If you don’t know what being “Dick Rolled” means…I won’t spoil it for you. Just do a Google search for “make monies online“. But when you hear “you spin me round like a record” start playing…you’d better find the power button to your monitor quickly!

I’m usually pretty careful these days on which links in Wicked Fire that I click on, but some asshole got me the other day with a Prosper202 link, hence me writing this post. (I’ll find out who you are buddy, pay back is a bitch dude

Is there a cure? Not that I can see, only prevention.
First rule of thumb….never click on any links you come across in Wicked Fire. I don’t care how enticing they look, DON’T DO IT!

Secondly…to recover from the disease we call “DickRollingus”, you need proper medication. If you’re using Internet Explorer, I’m sorry I can’t help you. Please visit another doctor.

But if you’re a smart affiliate marketer, you’ve long since made the switch to Firefox. While I can’t help you not lose your job, your girlfriend, and save you from the humiliation of a Dick Roll in front of your colleagues… I can tell you a cool way to not lose all your open websites if you do happen to come across the flesh helicopter.

You’re gonna need to download an install a Firefox plugin called “Session Manager“. (No, I promise that link isn’t a Dick Roll link, trust me) Ok…you don’t trust me. Do a Google search instead then.

Next time you’re Dick Rolled, simply open the task manager (or CTRL-ALT-DEL) and end the Firefox.exe process. Be sure that you’re on the “Processes” tab of the task manager and not on the Applications tab. If you attempt to end Firefox from the Applications tab, nothing will happen except the browser telling you you’re gay.

This will essentially kill all open browser windows and tabs, including your spinning friend. When you reopen Firefox, Session Manager will open asking you which crashed session you’d like to recover. You should see a window that looks something like this:

Uncheck 'Make Money Online'

From here, you can select the windows and tabs that you want to restore. Be sure to uncheck “Make Money Online” or you’ll be greeted with some more meat spins and have to do the whole process over. Those who don’t use the Session Manager plugin sometimes make the mistake of thinking that they can recover from a Dick Roll by simply choosing “recover session” when Firefox restarts.  Sorry to disappoint, but this will simply recover your last crashed session and Dick Roll you all over again. You need to use the Session Manager.

Now that you’ve armed with some anti-dick rolling knowledge,  go register some new domains and redirect to MakeMoniesOnline.com to continue the evil tradition!

Oh, in case you absolutely love that song and Pete Burns, here’s your woman:

httpv://www.youtube.com/watch?v=XNftReXntQs

None Found

It light of all the buzz around the “Arbitrage Conspiracy” product launch, I thought I’d post a quick strategy on domain name bidding, which was briefly covered in the AC free report. This is not my endorsement for Arbitrage Conspiracy by any means…I’m simply providing you with a strategy you can use to bid on domain names whether you buy the course or not.

Basically, in this short video I walk you through a quick method of finding actual misspellings of searched for domain names. We all know that misspellings are a good way to get cheap, yet targeted traffic.

But usually our bidded on misspellings are just best guesses at what people actually type into the search field. What if you could know what they “actually” typed in? Take a look…

httpv://www.youtube.com/watch?v=S6RRry-9Mbc

Again, I apologize in advance for the poor quality of the video. I need to do some more research on how to get better resolution when converting from Camtasia to YouTube. The video is hosted on YouTube, which may be a little clearer. Once I get a better video though, I’ll update this post with it. http://www.youtube.com/watch?v=S6RRry-9Mbc

Comments and/or Questions? Shoot!

None Found

We’ll I think I’ve figured it out.

Word of Caution: Before attempting any of the steps mentioned below, I HIGHLY recommend you setup a 2nd Prosper202 install from which to test on. Do not do this on a production installation.

Why user Prosper202 with SSL?

Without getting into too much of the “techno-babble”, SSL provides your sessions with encryption. This means that when you login to your Prosper202 account, your login information will be encrypted, instead of being sent to the server in clear text.

Also, you’ll have the sneaky advantage of totally blanking out your referrer, bwahahaha.

By default, Prosper202 can cloak your referrer when the cloaking options are turned on, but this still passes the domain of your Prosper202 install to your CPA network. They won’t see your landing pages of course, but they will still be able to see that all the traffic comes from domain “tracking.xyz.com” for example.

When using cloaking in conjunction with HTTPS tracking links, your referrer will be blanked, and your CPA network won’t have any idea where the traffic is coming from. Stealthly eh?

