Page 1 of 4 1234 LastLast
Results 1 to 25 of 98
  1. #1
    Full Member
    Join Date
    January 18th, 2005
    Posts
    469
    Earlier this month, I reported that 180 is still extensively targeting many CJ merchants[/URL]. I promised details to follow. I still aspire to provide comprehensive details, e.g. a list of all CJ merchants that are targeted, and how, and what publisher IDs are doing it. But in the meanwhile, sometimes I stumble across behavior so outrageous that it bears immediate reporting.

    My tests of earlier this evening show that a CJ affiliate, Buyingfriend.com, is currently purchasing popups from 180, targeting its popups at the domain names of certain major CJ merchants. For example, when a user goes to Crucial.com, 180 will display a Buyingfriend.com page. So far, this is the typical 180 advertiser story. But the page Buyingfriend displays is a bit unusual: It is a two-frame frameset, where the right frame is so small as to be invisible. The page's full-size left frame open a CJ affiliate link to Etronics. The page's invisible right frame ("0.1" pixels in width!) loads a CJ affiliate link to Crucial.

    Why does this matter? Well, if the user makes a purchase from Etronics, Buyingfriend gets commission (and CJ gets its fee). And if the user makes a purchase from Crucial, Buyingfriend also gets commission (thanks to cookies stuffed by the hidden frame), and CJ also gets its fee. Any other affiliate, who had previously recommended Etronics or Crucial to the user, gets nothing. Plus, Crucial pays commissions it shouldn't have to pay. (The same is arguably true for Etronics too.)

    Notice that CJ profits from this. Whether the user buys from Etronics or from Crucial, CJ gets its fee.

    Details: Example Obfuscated Cookie-Stuffing Targeting a Commission Junction Merchant: Crucial.com

    Other affiliates have used similar tactics in the past. The notorious shoptoday.us was of this vein. But I'm seeing a good bit more of this than in the past, and it's targeting the merchants CJ promotes most prominently and most proudly. No one is safe, it seems.

  2. #2
    Full Member
    Join Date
    January 18th, 2005
    Posts
    469
    A quick follow-up on testing methodology and next steps:

    The practices I've reported on this forum are not hard to detect. The testing takes a bit of software and a bit of skill, but ultimately it's nothing all that hard. This is, quite literally, work a robot could do. With that in mind, I have written a "robot" (a piece of software) that automatically seeks out, records, and categorizes suspicious activity. Being very good-natured, the robot happily runs while I am sleeping, and sometimes (when I so instruct it) it runs continuously. I'll be the first to admit that there is a lot of fraud to uncover -- so much that my robot can always find dozens of examples of prohibited activity if I let it run through the list of 180 triggers for a few hours. But the robot doesn't get tired or throw up its proverbial hands -- it just keeps chugging along, finding more and more, with each passing iteration. I think its logs stand at about 4GB at present!

    What comes next here? Improve the robot so it automatically emails CJ a list of "bad" Publisher IDs once a day, or once an hour? Or send this data to merchants? I'm not inclined to play cybercop, for free, forever or even for much longer. (Recall, though, that I did send CJ a list of all the PIDs I had seen on 180 this summer. I gather they took some action, as to some or perhaps all of these PIDs, though I only heard about this through merchants, so I can't say for sure. And of course recall also the generous support of ABW'ers -- enough to pay a week of my living expenses!)

    In any event, it does seem like this data needs to get beyond my hands, and into the hands of those who can do something about these problems. I'm struggling to figure out how to do that.

  3. #3
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    quote:
    I gather they took some action, as to some or perhaps all of these PIDs, though I only heard about this through merchants, so I can't say for sure.


    Are the same individuals showing up in that 4GB of data? That would give the answer with regards to whether action was taken or not.

    It's the other piece of what needs to start being reported on by those testing...when we retest are we seeing the behaviors continue or cease? We keep hearing of course that the Networks are taking action, but the proof is in the pudding so to speak.

  4. #4
    ABW Ambassador flamingoworld's Avatar
    Join Date
    January 18th, 2005
    Posts
    5,208
    Is shoptoday.us still at it?

  5. #5
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    1,403
    Ben:
    some merchant use cookie based iframes for serving content to their website. If in this iframe cookies can be set, then the cj.com tracking cookie could possibly not be the youngest cookie which was set and which counts for tracking sales. Is your test also for iframes? And if one can stuff cookies by hidden frames why not with iframes?

    ( Sorry Ms. B )

    carneol

  6. #6
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    If Ms.B and Ben are taking on all this work load to protect us affiliates fron this commission thieves why can't ABW post the perps in a "Hall of Shame"???

    Go look at www.buyingfriend.com and you'll see nothing as that commission thief has a cloned hidden doorway page web site probably containing 200,000 cookie setting redirects. No internal links to any interior pages, no contact info, no privacy policy and no public WHOIS information. Only CJ and the other networks know who this perp is...

    I'd suggest the merchants who have been victimized by this wank will find he/she owns many other domains that could be put in place inside the time to design a Text domain logo and crank up a million doorway paged hidden website with data feeds. Just like the Titanium Award winners this one is probably a ABWers talking out boths sides of their mouths.

    So who is www.buyingfriend.com
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  7. #7
    Member
    Join Date
    January 18th, 2005
    Location
    Thailand
    Posts
    102
    180Solutions, was mentioned last week for growing 1700% from 2001-2003.
    Both Networks CJ & LS do earn a huge sum of money too. While there still numerous websites facilitating driveby installs for Ncase & Zango BHO's the networks bend over to the dark side to make that extra buck.
    Peter

  8. #8
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Carneol no need to apologize to me. I hope you do get a response from Ben to your question since I get the feeling that your question (and your inability to accept the answer given by 2 people) has in some part to do with what you've been reading about iframes in Ben's reporting. You have been reading and hearing quite a bit lately about iframes and cookie stuffing and now you are concerned when you see iframes being used and a cookie set.

  9. #9
    Full Member
    Join Date
    January 18th, 2005
    Posts
    469
    Some quick replies:

    1) Kellie: Of the 84 distinct affiliate publisher IDs I had seen 180 use by mid-summer, I still see some in use. A good query to run -- one I'll sit down and do tonight -- is "how many of those 84 PIDs are still being served up directly, without obfuscation?" I know last month I saw one of the CJ QKSRV PIDs -- one of the PIDs I sent to CJ staff in July -- still targeting a major CJ merchant.

    2) Connie: Yes, I still see Shoptoday.us targeting lots of merchants. As of late last month, Shoptoday was targeting 562 distinct target strings (some of them keywords, i.e. search terms, rather than merchant domain names; but many of them merchant domain names). Shoptoday continues to use obfuscated methods -- putting its affiliate links into IFRAMEs and JavaScript, so that users and testers only see the shoptoday.us page, even though merchants' affiliate cookies get set nonetheless.

    3) Carneol: If a merchant overwrites the cookie set by 180 (or a 180 advertiser), e.g. via an IFRAME that links to CJ and causes CJ to set new cookies, then the 180/advertiser affiliate wouldn't receive an affiliate commission. But I don't immediately see why a merchant would do this. Wouldn't this prevent correct tracking for legitimate affiliates? Maybe I'm misunderstanding the question, in which case I hope you'll clarify in a further post, or email or PM me if you prefer. As to testing for IFRAMES: Yes, my test absolutely looks for and detects IFRAMEs. That's an important part of what I and the robot are looking for!

  10. #10
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    1,403
    Ben:
    as you know a lot of merchants are their own affiliates and cj.com says this is not against the TOS. It would make sense to them to change the cookie. But that's not what I believe.
    Perhaps I do not know exactly how merchant track sales. In my understandig the code on their goodbye site sets a cookie with the necessary datas so that the merchant sees what happened and who is getting credit for that sale. Well, if there is the cj.cookie set and after that a cookie is set with the merchant own datas the merchant could say: the last cookie earns the sale, and it is their own cookie then. So they could always say: a sale made by me must not be reported to cj.com, and they are on the safe side, because they always can proof that the last cookie is theirs. For that reason cj.com does not allow publishers to use iframes. Your testing method tests the cookies set on the customers machine. But what if this cookie is not the last cookie set for the relevant action? What if the merchant would be able to find a later cookie because of the iframes?

    carneol

  11. #11
    Full Member
    Join Date
    January 18th, 2005
    Location
    michigan
    Posts
    174
    quote:
    Originally posted by Ben Edelman:
    What comes next here?........

