Near Undetectable Cookie Stuffing?

A while back, I noticed a website for sale on Flippa that was getting some good traffic. And, how did the owner monetize that traffic? Cookie stuffing!

The problem with directly cookie stuffing your own site traffic is that a growing number of networks are using bots and manual reviews to detect and ban cookie stuffers. Even if you are CSing based on referrers, excluding known networks/AMs IPs, using random throttling, etc, there is an ever greater risk of being caught.

One ‘smart cookie’, a member of WPBlackhat, came up with the idea of using a modified version of CPA-R to cookie stuff while faking the referrer. Let me explain it more…

Let’s say Blog A is your high traffic site. You create another blog called Blog B. You submit Blog B to the networks – the ads/banners go on Blog B. When visitors go to Blog A, they are cookie stuffed but the referrer is spoofed to Blog B. Blog B NEVER cookie stuffs any visitors. Bots going to and manual reviews of Blog B will never find anything suspicious. Here’s a simple diagram to illustrate it.

Cookis Stuffing

This new CS system will comprise of two WP plugins and will be released in WPBlackhat in the next two weeks after extensive testing. Although, with the above info, CPA-R which can be downloaded from this blog, and some knowledge of php and WP plugin creation, you could create your own.

13

Guile says:
Jul 23, 2009 - 04:07:33

How would you fake the referer in this example?

Aicher says:
Jul 23, 2009 - 04:07:40

good stuff Brad. when you opening up WPBlackhat again? im on you list.

Jake says:
Jul 23, 2009 - 06:07:29

I’ve used this before and it works (but don’t tell anyone! :-).
@Guile, the simplest method would be this one: Blog B (which never cookie-stuffs) has a php page with a javascript redirect (+ meta refresh redirect as backup) to your affiliate link. Blog A has a 1×1 iframe with the code hidden (external JS or PHP, image with a modification to apache to read images as php code, etc.). The iframe loads up the php redirect page from Blog B, which in turn loads your affiliate link and

Jake says:
Jul 23, 2009 - 07:07:53

Oops, clicked Enter accidentally. Anyway, the iframe loads your redirect page and affiliate link, which stuffs the cookie to the visitor of Blog A. The referrer shows Blog B as the source of traffic. Brilliant!
Needless to say, it is illegal and you WILL get banned if caught, so don’t try this at home!
Admin, please don’t share my email as I could get into trouble ;-). Thank You!

xentech says:
Jul 24, 2009 - 08:07:48

No Jake, that’s not illegal. Maybe in the networks eyes but definitely not in the eyes of the law.

Guile says:
Jul 26, 2009 - 05:07:04

Thanks for the explanation!

This technique sounds great, but using that you will still have the problem of a 100% clickthrough rate which is suspicious?

Brad says:
Jul 26, 2009 - 08:07:47

@Guile: no, you can vary all that. That’s an obvious footprint of CSing.

Garv says:
Jul 28, 2009 - 09:07:51

Brad, can’t we just do this with any CS script? CS on Blog A and fake referrer as Blog B? or am I missing something?

Jona says:
Aug 20, 2009 - 05:08:45

I told you about that Brad on BHW and we discussed it via pm. I didn’t know you made me a WPblackhat member, thanks!!!

B says:
Aug 24, 2009 - 01:08:16

Please let me know when this is available in the WP member forum. I am waiting for it to be released to join. Thanks.

BlackHead says:
Sep 24, 2009 - 07:09:34

Interesting!

Did you ever tried to CSing with OpenX?
It’s very easy.

Simply a banner shown on a foreign website, which has some package.
Would like to know, if it is more or less detectable than normal stuffing.

Greetings from Old Europe.

mossi says:
Oct 20, 2009 - 10:10:39

We have to be careful here ! When the referer leakes, it will leak from BLOG A becuz that’s the blog that’s pushing LOTS of poor quality / fake traffic.

Let’s say out of 4000 visitors to Blog A u occasionally get the odd user who is using a rather strange browser, eg: CometBird Browser. This rather UNcommon browser can leak the referrer; strange browsers are often the reason for leaked referrers !! The aff netw will see BLOG A bringing that visitor and they will immediately find it rather strange that ONE out of 4000 of ur visitors came from a very strange place (Blog A) to reach the aff-netw offer page !!! That would get Blog A exposed and u’re caught !

A visitor who hits Blog A and such visitor is NOT using the following common browsers can bring your whole operation down …

FF2, FF3, IE6, IE7, IE8, Google Chrome, Opera, Safari

Edward says:
Nov 22, 2009 - 03:11:17

I’ve been doing this decades before you posted this. The only reason I use the standalone CPA-R.

:D

*
To prove you're a person (and not a spam bot - although we do like cute bots round here), type the security word shown in the picture.
Anti-Spam Image