Here’s what you need to do:

1) Purchase and assign a dedicated SSL cert to your current Prosper202 domain
Some webhosts will provide an SSL cert with your hosting package. If they don’t, you’ll have to contact them directly and purchase one.

2) Install Prosper202 on your HTTPS domain
Follow the normal Prosper202 Installation Guide.

3) Modify your .htaccess to force the use of https port 443
(may vary depending upon your webhost)

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$

4) Modify References of HTTP to HTTPS
The easiest way to change all references to https is use a program like UltraEdit. Using the “Search, Find In Files” feature, you will need to open your local Prosper202 files, do a find and replace of “http://” with “https://”

There are simply too many lines that needed to be changed to list every single file and line that you need to modify. Doing a find and replace will work, but you’ll need to modify a few references back to “http”.

References to the Extra Resources links in the sidebar, the footer, images, and the Prosper202 RSS feed will all not work unless you change their URLs back to “http”. Once again, fire up UltraEdit, then do another find and replace of the specific links needing to be changed.

For example, references to Prosper202.com would have been changed to https. To change them back, find and replace “https://prosper202.com” with “http://prosper202.com”. Do the same for references to Worldproxy202, Meetup202, etc. Modify links in the footer in the file “template.php”.

5) Upload and Overwrite Your Modded Prosper Files
Simply upload your changed files over the existing files on your server. If you are currently  tracking a large volume of profitable campaigns with Prosper202, I suggest you do all of the recommended steps on a test server first. (downtime can be a bitch)

6) Login To Your HTTPS Prosper202 Domain
If everything went as planned, you should be able to login to your newly secured Prosper202 installation (now with SSL encryption). You can verify your server’s SSL cert is working by clicking on the “gold padlock icon” within the status bar in Firefox. (See screenshot)

Prosper202 SSL Cert Verification

7) Run a Test Campaign
I’d advise setting up and running a test campaign. Check that all looks normal, and that your sources, keywords, ads, etc are all properly tracking. Note that when generating your tracking links in step 7, you should now see “https://” in front of them.

Install the Firefox plugin “RefControl”
You can use RefControl to watch and/or change the referrer. Play with different settings to verify that links sent through HTTPS are showing “no referrer” in the statusbar. You can also log into your CPA network and see that the referrer is blanked (if they provide this too you).

HTTPS tests in Firefox have worked great. In IE7, the browser warns the user of a certificate error, which I am still looking into. Not sure if this is specific to my machine, or IE7.

But overall everything has worked great so far (besides the IE7 issue)… Please thoroughly test before running live campaigns. I take no responsibility if you break your server!

Questions? Shoot!

- Enjoy and happy cloaking!

None Found

Without getting into too many of the technical details, last week a security vulnerability in the Zend files (encryption engine) in Prosper202 was exploited. Basically through scouring the search engines for Proser202 footprints, a malicious user was able to find vulnerable installations of Prosper202 and steal sensitive campaign information from a few unlucky targets. Hopefully you weren’t one of them.

Luckily, Wes Mahler and team were fast on the defense and quickly released an update that fixed the vulnerability, as well as ceased using the Zend encryption engine. With release 1.1.2, Prosper202 has officially become open-source, which opens a world of exciting new possibilities (think how Wordpress has exploded).

I am for one excited to see what the affiliate community with come up with. Also, in all likeliness, an open-source version should officially put an end to the paranoia of Wes and his team stealing your keyword data. I know Wes and Steven personally. They’re honest guys. They aren’t stealing your data, and never were. But you can now look through the source code yourself if you’re still an unbeliever.

Moving on to the point of this post, here a just a few of the best practices that I came up with for securing your Prosper202 installation, and hopefully preventing your domain from ever being found by yet another malicious affiliate. (We should be helping each other, not hurting each other)

1) Changing Your Prosper202 Passwords: This may seem obvious, but you’d be surprised at how many people DON’T change their passwords on a regular basis. Treat the information in your Prosper202 installation as you would your bank account, because essentially it’s just as important. (if you’re making money).

• Change the default username/password to something more secure
• Set a reminder in your email program to change this password every 30-60 days
• Also change the MySQL database password on the same schedule. Once you do, remember to also update your “202-config.php” file accordingly.
• To assist with generating secure passwords, you can use: StrongPasswordGenerator.com

2) Don’t Use Obvious Names For Your Install: Since Propser202 requires a dedicated domain or subdomain, but sure to choose something that isn’t obvious to its purpose. For example, don’t use a domain name called “ppctracking.com”, or a subdomain called “prosper202.domain.com or p202.domain.com”. These are huge dead giveaway footprints to your Prosper202 installation, that can easily be found with a few advanced search operators.