    In any event, it does seem like this data needs to get beyond my hands, and into the hands of those who can do something about these problems. I'm struggling to figure out how to do that.


    My question exactly, what DOES come next here?

    Ben , this work is very impressive and for someone who got their IS degree back in 1982 and does not understand every twist on how you write these programs I, for one, am very thankful thatyou have taken the time do do this!

    Thanks so much!

    Now, the question about what comes next.....Well, to me it seems that the next obvious step is to get the people at these merchants to take the time to understand what is happening to their bottom line.

    And, to get to the poeple who can actually make something happen, not someone who might sweep it under the rug.

    Although the main focus and conversation here is about how they steal our commissions, let's be honest, many of these merchants don't give a crap about us stealing from each other.

    But they sure should care about them stealing from their company. I have read and read (and read and read...etc) and I just do not find much written about the merchants responses on this.

    Can anyone tell me how the merchants react to the money being stolen from them?

    Are they actually paying attention to this subject at all?

    I apologize to the AM's here who are active because obviously they accept and are trying to fight the problem, but I am willing to bet that there are more than a few AM's who just plain dont' want to go to their boss and say something like..."We have paid out $100,000 in commissions and have now learned that $30 or $40,000 of that wasn't really owed"

    IMHO, This needs to be presented to the companies in a very delicate manner so as to impress upon them that this watchdog community can help them save money and big money at that, while not endangering people's jobs who work within the programs.

    I would love to hear from the AM's who have been able to get this across to their superiors what a problem it is and how they reacted.

    I am sure some would love the savings, but hey, let's be honest, there have to be some superiors who also would just want to pull the plug on the program.

    Where to go next? First is, let's hear from who has had contact with AM's that were willing to listen to the problem.

    Second, whose ear do we need to get to have an impact with the data.

    Third, how can this data be put into a presentable form for the "non-web savvy" reader. (Which is likely more than the majority of the managers who can have a real impact on this subject........)

    If this can be put in such a form and presented in such a way as to be a benefit to the companies rather than a royal screw up by the program, there are bound to be more than a few AM's who would love to work with us.

    OK, off the soapbox.....just that we need some solutions and we have the information. Let's figure out how to get this in the right hands.

    I just have more than a small fear that the bigger this gets, the more likely that what will be endangered is not just our commissions from these thieves, but the entire affiliate marketing model itself and there is a group of people here that not only care, but obviously are willing to do something about it.

    A little bit from everyone with info about the questions above can be taken a long way and take some of this weight off Ben's shoulders.

  12. #12
    ABW Ambassador flamingoworld's Avatar
    Join Date
    January 18th, 2005
    Posts
    5,208
    Well, I contacted CJ about this matter quite a while ago regarding Shoptoday.US and was given the impression they were being taken out of CJ. They are owned by 247malls which I have also reported several times to CJ and Performics and they are still doing the things I reported them for.

  13. #13
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    I was also lead to believe they were being being given the boot way back also (through a Merchant). Obviously not the case. I've also been told that they aren't owned by 247malls. Not that it really matters I suppose one way or another. That domain has had so many violations across all the Networks, that particular account should have been terminated from all Networks a long time ago. And not allowed to rejoin immediately under another account.

  14. #14
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Oh and 180 isn't the only software they operate through either.

  15. #15
    Full Member
    Join Date
    January 18th, 2005
    Posts
    469
    I believe I've seen Shoptoday still targeting CJ merchants. I could make a video and annotated packet log showing them doing so... But what's the point? As you say, even when these behaviors are carefully documented and reported, the networks don't consistently or promptly take action.

  16. #16
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    687
    quote:
    Originally posted by Connie Berg:
    Well, I contacted CJ about this matter quite a while ago regarding Shoptoday.US and was given the impression they were being taken out of CJ. They are owned by 247malls which I have also reported several times to CJ and Performics and they are still doing the things I reported them for.


    I just went to 247malls and when I clicked on certain merchants to see what coupons they offered a separate window opened to the actual merchants site without me even clicking on the merchants link.

