Cookie Stuffing Detector [Inside- What is Cookie Stuffing and Why you Should Care]
 

This modification will help protect your boards against cookie stuffing scams.


What is Cookie Stuffing
From Wikipedia:
People can use your boards for this illegitimate practice if you don't protect yourself
There are several techniques for cookie stuffing, one of which works on most vBulletin forums. I'll put the following in code tags so only licensed vB owners can read it. If you don't want people doing this, read on.


What this mod does
Installation
Import the product XML file in your Product Manager, then visit the Options group "Cookie Stuffing Detector Options".

After installation, you can check if this is working by creating a post and ....
Future development
I am planning to expand this mod to:

• Scan all posts in the database for possible cookie stuffing attempts.
• Check posts when the user submits them for cookie stuffing attempts, and reject the post.

Known issues / Caveats

• Broken images will cause false positives
• This is marked as a 3.7.x mod, because that is what I developed it on and what I use it on. It has a good chance of working on 3.6.x as well, but I haven't tested that.
• All admins and mods (even when viewing a forum they are not a mod in) will see the message in a post if it is a possible cookie stuffing attempt. This is by design.

Tested in... (on Windows XP)

• Firefox 3
• Internet Explorer 7
• Opera 9.5
• Safari 3
• Google Chrome?!

awesome stuff.

I heard about the cookie stuffing issues at DP and ebay.

Good to see, there is a way to protect ourselves!

thanks a bunch.

This only works on bbcode that has a non image as image.
But you can use any image remotely hosted in the img tag and that img can be forced to be executed as a php file.

The remote image is actually php code that sets a cookie with the affiliate code, and then sets the mime via header and returns a real image.

example: http://floris.vbulletin.com/stuff/vborgtest.jpg

The img above is http://floris.vbulletin.com/stuff/vborgtest.jpg[/img] which is actually a php file that sets a cookie for floris.vbcom with user 'vborgtest'

hence: stuffing.

This plugin doesn't seem to check for real cookie stuffing, unless I am mistaken?

Right, except that's not really what we're talking about since there is no monetary gain in that.

Thanks..

Installed on 3.7.3 and when I checked "Print debug output" I can't browse to any thread.. IE7 loads the thread then I get a notice can't find the page and I go to 404

I used Google Chrome and its fine and see at the buttom it says
6 of 6 posts on this page checked for cookie stuffing

but why IE stuffed with the setting?

Thanks

so it just can happen if User post an image using [img] tag and that image has url ?!!

Gonna keep an eye on this one :D

I don't think this mod can cause 404 not found errors and the like. It's just a bit of Javascript added to the page after it loads. I think the source of your problem lies elsewhere.

My reply is in [code] tags so that only license holders can see it.

ditto :up:

This sounds good, and I'm considering installing it, but one question... wouldn't this flag up vBulletin album images because the image format is something like picture.php?id= or something?

Nope :)

Well,, as soon I check the second option "Print Debug Outpit" I pop up says can't find the page and throws me into page can not be displayed . (just like 404)

as soon I uncheck it, forum goes back to normal

Can you tell me what the exact message in the popup is? Also, can you copy the page source code for a page that cannot be display and PM it to me or post it here? That will help me get to the bottom of this.

Great job mate!
I installed this - SECURITY GOES FIRST! :)

cheers

//edit

I posted the Test-Link wich you?ve offered at the top with a [img] tag in my forums,
but I dont get a Warning - just the checked information at the bottom:
1 of 1 posts on this page checked for cookie stuffing.

Great concept, and will keep an eye on this one as it progresses.

PossumX <<TAGS>> mod.

Installed this and get the message that "1 post has been checked for cookie stuffing" after posting a false image URL, not that there was an attempt at cookie stuffing.

What browser are you using?

*subscribes*

Opera : Version
9.52
Build
10108
Platform
Win32
System
Windows NT 6.0
Java
Sun Java Runtime Environment version 1.6

also tried it in IE8 and FF3........... same result.

Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1

@CareyCrew and FiMeTi: So you're getting the message at the very bottom of the page But none of the posts on the page are displaying the "Possible cookie stuffing!" warning? Try posting the following code in a post and then reload the thread. I just re-tested in Opera 5.52, Firefox 3.0.1, Safari 3.1.2, and Internet Explorer 7, and the post containing the above code was correctly marked with the "Possible cookie stuffing!" warning.

There is the possibility that you have other mods installed that is conflicting with the Javascript in this modification. Also, depending on how modified your style is, there could be conflicts displaying the warning message.

Please try viewing the thread using the default vBulletin style to see if the message shows up. You can create one by creating a new style and selecting no parent.

When I make a new Post with the code you provide, I get a totally blank post.
I see nothing, no image, no text and no warning. :)

vBulletin 3.7.3 Patch Level 1 with Default Style.

Do you get a message at the very bottom of the page about how many posts were checked for possible cookie stuffing?

Like the idea but no matter what I do I get no error message. Tried a unmodded style, different browsers... I do get the message on the bottom.

On last thing to try would be with all other modifications disabled. Failing that, if you want to give me a user/pass (with mod permissions) for your boards, I could try to debug this.

Wouldnt this slow down the loading of a thread if the thread was 15 pages of images? Say there were 10 posts on every page, wouldn't it slow it down if that thread happened to be all images posted?

Nope, turned off all mods but this one,went to a new default style ,added your image code to a test post and el zippo,no "stuffing attempt" message anywhere, just the "checked" message.

same here. ;/
deinstalled for now, but stays on my favorite list ;)

great..but i will wait to install!

How does one do this "cookie stuffing" thing? I've had a couple new members who registered and never came on the board. Is that how it's done?

Nice idea, doesn't work on my 3.7.2 installation with VBSEO, just get the 16 of 16 posts on this page checked for cookie stuffing., but will watch the progress in the thread, uninstalling for the present.

Mhhh thanks will install later.

So in the situation where someone is stuffing users on my site, is this what they are doing????

Code wrapped for members only...
I'm trying to get a better idea of what is being served.

I tagged this, and look forward to watching its progression.

We have affiliate adverts of our own on our sites, would this affect those in any way?

thanx:)
could u tell when we can have its gold form?:)

I'm having the same prob as the others - no alert.

I'll wait this one out patiently. Looking forward to implementing this.

This is an interesting concept. :cool: I'm unable to find anything else that performs a function similar to this, and there are no plug-ins for browsers I've turned up either. :eek:

I did temporarily install it on my v3.8.6 board and it works after a fashion, but did not correctly detect the actual cookie stuffing code that was given as an example to try. :(

Would be nice if the coder could re-visit this MOD, or if someone else could successfully implement the concept in a similar modification.

Overall, nice try! I'll be following this thread to see if anything ever develops of it.

P.S. Thanxx :up: for the education about Cookie Stuffing, I'd never even heard of it before.