3) Always Run The Most Current Version of Prosper202: You should currently be running Prosper202 version 1.1.2, to ensure you’re not vulnerable to the security exploit. If not, do it! Perhaps in the future auto-upgrades (similar to Wordpress) will be made available, but in the meantime, manually stay updated with the lastest build.

Download Prosper202: http://prosper202.com/apps/download/

4) Lock Down Your Prosper202 Domain To Your Own IP: There are a few ways to do this lockdown.

• Either use .htaccess to lock the installation down to your own IP address, which is probably the more secure solution (server-side). This mod is simply blocking access to the login page “202-login.php”. If you locked the entire domain to your IP, then obviously none of your redirects would work for your traffic.

Add additional IP’s if you login from more than one IP address. Here’s the code you’d need to add to your .htaccess file and upload to the root directory of your Prosper installation.

#202 Block
<Files 202-login.php>
order deny,allow
deny from all
allow from 0.0.0.0
ErrorDocument 403 http://somemaliciouswebsite.com/
</Files>

• Or add the following to the top of your “202-login.php” file:

if($_SERVER['REMOTE_ADDR'] != 0.0.0.0 || $_SERVER['REMOTE_ADDR'] != 0.0.0.0) { header( ‘Location: http://somemaliciouswebsite.com’ ); }

In both examples, replace the “0.0.0.0″ with your own IP address(es). And for a bit of well deserved punishment for those daring enough to snoop around trying to access your Prosper202 install…simply replace “http://somemaliciouswebsite.com” with a website of your choice, preferably something containing adult material, viruses, or other malicious content. I’ll let you use your imagination on this one.

Personally, I’ve set mine to a page that logs their IP address, presents the FBI warning, then redirects the perp to the FBI’s website for “further analysis”. (10 years working in computer security for the US Government can’t go to waste, bwahahaha!!!)

5) Preventing / Removing Existing Indexed Pages: You might be one of those unlucky enough to not have protected your Prosper domain from getting indexed from the day you registered it. To find out if you’re site is currently being indexed by Google, check here: Google Webmaster Site Status Tool. If Google reports your site in their index, you can request an entire site removal by:

• Logging into Google Webmaster Tools
• At the dashboard, click the site you want to remove. If you’re site isn’t listed, add it so you can remove it. (You will have to verify that you are the site owner before you can make modifications in Webmaster tools)
• Then click on Tools, Remove URL –> Submit a New URL Removal Request, and be sure to select the option that says “your entire site”.
• Other search engines should have similar tools.

Another method of preventing and removing your site from search engine indexes is to create a robots.txt file.  You can block your entire site from being indexed (no reason to have your Prosper202 domain indexed anyway) by creating a text file called “robots.txt”, and adding the lines below, and uploading to the root directory of your Prosper202 installation:

# Disallow Web Bots
User-agent: *
Disallow: /

# Disallow Archive Bots
User-agent: ia_archiver
Disallow: /

I believe that Prospe202 comes with a robots.txt file by default that prohibits the indexing of your domain, but unfortuntely some search engines will totally ignore robots.txt and index your site anyway. Another line of defense is using meta tags. Do the following:

• Edit the file “template.php”, which can be found in: yourdomain.com/202-config/
• Add the following code snippet in the <head> section of the file (near the existing meta tags):   <meta name=”robots” content=”noindex, nofollow” />

If you’re site is currently indexed, you’ll have to wait for the search engine bots to revisit your site, from which they’ll see your robots.txt and meta tags, and should remove you from their index. If you’re not seeing your site deindexed after a couple of days, you may need to contact the support team directly.

6) Install Prosper202 on an SSL (https) Secured Server: Some search engines won’t index https sites. Google does. MSN says they won’t, but I’ve seen otherwise.

But in addition to the indexing issue, having your key campaign data protected by SSL encryption would be ideal. An SSL install of Prosper202 would not only protect your login and campaign information from plain-text exploits; you would also have the sneaky advantage of totally blanking your referrer.

This is huge for affiliates worried about their CPA network stealing their hard earned money by cloning their campaigns. Prosper202 currently can cloak the referrer via redirects, but it doesn’t blank it so that your network sees “nothing” from the referring domain.

