloaking", "JavaScript-Redirect", "Redirect via htaccess" and "PHP Cloaking".

Of course it will be again extremely interesting. If you want to get informed, then subscribe to this blog's feed! - See you soon at SEM, SEO and SMO at Wulffy's Blog.

This blog post Cookie Dropping Cookie Stuffing - Affiliate Link Cloaking Part III is categorized under Search Engine Optimization, SEO, Web 2.0, Social Media Optimization, SMO, Search Engine Marketing, SEM.


© of picture by Lukic.
For demonstration purposes only. The portrayed model is not subject matter of Blackhat.


wyuguy said...

Do the Merchant will see the referrer when using the img redirect by Htacess in a forum?

Wulffy said...

Sorry for delay. Back from vacation. Merchant will see the referrer. There are possibilities to hide the referrer. You find those in Black Hat forums.

wyuguy said...

Can you talk about cookie stuffing by flash ?

Wulffy said...

Unfortunately I have no experience with flash. I think I will never use it.

black hat seo forum said...

cookie stuffing is working in flash. i used it ;)

Anonymous said...

You need to start writing in plain English.
If English is not your first language maybe you should have someone who is english speaking and read your work and critique it for you.
I don't mean to be rude your subject matter is interesting but almost impossible to follow.

Wulffy said...

Hey, I very appreciate your critics. I tried it some time ago and asked somebody from UK to read and correct it. I get 10% corrections and 200% opinion of him. As preparation of my posts takes normally 100 - 150 hours for each of them I have no time to discuss my findings another 20 hours. From that time on I never tried it.

My girlfriend speaks and writes English well as she lived in England and later in Norway for some time, but she is only willing to correct the sentences I wrote, but not to rewrite them in plain English as she is not interested in SEO, SEM etc.

At the end I believe that a lot of English speaking people understand me, but US born people may have big problems as I have big problems to read or understand people from the US.

Anonymous said...

when are you publishing part iV ?

Wulffy said...

Unfortunately I don't see any chance in next future.