Well, first line for this article will be : Illegal, Illegal and Unethical

Some people completely go crazy without a single thought, and don’t care what they are doing to others for making money. Companies spend thousands of dollars for the development of any software, programmers spend hundreds of hours for developing their software and these ****** put those software on torrents in seconds, not even minutes to be redistributed unethically and illegally.

Personally these kind of torrent tools and websites offering torrents make me sick, I think we have come to a point where no company can save us from these kind of people downloading software illegally, and there are no set rules to be implemented, I remember we had very strict rules on our forums back in late 90’s and early 2000, where even person talking about illegal software or cracks was being banned, and now a simple Google query can find your software for free and without even spending 2 minutes. Bullshit !

Every single day companies have new products and on the same day that product is cracked and spread, they still make a lot out of it, but this effects small individuals who try their best to make a decent living by selling their small software but again these people kill their dreams by spreading it.

CPA and PPI Exploitation

Not only distributing software, but spreading viruses, spy-ware, Trojans and more. This is not the end, they also exploit the Affiliate programs and CPA offers (Cost Per Action) where they increase their revenue unethically and illegally. Here is how they do it, there are many Affiliate programs that offer you CPA (cost per action) and PPI (pay per install), in CPA offers, once a potential client completes/takes an action, for example the company wanted to fill a form and they pay you for that, that’s a CPA offer, CPA can be anything in which you ask someone to take action and the company will pay you, and the pay per lead can be between $3-$100 (depends). And PPI is pay per install, they give you a software link, where if someone downloads that software and installs, the company will pay you for that. Now what these blackhat illegal people do, there are hundreds of ways to exploit these affiliates programs, but the most commonly used are below.

Exploiting CPA Offers

First they find which torrent file is being downloaded the most, so simple pick a software, video, songs etc which is hit these days, they put it in the ZIP archive and password protect the file, now they create a readme.txt file which is not password protected, when someone downloads the file, they can only open the readme.txt file, which tells them to go to any specific URL where they will complete a form (a CPA offer) and upon completion the final word will be the password, now when someone has already downloaded a file of say 40MB, he will certainly go to that url and complete the CPA offer, once he competes the offer that blackhat person gets paid, and who cares about the password ? if that does not work, and if that password works, then that software will be infected with viruses, Trojans and spy-ware, PPI etc, thus they take advantage of that again and over again exploiting YOU.

Exploiting PPI Offers

What a blackhat person will do, is join a company that offers PPI (pay per install), they usually pay from something between $0.25 - $5 per install (that’s what I know, it can be more or less), after getting approved, they will again find the most downloaded or the hottest torrent file, they will download it, and then bind (combine) both EXE’s in one single exe, I mean e.g. the original software file was PPI-install.exe and any other hot software file was hot-software.exe they will combine these 2 files within 1 file, (I will not discuss how to do that, but its quite easy and even its already distributed with Windows XP, so that’s already in your computer), and then they rename that file to hot-software.exe and upload to the torrent, people are always looking for free stuff, they will download your file and install, while installation that PPI file will automatically be installed on their computer and hence the blackhat person will be paid for that installation. Most of the times people combine all these tactics into one single file, where you will have the readme.txt that will tell you to complete a CPA offer, then once you complete and unlock the file, you will have an exe file with PPI file embedded in it, and after installation you will be infected with a spy-ware and leak your personal information where these people will use your money and information for all their illegal activities, and search your computer for anything they want.

I would personally appeal to the readers to STOP using illegal software and STOP using torrents, this is not only polluting the internet but your own life and computer, be aware that there are hundreds of ways to search your computer and leak your private documents once you install a software and no Anti-Virus will ever detect it. Trust me, a simple programmer can write code in 10 minutes in which once you install their exe they have full control over your computer.

Article Popularity : 51%

Well, this will be extremely helpful for displaying relevant ads with Google Adsense. This basically helps adsense publisher and give more control of the Ads being displayed on their websites. With the help of this publishers will be able to review all type of Ads that s/he will place on his/her website.

