Make Money for Uploading Files - UP TO $10 Per Download



Archive for February 13th, 2009

What is Cookie Stuffing? Cookie stuffing or cookie dropping is a blackhat online marketing technique used to generate fraudulent affiliate sales. It involves placing an affiliate tracking cookie on a website visitor’s computer without their knowledge, which will then generate revenue for the person doing the cookie stuffing. Income is generated when the affected user visits the target affiliate site and either creates an account or makes a purchase, depending on the terms of the affiliate agreement. This not only cookies, essentially stealing their legitimately earned commissions. How is Cookie  Stuffer used? Cookie Stuffer is so easy to use. If you can setup a blog you can use Smart Stuffer. After installing simply load in your affiliate links and create your campaigns. Then place a reference to the Smart Stuffer system on any page. As visitors flow in you will start to see your conversions coming to life. Your system is now running on auto-pilot. Basic Features

✔ 99.9% Undetectable We do not use "iframes" , "javascript", "htaccess" or any of these old methods. ✔ Campaigns Allows you to keep track of your affiliate sets by defining campaigns. ✔ Unlimited Cookies You can add an unlimited amount of cookies to each of your active campaigns.  ✔ Open SourceYou are provided with unobfuscated PHP code.

Advanced Features

✔ Cookie Rotator Define the amount of cookies each visitor will get at random from each campaign. ✔ IP Tracker Never stuff the same visitor twice. Assures all stuffs are on unique IP addresses. ✔ Referer Spoofer Become a ghost to affilate programs. ✔ Frequency Control Sleep easy by setting an overall percentage of traffic to set your affiliate cookies on.

Download The Cookie Stuffer Script HERE

Just CLICK on the Monster

cookie 0611 022 150x150 FREE Cookie Stuffing Script

Avoiding high (100%) CTR when dropping cookies

One problem with dropping the cookies on every visitor is that it will result in a 100% CTR which can be an obvious flag that something isn’t right. To avoid this you can take a couple of steps, depending on how much time you wish to put into it and your coding skills.

The simplest way to avoid this problem is to use PHPs rand() function to select a random number between(and including) 1-4 and then only output the code to drop the cookie if the number equals 1. This method won’t allow you to set an exact percentage because the number chosen will always be random. Out of 100 visits, it might select the numbers 2,3 and 4 30 times each while selecting the number 1 only 10 times.

Code sample:

  1. <?
  2. $random_number = rand(1,4);
  3. if($random_number == 1){
  4. echo “Our cookie stuffing code goes here!”;
  5. }
  6. ?>

If you have time then you might want to code something more advanced. For example:

  • Drop cookie only once per IP address
  • Keep a daily count of visitors and then limit how many people you drop the cookie on the next day. For example if you have 1000 unique visitors on Monday, on Tuesday you will drop the cookie on a maximum of 200 people.
  • Log every visitor and only drop a cookie on every tenth visitor
  • Etc.

Avoid getting caught forcing cookies on users

A lot of people have said, surely it’s easy to get caught forcing cookies on people if you have an iframe where the source is the affiliates page. This is true to some degree. You should take the following things into consideration:

  • The iframe method is the most basic and is intended as proof of concept rather than real world usage
  • If you have been an affiliate for awhile and your CTR isn’t ridiculously high then there’s no reason the advertiser would ever check your site for cookie stuffing

So what is a safer method than Iframes for dropping the cookie?

A safer method of dropping the cookie would be using a false image which redirects to the affiliates page that has the HTTP Cookie header. The browser will try to load the image, be redirected to the affiliate page and although it won’t process any html on the final page, it WILL read and process the HTTP headers… including the one which places the cookie icon wink Avoid the Cookie Stuffer Curse   High CTR ...... It’s crucial that you redirect to the exact page that has the cookie header, so be careful if the affiliate site redirects a lot of times before landing on its final page so that you select the correct one which is dropping the cookie.

The simplest way to do this would be using a .htaccess file which says, if there is a reference to “tracking_pixel.jpg” then redirect it to xyz affiliate page.

.htaccess Code sample:

  1. RewriteEngine On
  2. RewriteRule tracking_pixel.jpg [R,L]

You now edit your site template so that every page includes the image:

  1. <img src=”tracking_pixel.jpg” />

Now, even if the affiliate decides to come and take a look at your sites source code, they’re going to see nothing which catches their eye. If for example you had a website which sold clothes then the chances are you’d have a lot of images named blue_shirt.jpg and such like. So in this case you could easily name it red_shirt.jpg and have it mixed in somewhere in your template and they’d never know!

An even safer image cookie stuff..
Whilst it’s extremely unlikely, it is possible that someone checking your site for stuffing could try loading tracking_pixel.jpg into their browser and then they’d be redirected to the affiliate page and guess something is amiss. To combat this, instead of using .htaccess to redict to the affiliate page, we will instead tell it to treat a file named tracking_pixel.jpg as a PHP file.

