As I mentioned in my previous Prosper202 tutorial on the “10 Best Practices To Securing Your Prosper202 Installation“, I would eventually post a tutorial on how to get Prosper202 to play nice with an SSL server once I had finished some more testing.

We’ll I think I’ve figured it out.

Word of Caution: Before attempting any of the steps mentioned below, I HIGHLY recommend you setup a 2nd Prosper202 install from which to test on. Do not do this on a production installation.

Why user Prosper202 with SSL?

Without getting into too much of the “techno-babble”, SSL provides your sessions with encryption. This means that when you login to your Prosper202 account, your login information will be encrypted, instead of being sent to the server in clear text.

Also, you’ll have the sneaky advantage of totally blanking out your referrer, bwahahaha.

By default, Prosper202 can cloak your referrer when the cloaking options are turned on, but this still passes the domain of your Prosper202 install to your CPA network. They won’t see your landing pages of course, but they will still be able to see that all the traffic comes from domain “tracking.xyz.com” for example.

When using cloaking in conjunction with HTTPS tracking links, your referrer will be blanked, and your CPA network won’t have any idea where the traffic is coming from. Stealthly eh?

Here’s what you need to do: Read the rest of this entry

As a loyal an avid Prosper202 user…I thought in light of the recent news of an exploit found with Prosper202, that I’d post some suggestions on hardening your ever-so-sensitive Prosper202 data. As I am not a programmer, nor a database expert, this won’t be an end-all solution to securing Prosper202. This post is simply a list of “best practices” that I came up with through my own research and testing, and with the help of the Prosper202 forum. Feel free to comment with your own findings or suggestions as I’ll continue to update this post as new protection methods are found.

Without getting into too many of the technical details, last week a security vulnerability in the Zend files (encryption engine) in Prosper202 was exploited. Basically through scouring the search engines for Proser202 footprints, a malicious user was able to find vulnerable installations of Prosper202 and steal sensitive campaign information from a few unlucky targets. Hopefully you weren’t one of them.

Luckily, Wes Mahler and team were fast on the defense and quickly released an update that fixed the vulnerability, as well as ceased using the Zend encryption engine. With release 1.1.2, Prosper202 has officially become open-source, which opens a world of exciting new possibilities (think how Wordpress has exploded).

I am for one excited to see what the affiliate community with come up with. Also, in all likeliness, an open-source version should officially put an end to the paranoia of Wes and his team stealing your keyword data. I know Wes and Steven personally. They’re honest guys. They aren’t stealing your data, and never were. But you can now look through the source code yourself if you’re still an unbeliever.

Moving on to the point of this post, here a just a few of the best practices that I came up with for securing your Prosper202 installation, and hopefully preventing your domain from ever being found by yet another malicious affiliate. (We should be helping each other, not hurting each other) Read the rest of this entry