In my opinion it will work extremely good for publishers because this way we will control which type of Ads we want to be displayed on our websites, not only this but more control on types of targeted ads. So if you already have a rich content website with genuine content that’s another money making gem for you that will display more relevant Ads on your websites if you do it properly.

Here is what Google says :

The Ad Review Center is a new publisher tool which enables you to allow or block specific placement-targeted ads, giving you more transparency and control over the placement-targeted ads appearing on your sites. You can choose to allow or block individual ad groups and advertisers, as well as filter ads by type.

When you block ads in the Ad Review Center, you’ll need to provide the reason for blocking the ad group or advertiser. We use this information internally to help improve products and share it with advertisers to help them improve their campaigns. This feedback gives advertisers more insight on how to create ads that are relevant to your site. By opting into the Ad Review Center, you allow us to tell advertisers you have blocked their ads, as well as share your reason for doing so. 

Once you are logged in to your Google Adsense account, click on “Adsense Setup” and then click on Competitive Ad Filter or follow the link below to sign up using this great tool. I will follow up with some more details about polishing and how to use it properly in next couple of articles.

https://www.google.com/adsense/arc-signup

Article Popularity : 27%

Wordpress is simply amazing and I am loving it. I have never used any other blogging script, but this seems to be perfect for a part time blogger like me. Now the wordpress 2.5.1 has been released and available for download.

You may download wordpress 2.5.1 here

It has been published on the WordPress site that there is a serious vulnerability on the Wordpress 2.5.0 version, so everyone MUST upgrade to 2.5.1 I was just wondering what was the vulnerability that the WP is recommending everyone to upgrade to the latest version.

Version 2.5.1 of WordPress is now available. It includes a number of bug fixes, performance enhancements, and one very important security fix. We recommend everyone update immediately, particularly if your blog has open registration. The vulnerability is not public but it will be shortly.

Finally I found that the WP 2.5.0 has a vulnerability in its registration system where an attacker can register with a specific username and generate cookies for any other chosen account, for example “admin”. Once he generates the cookies, he gets Admin privileges and can do whatever he wants. Its quite dangerous, so my suggestion to all the readers would be upgrade your Wordpress now to the latest version that claims to have fixed 70 bugs in previous version.

An attacker, who is able to register a specially crafted username on a Wordpress 2.5 installation, is able to generate authentication cookies for other chosen accounts.

This vulnerability exists because it is possible to modify authentication cookies without invalidating the cryptographic integrity protection.

If a Wordpress blog is configured to freely permit account creation, a remote attacker can gain Wordpress-administrator access and then elevate this to arbitrary code execution as the web server user.

Check this out for references
http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-integrity.txt

Article Popularity : 53%

This is a post related to the previous post about ‘what is cookie stuffing‘. The most commonly used used methods are:

1. Using Javascript
2. Using iFrames
3. PHP Header redirect
4. .htaccess and redirect pages
5. With HTML Object
6. Exploiting Browser’s security flaws

Cookie Stuffing with Javascript

 There are tons of methods that can be used for cookie stuffing with Javascript. You can cloak the affiliate link and open it on your page, or open a popup in a new window and redirect user to your affiliate link, there are tons of scripts to open a popup from your page, however its less effective since people have installed popup blockers, here is the code to open popup

<script language=”javascript”>
window.open(‘YOUR Affiliate Link‘,’myWindow’,'width=300, height=300, toolbar=NO, resizable=YES’);
</script>

Its a good idea to drop your own cookie at the same time to see if that user has already been stuffed, if so, then do not open any more popups.

 <script>
<!– Begin
//Pop-under window - javascriptkit.com
var popunderSpaFinder=”http://click.linksynergy.com/fs-bin/click?id=OEu024dtHXs&offerid=47053.10000304&type=3 &subid=0″
var winfeatures=”width=780,height=580,scrollbars=1,res izable=1,toolbar=1,location=1,menubar=1,status=1,d irectories=0″

var once_per_session=1

function get_cookie(Name) {
var search = Name + “=”
var returnvalue = “”;
if (document.cookie.length > 0) {
offset = document.cookie.indexOf(search)
if (offset != -1) { // if cookie exists
offset += search.length
// set index of beginning of value
end = document.cookie.indexOf(”;”, offset);
// set index of end of cookie value
if (end == -1)
end = document.cookie.length;
returnvalue=unescape(document.cookie.substring(off set, end))
}
}
return returnvalue;
}

function loadornot(){
if (get_cookie(’popunderSpaFinder’)==”){
loadpopunderSpaFinder()
document.cookie=”popunderSpaFinder=yes”
}
}

function loadpopunderSpaFinder(){
win2=window.open(popunderSpaFinder,”",winfeatures)
win2.blur()
window.focus()
}

if (once_per_session==0)
loadpopunderSpaFinder()
else
loadornot()
// End –>
</script>

Javascript Link Cloaking

This means obfuscating your affiliate link with some javascript, for example if your affiliate link is something like http://youraffiliate.com/id.php?id=1then after obfuscation it will look like “23X34Fx33×65″ (this is just assumption of the code, you may search many javascript obfuscation / link cloaking scripts online, this is also good enough because you can change the statusbar which hides your affiliate link.

Javascript Meta Refresh

One of the good method that also hides HTTP_REFERER is meta refresh method in which you make a separate page that redirects that page to affiliate page while keeping the referrer as “blank” so you can hide your source of traffic, here it is

<META HTTP-EQUIV=”REFRESH” CONTENT=”1;URL=http://AffiliateLink.com”>

Another way for stuffing cookies can be using the Javascript Blur Method.

Using iFrames

IFrame is quite an old method but it still works, but keep in mind it is one of the methods that have maximum ban rate and easily detectable. But the good thing is that you can get the referrer you want, I mean if you are showing affiliate manager that you traffic is coming from http://abc.com but you are sending them traffic from http://xyz.comthen it will display affiliate manager that all traffic is coming from abc.com by using an iFrame on xyz.com in which you open a php file e.g. http://www.abc.com/aff.phpthis aff.php file is automatically redirected to the affiliate link. But some people say that what if the affiliate manager directly checks aff.php, it will be redirected to affiliate link so you will get banned certainly, but there is one solution to this as well, you can do this by checking the referrer of the opener (the file that is opening the iFrame, if the referrer is not that domain, then simply show something else on that page otherwise redirect the page to affiliate link. Below is the iFrame code

<iframe src =”http://yourAffiliateLink.com” width=1 height=1></iframe>

PHP Methods

Use header redirect to redirect the page   

header(’Location: http://youraffiliatelink.com’);

The problem with this and many other functions is that it works very well, but using the image tag method, it does not change the referrer so it is still not a fool proof method.

While stuffing images with image tag, its always good idea to stuff an with image that doesn’t exist and then redirect that to a php file that has the code to redirect to affiliate link. For example you link to an image like http://www.yoursite.com/image.jpgand that image doesn’t exist, but you post this link everywhere, then you have something like this in your .htaccess file

Redirect /image.jpg http://www.yoursite.com/affiliate_redirect.php

 While stuffing in your own site, you can hide the image with setting image withing a hidden layer, e.g. <div id=”ryan” style=”display:none;”> put your image here </div>.

I will not discuss the other methods that I have mentioned here because of some limitations. So you can aways google and find our answers. I will post another article to avoid a few things to be on the safe side.

Article Popularity : 55%

Well, HMTL can also be dangerous some times, I will not probably talk about how to use this trick, like others I also HATE spam, but here is the code that you can embed in comments, posts or anywhere in your profile where HTML is enabled.

<img src=”http://anysite.com/noimage.jpg” onerror=”window.location.href=’http://www.diggfish.com’;”>

Now, this takes advantage of the function called OnError which means if the image is not found (which obviously isn’t there, the image link you inserted never existed), it will redirect user to diggfish.com

Article Popularity : 34%