  17. #17
    Ad Network Rep ToddCrawford's Avatar
    Join Date
    January 18th, 2005
    Location
    Santa Barbara, CA
    Posts
    2,162
    Ben,

    I appreciate all of your hard work in identifying possible violations with the CoC and/or PSA. We are in the process of verifying violations and taking appropriate actions. Many accounts have been warned and those that did not respond or take corrective measures have been deactivated.

    If you have any information you wish to share, it may expedite matters if you passed the information directly to CJ, rather than posting bits and pieces on message boards.

    Any publisher that is deactivated for violating the CoC and/or PSA has their commissions reversed - including out txn fees. I wanted to point this out since you were insinuating that CJ was profiting from publishers that are out of compliance. Just to be clear - we are not interested in profiting from activities that are in violation of our terms and conditions.

    Thanks again,
    Todd Crawford
    Co-Founder, Impact Radius

    Give me a minute before I post again

  18. #18
    Full Member
    Join Date
    January 18th, 2005
    Posts
    469
    Todd,

    I'm glad to hear you're still working on this.

    I don't presently have a contact at CJ to which to report compliance problems, and I'm not sure that the ABW community does either. (Have I missed something?) When I was previously in touch with a CJ staff person, some months ago, that staff person insisted that 180 was in full compliance with CJ rules. This didn't inspire much confidence on my part, and he probably isn't the right person for me to work with! But in any event, as I've mentioned before, I don't care to be a free consultant for CJ. What information I post on my site and mention on ABW, CJ naturally receives since it becomes public when I post it. Otherwise, my information stays in my files, and/or gets sent to my paying clients who request such research. Earlier this summer, I did send you the list of PIDs I had seen running through 180 -- but that was one-time generosity on my part, and not an approach I intend to replicate in the future.

    Your post (third sentence) mentions that CJ's response includes warning affiliates who are violating CoC and/or PSA -- not deactivating them, not reversing their transactions, if they respond and/or take corrective measures. As a result, your message reflects that such affiliates retain their ill-gotten commissions from prior activities; merchants pay such commissions; and CJ does profit from the associated transaction fees. No? I think this is a large part of why merchants are upset, and why merchants come to me seeking assistance: They want to reverse all ill-gotten transactions, not just the transactions of affiliates CJ decided to terminate. And your approach also explains why other affiliates are upset: Their cookies get overwritten by bad actors' cookies -- even if those bad actors subsequently repent and/or even if those bad actors are subsequently terminated with their transactions overwritten.

    In the past few days, I've continued to find lots of new evidence of CJ affiliates targeting CJ merchants, via 180's software. This remains a widespread practice, and it's not hard to detect with software written for this purpose. If CJ were truly serious about stopping this problem -- not relying on the good faith of 180 or its advertisers, but on taking matters into its own hands -- CJ could write such software of its own; could run such software continuously; and could stop the bad actions as quickly as they start. There's no reason for and no need for the weeks or months of lag -- during which other affiliates' cookies get overwritten, and during which merchants often issue commissions that weren't fairly earned. I'm pleased to hear you're working on this ("we are in the process..."), but you seem to still have a long way to go.


    Ben

  19. #19
    Member
    Join Date
    January 18th, 2005
    Posts
    56
    Todd,

    I personally find Ben's contribution to this forum and the subject matter incredibly interesting & informative, and am appreciative of any findings he is willing to share with the community.

    Open debate, rather than behind closed doors imho expedites resolution far more effectively.

    CJ US has had ample opportunity to rectify this by taking the moral high ground over it's fellow US competitors for at least a couple of years. Just imagine what the PR could be worth to CJ & positive positioning of the CJ brand.

    The impression we perceive is that the US has languished behind it's UK counterparts (CJ UK)with difference of opinion, and full credit should be given to the CJ UK management for making the correct informed decision to eradicate spyware from its UK Network in a relatively short timeframe.

    We have heard every conceivable reason for CJ US not to following suite and only hope that respect for your ethical publishers & advertisers prevails. Even speaking with you at CJU 2003 & a couple of the CJ management the response we received was dismissive & simply referred to your inadequate COC.

  20. #20
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    For any who are not aware, the proper channels for filing a COC Violation with CJ is through AAQ.

    Which reminds me to ask. Todd for incidents involving BF, do those also now go through CJ AAQ? What is the procedure for BF now?