.htaccess Code sample:

  1. <Files tracking_pixel.jpg>
  2. ForceType application/x-httpd-php
  3. </Files>

Now we put PHP code in tracking_pixel.jpg which checks the referring page. If the referrer is empty then the user has gone direct to our image and we should output a 404 error, if there is a referrer then the image has been included on a page and should be redirected to the affiliate site.

tracking_pixel.jpg code sample:

  1. <?
  2. if(!$_SERVER[‘HTTP_REFERER’]){
  3. header(“HTTP/1.0 404 Not Found”);
  4. } else {
  5. header(“Location:”);
  6. }
  7. ?>

So now just include the following code on any page that you wish to drop cookies from:

  1. <img src=”tracking_pixel.jpg” />

Also note that you’re not limited to including the image on your own site! You could also include it on forums and such like… basically anywhere that will allow you to place images. So if you signed up to a popular bingo forum you might decide to start becoming a regular poster and dropping cookies for all the well known bingo rooms.

Let me make something clear from the get go, I personally don’t give two hoots about people doing this. I have tried it in the past as proof of concept and in the end decided against it for the moral reasons. I have and probably will again do worse in the future so don’t think I’m against other people doing this for moral reasons.

Talking about click bots for adsense on the forum is a complete no-no and will result in an instant ban, why? Because it’s click FRAUD.. you’re earning money in a fraudulent way.

What is an affiliate?

To increase traffic and sales, certain companies run affiliate programs where they will pay you a nice bit of money for each person you put through to them who purchases an item. For example someone may run an ebay banner on their site and if a user was to click onto that and buy something then the site owner running the banner would earn a little bit of money.

What is cookie stuffing?

Each time you send someone through to the affiliate site, e.g ebay then a cookie will be dropped onto their system which lets ebay know exactly where the user originally came from and then if they buy something you will be sure to earn a little cream off the top. Cookie stuffing or cookie dropping basically involves forcing this cookie onto visitors computers without them even knowing its happening and never sending them onto the affiliate site (e.g ebay). The normal place for this to happen is large busy forums which have thousands of users passing through every day and having multiple cookies dropped onto their systems for different companies without even knowing.

What’s wrong with this?

  • The affiliate is paying you on the basis of you introducing traffic and sales to their website. However you’re not actually doing this, you’re forcing cookies onto their systems in the background and when they go and buy something from ebay you’re claiming a little bit of money for it. Ebay are paying you for traffic you didn’t even introduce and therefore you’re defrauding them. They were going to have the sale regardless of you, the only reason you’re being attributed for the lead is because you used shady tactics to drop a cookie.
  • Another problem with this is that your cookie may overwrite the cookie of a legitmate affiliate who is working hard to generate genuine traffic. So you’re taking money that they would have earnt.

Let me compare this to another regular online fraud.. People have been known to run google adsense on their sites but instead of having legitimate clicks, they use javascript to force the user to click on an advert without even knowing. By having the advert clicked they have just cost the advertiser money for a lead and earnt themselves a little bit of cream. Usually the end user will not see the resulting page of the ad click.   Similar level of fraud.

Cookie stuffing

Before even considering cookie stuffing please read this  post on dropping affiliate Cookies.  It’s not my place to judge people and their methods but I want to at least point out the moral and legal implications before you go running amok and stuffing cookies everywhere. This page isn’t because this is a new amazing method of making money, its old and pretty much talked about everywhere. Ths page is here as a result of a debate elsewhere. If you already have an idea on the different cookie stuffing methods, what’s involved etc then read This  updated post on Cookie Stuffing.

What is cookie stuffing?

As a normal affiliate you would signup to an affiliate program such as with ebay and then promote the link they give you on your own website. When someone clicks on the link and goes through to ebay-  a cookie is put onto their system to track them and if they purchase something you earn a little bit of money.

However when you’re cooking stuffing you don’t actually send visitors to ebay, you simply force the cookie onto their system in the background without them ever knowing. This means you don’t have to drive traffic to them or give them any kind of promotion at all. And because ebay is so big, the chances are a lot of your visitors are going to buy something from them at some point anyway.

How can I start stuffing cookies?

There are several methods of stuffing cookies. There are some paid solutions out there but I can’t see they offer much/any benefit over doing it yourself.

The solution you use will depend on how much control you have over the site. For example you will use a different method on sites you own yourself against other peoples forums you signup and post to.

All of these following examples are going to be based on the victim merchant being ebay. This is just a random choice and any affiliate program could be used. I’m going to use a made up url of

I have created this Resource File which includes the code for each of these examples.

Download it Here

cookie 0611 02 All about Cookie Stuffing

The most basic method ever..

The most basic way of stuffing a cookie would to use a html img tag which references the affiliate page which drops the cookie. The visitors web browser will goto this page, even though its not an image and will accept the cookies returned.

Iframe cookie stuffing

Description: This is one of the oldest and most simplest methods out there. Most people who cookie stuff have started out using this method. Basically you put a 1 pixel iframe on your existing website and everytime someone visits your site, the affiliate page is loaded within the iframe and the cookies are dropped onto the visitors system.

Resource folder /iframes/1/

Description: You literally just take your affiliate link and make a 1 pixel iframe with the source being the affiliate link.

Pros: The biggest pro point of this is that its extremely easy and just about anyone can do it without even having to think about it. To improve your chances of not getting discovered running the hidden iframe you should ensure that there is actually a [ebay] banner or texual link on the same page as the iframe so that at first look the advertiser will think you are sending them genuine traffic.

Cons: This is quite an easy method to pick up on. The merchant or affiliate company simply needs to view the html source code of your site and see the hidden iframe.

Resource folder /iframes/2/

Description: You again go with the same idea of a 1 pixel iframe but instead of having the iframe in your normal page you include an external javascript file which obfuscates the iframe html code. You can find thousands of free online services which will obfuscate your code by searching for ‘html encryption’. For example you could create stats.js which holds the obfuscated iframe and then include it within your normal page.

Pros: Even if the merchant checks your html code, they’re just going to see normal html and are unlikely to think anything of the javascript file. Even if they do then they won’t understand the contents of the javascript file because it’s been obfuscated.

Cons: Some advanced merchants might go to the extreme of checking all your javascript files and then de-obfuscating your code.

Resource folder /iframes/3/

Description: You may be thinking that the affiliate is going to check your external javascript files and then de-obfuscate the html.   Okay well how about another layer or protection! We will use htaccess to tell the server to treat our JS file as a php file and then check the referer. If there is no referring page then we know someone has gone direct to the javascript file and we will output some bullshit JS else we output the real stuff.

Pros: Even if the merchant checks your html code, they’re just going to see normal html and are unlikely to think anything of the javascript file. Even if they do then they won’t understand the contents of the javascript file because it’s been obfuscated.

Cons: Again if you get a merchant on interweb steroids then they may send a fake referer to the javascript file to see if you’re cloaking the content based on referer. Very unlikely but possible. Another problem is that if they sniffed the raw packets when viewing your main site then they’d see the code come in. This is even more unlikely and they’d still have to them de-obfuscate your code.

Overall pros of the iframe methods: These methods can be used very simply and setup extremely quickly. They’re the starting step for most cookie stuffers and give you a good introduction into how it works. You would work upon these scripts with different ways to protect yourself from being caught.

Overall cons of the iframe methods: The biggest con of this is that at the bottom of the visitors browser window they might spot the affiliate url as the page is loaded in the background.

Image cookie stuffing

Description: This method is a little more advanced and secure than the iframe methods. This time you include a standard image on your page but set the source of the image file as being the affiliate link. The browser will follow this and although it won’t be able to load it as an image (since its actually a webpage), it will still read and act on the headers returned, and as we know.. cookies are sent via headers. We set the alt of the image as a space so that when it doesn’t load it simply produces a blank space rather than a broken image picture.

Resource folder /image/1/

Description: You literally just take your affiliate link and make add a new image to your page with the source being the affiliate link. You set the alt text to a space so that no broken image picture is displayed.

Pros: This is better than iframe methods because instead of many urls passing in the visitors browser for the affiliate page as each component within the iframe loads, there will only be one url and it will pass very quickly.

Cons: Just like the iframe 1 method, the affiliate/merchant could view source and see something sus. is going on pretty easily.

Resource folder /image/2/

Description: This time to decrease the chances of getting caught we actually include what appears to be a local jpg file but infact it’s a php file which uses a redirection header to send the browser onto the affiliate page. Just like iframe method 3 we check referer so that if someone goes direct to the page they wont see the redirect.

Pros: Even if the affiliate/merchant checks your source code then they’re almost certainly not going to think anything of just another image tag within your code.

Cons: The visitor/merchant might spot their domain at the bottom of the browser as it passes by once quickly.

One huge pro about using the image method is that you can signup to OTHER PEOPLES forums and then post the image link in your signature. For example you signup to a poker room who pay $100 for every customer you get to join them. Then you go signup to a huge poker forum, you stick the image in your signature and start posting on the forum. Before you know it you have dropped your cookies on everyone on that forum and the chances are quite high they’re going to go signup for a poker room anyway. You can’t do this with the iframe method since most forums won’t allow you to post html.

Subscribe to BlackHatBUZZ

Free Money