Affiliate Program Overkill Part 3: Explaining The Setup

In the last two parts I told you how I created my own cloaker and how I started to scale my operation.

But when I read it I can imagine that it´s very hard to understand what I did and how I did it.

So in this part I will explain how the system works.

I thought when I explain it with some images then probably it´s easier to understand.

Now I see that it probably only visualizes how complicated the shit is.

I want to show it anyway so that you can see what weird stuff sometimes comes up in my mind.

The Beginning

It all started with a banned account at a trafficsource.

To prevent that this happens again I thought about ways to avoid it.

Then I just started to build a cloaker.

It was very basic, pure PHP and with no databases.

In the first version I only used IP addresses, locations and specific URL parameters to check if the traffic is “Good” or “Bad”.

The flow was

The next step was basically the same.

Only difference is that now the cloaker creates CSV files to track many different elements from the traffic.

Starting to track data

The Good.csv file is for whitelisted IPs and ISPs.
The Bad.csv id for blacklisted IPs and ISPs.
The New.csv is for data that is neither in blacklist nor in whitelist.

At this time the problem was that I had to put the cloaker PHP file in every folder for my campaigns separately.
And when I had to change the file I had to do it for all files in all folders one by one.

So the next step was to improve the cloaker so that all campaigns can access the same cloaker PHP file.
That way I only have one file and only need to make changes once.

Now my folder structure was like this

Only one cloaker file

In the main folder was the cloaker file.

Then there were subfolders for each traffic source and in the trafficsource folders were folders for each campaign.

The traffic now wasn´t send to the cloaker file anymore.
Instead it was sent to files in the campaigns folders and these files just included the cloaker.php.

The cloaker then checked the traffic and based on the result it gave a TRUE or FALSE.
When TRUE the traffic got redirected to a safe site, when not TRUE traffic got redirected to affiliate program.

So now the flow was like this

The traffic went to the campaigns where the cloaker was included.

When traffic was safe it got redirected through a fake site where the referrer is changed and then redirected to the affiliate program.

Also now all campaigns tracked the data for good/bad/new traffic in CSV files in the campaign folders.

Additionally the cloaker created CSV files by country in the main folder.

This worked pretty good so far but the problem was that for each campaign I could only promote one affiliate program.

But I wanted to promote more programs in one campaign.

As you can read in the last part, I ran CPV traffic where each target was an URL.
I wanted to redirect specific targets to specific destinations.

For this I created a new script.

Multi Destination Redirect

Now I can redirect each target to separate destinations.

So traffic flow was same as before.
Campaign file included the cloaker and the cloaker checked the traffic and sent result.

But now the campagn file additionally sent the target and the campaign ID from the new script to the site where the referrer gets faked.

Then the fake site can grab the corresponding destination and send the user to the appropriate destinations.

For little bit entertainment here is some code so that you can understand the stuff better.

Coding for nerds

<?php


$keywordholen = strtolower($_GET['keyword']);

$keyword = str_replace('www.', '', $keywordholen);

$kampagne = '123';
$sub_id = 's2';
$trackid = 'abcde';

$useragent = $_SERVER['HTTP_USER_AGENT'];

include("../../trackall.inc.php");

if ((trackall()===true) {

header('Location: https://safesite.com');
}
 else {

header( 'Location: https://fakesite.com/ ?mn=123456789&keyword='.$keyword.' &kampagne='.$kampagne.'&sub_id='.$sub_id.' &trackid='.$trackid);
}
die;
?>

The code above is from the campaign file.

Cloaker gets included and traffic is checked.

Based on results the traffic gets redirected.

When the traffic is clean it gets redirected to the site to fake the referrer and from there to the affililate programs.

Here is the code for it

<?php
// Redirect By SubID

define('CHECK_FOR_TABLES',false);
//require config file with database connection and other basic things
require_once 'config.php';

$kampagne=123;

$subid=$db->real_escape_string($_POST['keyword']);

$res=$db->query('SELECT redirect FROM subids WHERE subid="'.$subid.'" AND campaign_id='.$kampagne);
if ($res->num_rows>0)
{
    $redirect_to=$res->fetch_row();
    $redirect_to=$redirect_to[0];
}
else
{
    //set default redirect
    $redirect_to='safesite.com';
}

 
//Random String

function randomstring($length = 25) {
  // $chars - String aller erlaubten Zahlen
  $chars = "abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
  // Funktionsstart
  srand((double)microtime()*1000000);
  $i = 0; // Counter auf null
  while ($i < $length) { // Schleife solange $i kleiner $length
    // Holen eines zufälligen Zeichens
    $num = rand() % strlen($chars);
    // Ausführen von substr zum wählen eines Zeichens
    $tmp = substr($chars, $num, 1);
    // Anhängen des Zeichens
    $pass = $pass . $tmp;
    // $i++ um den Counter um eins zu erhöhen
    $i++;
  }
  // Schleife wird beendet und 
  // $pass (Zufallsstring) zurück gegeben
  return $pass;
}
$myrand = randomstring(25);
//CPAR Settings

$magic_number = 123456789; // Any number you choose except ZERO!

//$cpa_offer_url = $redirect_to;

//Don't edit below this line unless you know what you are doing.

if (isset($_GET['mn']) && $_GET['mn']==$magic_number){		

		echo '<html><head></head><body><form action="' . 'http://'.$_SERVER['HTTP_HOST']. $_SERVER['PHP_SELF']."? trackingid=".$myrand . '" method="post" id="form1">

<input type="hidden"  name="mn" value="' . $magic_number . '" />
<input type="hidden" name="keyword" value="'.$_GET['keyword'].'" /></form>

<script language="JavaScript"> 
	document.getElementById(\'form1\'). submit();</script></body></html>';
		return true; 
		exit();
}

if ($_POST['mn']==$magic_number){		

	echo '<html><head></head><body><form action="' . 'http://'.$_SERVER['HTTP_HOST']. $_SERVER['PHP_SELF']."? trackingid=".$myrand . '" method="post" id="form1">

<input type="hidden"  name="mn" value="' . $magic_number . $magic_number . '" />
<input type="hidden" name="keyword" value="'.$_POST['keyword'].'" /></form>

<script language="JavaScript"> 
	document.getElementById(\'form1\'). submit();</script></body></html>';
		return true; 
		exit();
}

$dom = preg_replace( "/^www\./", "", $_SERVER[ 'HTTP_HOST' ] ) ;
$ref= $_SERVER['HTTP_REFERER'];


if (((strpos($ref, $dom)!=FALSE) || (trim($ref)=="" ) )  && ($_POST['mn']==$magic_number.$magic_number)){
		header( 'Location: http://' . $redirect_to);
		exit();
	}

// Whitehat Site

echo "unique tracking id= $myrand<br/>";
echo "written to file";

?>

This code connects to the script for targets and destinations and grabs the matching destination for the target that gets sent in the URL.

Then it generates a random string that we need later.

Next the script checks if the magic number matches to the one from the incoming URL.

If yes it does few redirects to fake the referrer and finally the user gets redirected to the appropriate destination.

When the magic number doesn´t match it just shows a text on the fake site

“unique tracking id= RANDOMNUMBER
written to file”

I know, it´s really cheap but that way I could run hundreds of programs without creating real and good looking fake sites for each program.

Summary

Usually in this part I wanted to explain what I did.

I thought probably it´s good to create some graphics about the flow and stuff so that you can better understand the whole stuff.

But now where I see it it still looks complicated like fuck.

I hope you still get it and if not you enjoyed reading it nontheless.

Because the real madness starts in the next and final part