  21. #21
    Internet Cowboy
    Join Date
    January 18th, 2005
    Posts
    4,662
    Ben,
    Why not market your research results to the merchants who are being ripped off?
    The only way affiliates can really use this is if they were to file a class action, am I right?

    If you called xxx merchant and told them that you can prove to them that they are paying $xxx in commissions each month that they don't have to, I think they would listen to you. Your reputation in this field stands alone and I think that merchants would gladly pay for this information.


  22. #22
    Internet Cowboy
    Join Date
    January 18th, 2005
    Posts
    4,662
    quote:
    Many accounts have been warned and those that did not respond or take corrective measures have been deactivated.



    So, CJ allows these people to steal, then catches them and issues a warning, allowing them to stop stealing until the heat is off? Does the phrase "Once a thief, always a thief" come to mind?

    According to Todd and CJ's logic, it DOES INDEED pay to be a sleazy publisher. The most that can happen is that you will get a warning, and deactivated if you do not heed the warning.

    If I go to my local bank and steal money, I will go to jail. If I go to my neighbor's house and steal his lawnmower, I will also go to jail. In either of these instances I get no warning, but if I sign up with 180 and steal money from publishers as well as merchants, the most I will face for the first offense is a warning.

    This makes me wonder how many people in here like myself are considering engaging in this kind of activity. All you have to do is open a new account, so in case you get caught, you still have your "honest" account. And now, CJ even offers us a way to simplify management of our multiple accounts...Hmmmmm.

    I really wonder sometimes where CJ (as well as LS) has their allegiance. They do indeed get paid for this sleezy activity, so what real motivation do they have to stop it? I say they have hardly any at all, and this shows in the months and months they claim to have spent "verifying" Ben's results.

    Why does this take months? If it were a priority, wouldn't you be able to do this in a week or two? Is there anything more important to CJ than something that could very well be the downfall of the industry they were so instrumental in creating? I mean, how long are your merchants going to be willing to pay commissions for sales that they shouldn't have? Don't you (CJ) really see the long-term effects of this on your business? Or can't you see the forest for the trees?


  23. #23
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,118
    I'll bet those parasites start shaking in their boots when CJ issues them a warning.

    Linkshare and CJ - those two names will soon be synonymous with spyware and internet scams.

  24. #24
    Internet Cowboy
    Join Date
    January 18th, 2005
    Posts
    4,662
    quote:
    Linkshare and CJ - those two names will soon be synonymous with spyware and internet scams.


    Well, CJ cookies are being targeted by spyware removal software as well as their links possibly being targeted by the search engines themselves, as well as the spyware removal.

    What does that tell us?


  25. #25
    Ad Network Rep ToddCrawford's Avatar
    Join Date
    January 18th, 2005
    Location
    Santa Barbara, CA
    Posts
    2,162
    If publishers are in violation of the CoC/PSA, they most likely do get deactivated. In certain circumstances when a publisher steps over a line and is willing to stop the non compliant behavior and continue promoting advertisers in ways that are in compliance with the CoC and PSA, then they may be allowed to remain in the network.

    The difference is getting caught speeding by 5 mph vs. getting caught going 100 mph while drunk. In the first case you may just get a warning but in the second case, you are certainly headed to jail.
    Todd Crawford
    Co-Founder, Impact Radius

    Give me a minute before I post again

+ Reply to Thread
Page 1 of 4 1234 LastLast

Similar Threads

  1. What Happen to the human targets?
    By Mr. Sal in forum Virtual Family and Off-Topic
    Replies: 11
    Last Post: April 23rd, 2010, 01:08 PM
  2. "Show Coupon" Opens Merchant In Frame
    By John Powell in forum Unethical Affiliates
    Replies: 10
    Last Post: October 25th, 2008, 04:41 PM
  3. Hidden backend sales and Hidden OTO costs
    By Stratplayer1 in forum Midnight Cafe'
    Replies: 9
    Last Post: October 13th, 2008, 01:25 PM
  4. Replies: 159
    Last Post: October 15th, 2004, 11:09 PM
  5. To Frame or Not to Frame - That is the Question
    By EmDub in forum Couponer's Corner
    Replies: 8
    Last Post: May 6th, 2003, 02:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •