Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.7 > vBulletin 3.7 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Cookie Stuffing Detector [Inside- What is Cookie Stuffing and Why you Should Care] Details »»
Cookie Stuffing Detector [Inside- What is Cookie Stuffing and Why you Should Care]
Version: 1.0, by sockwater sockwater is offline
Developer Last Online: Jan 2018 Show Printable Version Email this Page

Category: Administrative and Maintenance Tools - Version: 3.7.x Rating:
Released: 09-03-2008 Last Update: 09-03-2008 Installs: 44
Uses Plugins Auto-Templates
Is in Beta Stage  
No support by the author.

This modification will help protect your boards against cookie stuffing scams.


What is Cookie Stuffing
From Wikipedia:
Quote:
Cookie stuffing or cookie dropping is a Blackhat technique used to generate fraudulent affiliate sales. It involves placing an affiliate tracking cookie on a website visitor's computer without their knowledge, which will then generate revenue for the person doing the cookie stuffing. Income is generated when the affected user visits the target affiliate site and either creates an account or makes a purchase, depending on the terms of the affiliate agreement. This not only generates fraudulent affiliate sales, but also has the potential to overwrite legitimate affiliates' cookies, essentially stealing their legitimately earned commissions.

Operators of websites that allow user-generated content, such as forums that allow users to post, should be aware of this technique in order to protect their visitors from this attack. Cookie stuffing can be accomplished with as little as including an image in a forum post.
People can use your boards for this illegitimate practice if you don't protect yourself
There are several techniques for cookie stuffing, one of which works on most vBulletin forums. I'll put the following in code tags so only licensed vB owners can read it.
Code:
A user can add an [img] bbcode in a post and put an 
affiliate page as the URL.  That's all it takes to plant a 
cookie with their affiliate tracking code on the computers 
of everyone who views that post.
If you don't want people doing this, read on.


What this mod does
Code:
This modification inserts some Javascript on each 
thread page when a moderator or admin is viewing 
the thread.  This Javascript counts how many [IMG] 
tags are in each post, and then tries to check if a 
given image is a valid image.  If there is a mismatch, 
it will display a warning message at the top of the 
post alerting the mod/admin to the fact.  There is the 
possibility of false positives if an image takes an 
inordinate amount of time to load.  If you want to 
check for that possibility, there is a "recheck" link in 
the message, whereby you can recheck the images 
in that post.
Installation
Import the product XML file in your Product Manager, then visit the Options group "Cookie Stuffing Detector Options".

After installation, you can check if this is working by creating a post and ....
Code:
including an image with an invalid URL, such as: 
[img]http://example.com/adslkdfaslkjdsfkjldfsakjlsdfakj/[/img]
which should show up as a cookie stuffing attempt.
Future development
I am planning to expand this mod to:
  • Scan all posts in the database for possible cookie stuffing attempts.
  • Check posts when the user submits them for cookie stuffing attempts, and reject the post.
Known issues / Caveats
  • Broken images will cause false positives
  • This is marked as a 3.7.x mod, because that is what I developed it on and what I use it on. It has a good chance of working on 3.6.x as well, but I haven't tested that.
  • All admins and mods (even when viewing a forum they are not a mod in) will see the message in a post if it is a possible cookie stuffing attempt. This is by design.

Tested in... (on Windows XP)
  • Firefox 3
  • Internet Explorer 7
  • Opera 9.5
  • Safari 3
  • Google Chrome?!

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #32  
Old 09-16-2008, 08:09 PM
rolfw1 rolfw1 is offline
 
Join Date: Nov 2005
Location: Berkshire, England
Posts: 133
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Nice idea, doesn't work on my 3.7.2 installation with VBSEO, just get the 16 of 16 posts on this page checked for cookie stuffing., but will watch the progress in the thread, uninstalling for the present.
Reply With Quote
  #33  
Old 10-10-2008, 06:48 PM
titodj titodj is offline
 
Join Date: Dec 2005
Posts: 59
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Mhhh thanks will install later.
Reply With Quote
  #34  
Old 10-29-2008, 11:41 PM
rc1320 rc1320 is offline
 
Join Date: Jun 2007
Posts: 14
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

So in the situation where someone is stuffing users on my site, is this what they are doing????

Code wrapped for members only...
Code:
 [img] direct referral link code from partner similar to http://rover.ebay.com/rover/1/361-600000-199995-0/1?type=1&campid=54321935265&toolid=10001&customid=[/img]
I'm trying to get a better idea of what is being served.
Reply With Quote
  #35  
Old 10-30-2008, 02:16 AM
Ohiosweetheart Ohiosweetheart is offline
 
Join Date: Dec 2005
Location: N.E. Ohio
Posts: 2,291
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I tagged this, and look forward to watching its progression.
Reply With Quote
  #36  
Old 11-26-2008, 06:08 AM
stevectaylor stevectaylor is offline
 
Join Date: Aug 2007
Posts: 68
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

We have affiliate adverts of our own on our sites, would this affect those in any way?
Reply With Quote
  #37  
Old 12-08-2008, 12:00 AM
Nadeemjp Nadeemjp is offline
 
Join Date: Aug 2008
Location: Japan
Posts: 601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

thanx
could u tell when we can have its gold form?
Reply With Quote
  #38  
Old 12-08-2008, 05:34 PM
bryanb's Avatar
bryanb bryanb is offline
 
Join Date: Oct 2003
Location: Bierland
Posts: 174
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'm having the same prob as the others - no alert.

I'll wait this one out patiently. Looking forward to implementing this.
Reply With Quote
  #39  
Old 07-11-2011, 03:13 AM
adwade adwade is offline
 
Join Date: Aug 2006
Location: SouthEast, TN
Posts: 323
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This is an interesting concept. I'm unable to find anything else that performs a function similar to this, and there are no plug-ins for browsers I've turned up either.

I did temporarily install it on my v3.8.6 board and it works after a fashion, but did not correctly detect the actual cookie stuffing code that was given as an example to try.

Would be nice if the coder could re-visit this MOD, or if someone else could successfully implement the concept in a similar modification.

Overall, nice try! I'll be following this thread to see if anything ever develops of it.

P.S. Thanxx :up: for the education about Cookie Stuffing, I'd never even heard of it before.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:19 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04265 seconds
  • Memory Usage 2,291KB
  • Queries Executed 23 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (4)bbcode_code
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (8)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete