securing stealing landing pages

Sharing is caring!

I'm sure most of you have done it.

You have no idea how to write a PPC ad, photoshop an ad banner, or even create a landing page. So you search far and wide, and voila! You simply rip that creative, and use it as your own.

A couple months go by, and you've clearly gained some REAL experience into what works, why, and what doesn't.

So you make your own ad, banner, and landing page, and let it rip! Revenue's start pouring in.

Yet, as you know, 2-3 days later, your conversion rates drop, volume starts to suck, and you might be breaking even at this point.

You find out that someone, just like yourself, ripped your entire funnel.

So Let's Steal Some Landing Pages

Let me show you some cool, unsecured landing pages, and how to find more!

Step 1. Google: url:t202id= and start having a look through the links. (if you use another tracking platform/advertising agency, try their tracking url)

Step 2. Copy a line from the landing page, and put quotes (“) around it, then Google that.

Step 3. Jump the fake hoops in some of these ‘qualifying, quiz, or survey' landing pages, and check out what network the offer is running on using WhereGoes.com

Step 4. Search the domain for even MORE landing pages on Google using site:www.domain.com

Step 5. Rip the landing page source code using your favorite method.

Step 6. Rinse and Repeat

Step 7. Profit!

Oh, and obviously just go through various mobile sites, and check out their LP's.

So How Do We Not End Up Losing Our Sh*t Like That Guy?

Prevent search engines from indexing your tracking platform & landing page domain.

Create a robots.txt in the top-level folder you do not wish any search engines to dig through, and put this code:

# Disallow Web Bots
User-agent: *
Disallow: /
# Disallow Archive Bots
User-agent: ia_archiver
Disallow: /

This will ‘encourage' search-engine bots to not index your site. Some bots don't follow the rules, but generally, this works.

Create an Index.php in your Root Domain Directory

Example: You type in www.landingpagesnoob.com, and the owner forgot to include an index file. Thus, his directories become listed. An index.php file prevents someone from looking into your house and seeing your inventory.

Prevent Right-Clicking and Text Selection using Javascript

There are some noob affiliates out there that simply right-click copy & paste your landing page. You can easily go around this (simply view the source code using your browser menu), but nonetheless.

Prevent right-clicking and text-selection using this article. 

Encrypt Your Code

Another noobish trick.


Becomes

This encryption works on the noobs. If you see this kind of code, decrypt it here.

Prevent LP Hi-Jacking

So let's say someone steals your LP.

This script will check where the landing-page is being hosted, and simply redirect back to your original landing page.

Create a new “geoloc.php” in your landing page directory. Paste this script:

window.top.location.href=’http://domain.com/lander.php’;

Replace domain.com, and domain.com/lander.php, accordingly.

Then run the script from your landing page using this:


But encrypt it using this



This will confuse your thief, and you will get free traffic back to your lander.

P.S. I claim no ownership for this script.

Prevent someone from Hacking your WordPress & Tracking platform

My tracking platform (prosper202) was hacked recently, and a back-door was implemented, allowing the hacker to see all of my campaigns & data. Luckily, this was a new installation, so not much was lost.

Nonetheless, we are going to prevent any one from accessing your login files, by only allowing our own IP-address.

Create a new/edit your .htaccess file in your domain FTP, and put in

order deny,allow
deny from all
allow from 127.0.0.1
ErrorDocument 403 http://www.google.com

Change ‘202-login.php' to your appropriate login.php file, and change the IP to your public IP address.

Experimental Neat Tricks

Ad-creative with a Coupon-protection

Create an Ad copy/banner: “Get 30% off Hotels” “Limited Time. Use Coupon 1234”

User clicks on your ad, and is redirected to a password/coupon prompt, enters the password/coupon ID, and gets access to your LP.

You can now rotate your passwords on a regular basis.

Now, there is no sexy solution to this, but here is somewhere to get started for now.

Of course, you could simply do this with a generic landing-page that filters traffic based on the coupon 🙂 … and some complex PHP coding 🙁

Cloudflare Your Site (Advanced)

This method will place your landing-page and tracker on a CDN (content distribution network), thus increasing performance, while a the same time, decreasing hard-hitting hacker attacks.

Just in case, decrease the Cloudflare security to ‘LOW', and performance either CDN or CDN+Performance. This will ensure maximum compatibility with 3rd-world traffic.

Cloudflare your site here.

Encrypt the URL (Advanced)

This involves having a VPS, that allows editing server files. This will really prevent URL-jacking.

Example:
www.example.com/how-to-encrypt.html
To
www.example.com/DMQRzZWMDdGQtbndzBHNsawN0aXRsZQR0ZXN0AzcwMQR3b2UDMjQwMjEwNQ
For those that understand how to do this, feel free to share. This is for more advanced coders. Learn more on How To Encrypt Your URL Here

Pass Your Offer from the URL into the LP using PHP

I saw one particular domain where every landing page call-to-action button simply redirected to /clickhere , which went no where. Of course, this simply meant that the owner passes the offer link to the button, using the address-bar URL.

So for example:

Direct linking to landing-page:

Address bar: www.landingpages.com/offer.php
Link: Dead End

Landing-page with parameter:

Address bar: www.landingpages.com/offer.php?offerID=offer1234.php
Link: Advertiser Page

This prevents direct-linking to your LP, and stealing your offer funnel.

Seems simple, except this involves some PHP, which even confuses me sometimes. Here is a source to get your started, or perhaps share your knowledge, because at the moment, I have limited know-how on this.

The Obviously Needed Disclaimer

Nothing is 100% safe. People will be people, and steal your shit regardless. BUT, I 99% guarantee that 1 or 2 of these tips will prevent your next hi-jacker.

If you like this article, +1 on share on Facebook or whatever.

Cheers

Leonidas 🙂

Quote Of The Day

“I got a new car. I just need to put it together. They’re easier to steal piece by piece.”

 ~ Jarod Kintz, $3.33

Facebook Comments

Sharing is caring!

More Interesting Posts?

14 Comments

  1. Wow, another great article!

    Since you mentioned Prosper202 I have a quick question about it. I know a lot of people use Nana’s Prosper202/Tracking202 for tracking, but when using an AdWords campaign do you use Google Analytics instead?

    It’s nice to see that Prosper202 can be secured as you mention above, but it seems GA is probably more secure? I know there must be advantages to using Prosper since it’s widely used.

    Kind regards,
    Randall

    • P202 is your free, entry-level tracking platform for affiliates.

      You can’t use GA to track offers that you promote for others when you don’t control the offer landing page.

      Albeit, there IS a way to use GA to track affiliate conversions, it’s complicated, and doesn’t work too well (involves placing your GA tracking into a server post-back script, and calling it during conversion).

      Also, Google Analytics has a tracking ID which you can trace through the web using various tools. Secure, but trace-able for landing pages 🙂

  2. Thanks for the update man – your a real wealth of information!

    An overview of tracking would make a great WSO, or future blog post (hint hint… 🙂

    Have great day Leo,

    Randall

  3. I appreciate all your valuable insight – just sent a tweet recommending your blog to my 40,000+ followers! @NewsletterGuy

  4. but what you do when other people have this script and you want to use their LP? 🙂
    there some landers i found that doing this redirect to their offer…but i can’t remove or find that script…
    awesome article anyway!

    • Hey David,

      To the people that get to read this article, then they have the upper-hand 🙂

      Finding a way to encrypt your URL, while still passing parameters is one of the tricks I haven’t figured out yet. I’m sure some server-side software out there does it.

      Let me know if you find something.

      Cheers David 🙂

  5. How exactly do I rip a landing page that I have found? Strictly for educational purposes.

    It would be to copy over one from a friend to mine with permission.

    Just dont know how to go about it.

    Regards!

    • Simply view the source code, and rip it like that.

      Most landing pages are simple HTML, CSS, and JS pages.

      Also, right-click on the page, and save as.

    • The majority of my earnings have been from search. The GDN (google display network) is also good.

      Admob is primarily for advertising your own apps, so you need to use the GDN.

      Other mobile display networks I find suck at preventing click-fraud.

  6. Hi
    Can I use advertiser direct landing page in my adwords ads or shall I create any mobile landing pages such as dudamobile.com and fill it in my destination url in adwords ad destination url?

Leave a Reply to Ana Wong Cancel reply

Your email address will not be published. Required fields are marked *

Post comment