I’ve been experimenting with the HTTPS install, and once I’m 100% sure that it works, I’ll post a tutorial on how to do it (not for the technically challenged).

7) Redirect Your Landing Pages To Clean URLS: In Step 7 of your campaign setup (#7 Get Links), you would normally generate your ad (or keyword) destination URL. The problem with this though is that the variables in the URL (t202id, t202kw), etc…can give a lot away about your campaign structure.

This is especially true if you also use a tool such as Speed PPC in conjunction with Prosper202, which can add even more tokens to the URL (seed, adgroup, keywordtype, etc).

For example, take a URL such as:

“http://www.yourdomain.com/landingpage.php?t202id=1234&t202kw={keyword}&seed=seedkeyword&adgroup=adgroupname&match=broad”

If I saw this URL in the address bar of a landing page, I immediately know:

• You’re using Prosper202 to track your conversions = potential profitable affiliate
• You’re passing the bidded keyword in the URL {keyword}, which obviously reveals the actual terms you are bidding on.
• Tokens like “seed or adgroup” reveal that you are probably using Speed PPC, shows the campaign structure, and the matchtype (broad) being triggered for the search.

This is simply much more campaign information than I want to reveal to my competitors. So using a few tricks, we can still capture the key tracking information, and then redirect the user to a clean URL like: “http://yourdomain.com/cleanpage.php”

(I gotta give props to Wes Mahler for helping me get this working)
Do the following to maintain your tracking, but redirect your destination URLS to clean (token free) URLs that spy affiliates can’t openly see:

• Create a new file that will act as the redirect landing page. I suggest you name this file something like “lp1.php or landing.php” as to not alert its purposed (ie: don’t call it redirect.php)

• In your new redirect landing page (we’ll use lp1.php), add the following:<html>
  <head></head>
  <body>
  <script>code from step#6 Get LP Code goes here</script><!– js script is called, the visitor is recorded, then redirected to the clean URL –!>
  <script type=”text/javascript”> window.location=’http://yourdomain.com/cleanpage.php’;</script>
  </body>
  </html>

• In place of “cleanpage.php”, this will be the true destination where you want your visitors to ultimately end up. If it’s a directory, simply specify the directory path in the script above and add “index.php”.

Be sure to modify the Landing Page URL in Step#4 (Landing Page Setup) to reflect the path to your “lp1.php” file. For example, instead of setting the landing page URL to your former destination: http://yourdomain.com/destination.php, you’ll instead set it to: http://yourdomain.com/lp1.php

8)  Monitor Your Log Files For Login Failures / Suspicious Access: With your webhosts control panel, you should be able to get access to your raw log files. Unless you’re using third-world web hosting, you should be able to see your log file data in some fancy statistical interface. Ask your web host if you are unsure about how to locate your log files. You might also be able to schedule a job to email you the logs files on a regular basis.

Also, Prosper202 will show you the last 20 login attempts by simply clicking the “Administration” link in the top header.

9) More .htaccess Fun: A few more .htaccess mods to tighten things up, and to have a little fun with your intruders.

Disable showing the contents of directories that don’t contain an index.php file:

# Disable directory browsing
Options All -Indexes

Set error 403/404 pages to some site of your choosing. By resolving a page not found to a website you specify…you can have a bit of fun with where you choose to send your snooping intruder.

ErrorDocument 403 http://somemaliciouswebsite.com/
ErrorDocument 404 http://somemaliciouswebsite.com/

10) Implement a “Honeypot” Install of Prosper202: A honeypot in computer terms is somewhat of a trap or counteractive measure of defense. Logging a dummy admin account on an XP machine with the password of “password” could be considered a honeypot.

This step of course is only for those who have the time, knowledge, and resources to implement such extreme measures of protecting the Prosper202 community. But if we teamed up, we could certainly catch more than a few of the guys in the act, and call them out.

Basically, you would install Prosper202 on a “dummy” domain, with none of the best practices that I just mentioned in place. Set up a few fake campaigns that get indexed to throw the perp on a nice goose chase to make him think he’s hit pay dirt. Of course you’ll need to be logging all the activity secretly as to catch him in the act.

So after about 2 days of writing this post (and testing), there are about 10 best practices for securing Prospe202 that I was able to come up with. Again, this list certainly isn’t exhaustive, so be sure to comment in and let me know of any other findings and/or corrections you may have.

More Prosp202 tutorials to come!

None Found