• Please use real names.

    Greetings to all who have registered to OPF and those guests taking a look around. Please use real names. Registrations with fictitious names will not be processed. REAL NAMES ONLY will be processed

    Firstname Lastname

    Register

    We are a courteous and supportive community. No need to hide behind an alia. If you have a genuine need for privacy/secrecy then let me know!
  • Welcome to the new site. Here's a thread about the update where you can post your feedback, ask questions or spot those nasty bugs!

How does this Spammer Robin Smith get Payoff?

Asher Kelman

OPF Owner/Editor-in-Chief
I'm impressed by Robin smiths posts. Two of them have hidden images in them which don't show up.


http://gettycredit.com/bunbun/index.jpg[/IM_] and [IMG]http://onlinepartner.org/opart/index.jpg[/IM_]

(I have removed the last G to allow you to see the URL)


However, on post the URL in a new browser page, one gets sent to [url=http://www.amazon.com/?_encoding=UTF8&tag=frewoowor-20&linkCode=ur2&camp=1789&creative=390957][COLOR="DarkRed"][U]this[/U][/COLOR][/url] Amazon page!

So how does this "person" get benefit from investing posts that are actually relevant to the forum used for this lark?

Google either image and one gets 26,00 and 48,000 references respectively! Each seems to be a very well crafted for the appropriate forum such as [url=http://www.volvo-forums.com/t39184-850-volvo-need-to-take-bout-body-pins.htm][COLOR="DarkRed"][U]this appropriate post[/U][/COLOR][/url] for a volvo issue, this for the Proximity Sensor [url=http://forums.macrumors.com/archive/index.php/t-1405564.html[/url] or amazingly [url=http://www.medhelp.org/posts/Ovarian-Cancer/Mom-diagnosed-with-ovarian-cancer-/show/1802304][COLOR="DarkRed"][U]this sensitive post[/U][/COLOR][/url] for his poor mother suffering from ovarian cancer!

[COLOR="Indigo"]"My mom was just diagnosed with stage 1b ovarian cancer. She had severe sharp pains in her lower abdomen and had an MRI were they found a mass in her ovaries. She had a hysterectomy.they removed her ovaries, fallopians, and uterus. They diagnosed it as ovarian cancer.There was some hematoma in one of her fallopians were they found some malignant cells.but other than that all was clear. They'll still do some more blood tests and cat scans to monitor the rest of her body. But they decided they'll give her 6 doses of chemoth[url=http://gettycredit.com/bunbun/index.jpg]e[/url]rapy. I'd like to hear from anyone in similar circumstances. She's very scared of the chemotherapy. What should she expect? Will she always be vomiting?? When will her hair fall out? Whats the recurrence rate? What's her prognosis? She has an appointment with her oncologist next Sunday but I wanted to hear from people who passed through this before. I want to be there for her every step of the way. Thanks"[/COLOR]

This latter text, I believe has been copied by "Robin625" on September 5th from an apparently genuine post onJuly 26th this year for help [url=http://www.cancerforums.net/threads/24413-Mom-diagnosed-with-ovarian-cancer][COLOR="DarkRed"][U]here[/U][/COLOR][/url]. So this explains how our Robin is able to compose forum-relevant posts. Quite smart!!

But where's the payoff? For sure this is bring an avalanche of links to Amazon for Kindle tablets, but who is the beneficiary for all this smoke and mirrors and traffic manipulation?

Asher
 

Jerome Marot

Well-known member
I think that amazon pays you for clicks, so that will be the incentive.

Of course, the scheme implies that the spammer controls the servers which redirects the jpeg to amazon. A quick whois on gettycredit.com and onlinepartner.org shows that the two servers have been registered from Indonesia, although not from the same cities (one in the vicinity of Jakarta and one in Bandung, which is a 2 hours drive from Jakarta).

If you can block images linked from non-standard servers, that should do the trick. Most photographers use the same servers like flickr, smugmug, etc... Of course, some use their own servers, so you would need a whitelist. Maybe you can just have the forum software check that the image server either belong to the whitelist or has been registered in the same country as the user.
 

Asher Kelman

OPF Owner/Editor-in-Chief
I think that amazon pays you for clicks, so that will be the incentive.

Well, I can take care of that! I have a high level agent in the administration of the company!

Of course, the scheme implies that the spammer controls the servers which redirects the jpeg to amazon. A quick whois on gettycredit.com and onlinepartner.org shows that the two servers have been registered from Indonesia, although not from the same cities (one in the vicinity of Jakarta and one in Bandung, which is a 2 hours drive from Jakarta).

Fast detective work on your part! Thanks!

Well Jerome, between us we've uncovered the background to these "Robin Smiths" that Tom dinning thinks I breed in my basement, LOL! Fascinating to me that this Robin uses a clean IP address that shows not bad behavior on my series of spam checks! Pretty damn smart! I wonder how fast he can copy and paste good posts into the appropriate forums? Is this done in some sweat shop by $1 a day english speaking slaves? Imagine the time taken to post some 74,000 such links! This is only the two we have identified and likely there are more!

If you can block images linked from non-standard servers, that should do the trick. Most photographers use the same servers like flickr, smugmug, etc... Of course, some use their own servers, so you would need a whitelist. Maybe you can just have the forum software check that the image server either belong to the whitelist or has been registered in the same country as the user.

I'm not worried about blocking the guy as he is doing us no real harm to us and compared to 74,000 violations, removing our small share does not alter the landscape really.

I seem to have seen that picture for photographing a bottle before! Easy to fall for such a straw man!

Asher
 

Robert Watcher

Well-known member

Jerome Marot

Well-known member

What a piece of nonsense. And, BTW, the typeface at the bottom of the advertisement is sans serif.


Well, I can take care of that! I have a high level agent in the administration of the company!

That is the best which can be done. We are hurt by these spammers, but amazon is hurt even more since it pays them for what is basically worthless, automated, clicks.
 
We are hurt by these spammers, but amazon is hurt even more since it pays them for what is basically worthless, automated, clicks.

Which in it's turn is being paid by advertisers. As a former finance and business analyst (but, don't worry, I'm also an officially licenced photographer), I've always been sceptical of such payment methods, and would have given any advertising agency a hard time to prove their claims.

I've recently purchased a PDF generating application, much cheaper than the Adobe version, but just as potent. Since then I am constantly confronted on numerous websites with website advertisements for that same application I have already purchased, and am happy with. Yet, the advertisers are paying to promote the product to existing customers. How screwed up can a business model be.

It's high time to restore some sanity into what some companies are doing ..., it seems they need better analysts ;)

Cheers,
Bart
 
Asher,

This is called 'cookie stuffing'. or Image Cookie Stuffing

What happens is that every person that visited the posts that Robin posted has a cookie added to their browser. Now, at any point in the future, unless you delete the cookie, if you buy from Amazon, they get a referral. Spammers do this using huge companies like Amazon, because, let's face it, almost everyone at one point or the other, will buy something from Amazon. In that very thread, you even pointed the spammer to the Amazon website to buy the book on lighting. Someone else perusing the thread, may buy that book. Now, he/she also encouraged people to edit the image and repost. New posts, lead to more people checking out the thread, ergo, more cookies.

Besides places like Amazon, other places like porn sites or gambling sites have spammers doing this. A poker site may give you $100. per person that signs up to their site. The spammer signs up to poker forums, put the image cookie in their signature. They drop them in comments in a bunch of threads. Then people reading the threads gain the cookie and eventually, someone is going to sign up to one of your affiliate poker sites.

Don't be fooled that this is small stuff. These people use double and triple protection with javascript to obfuscate the script and make it their webpage source look like regular html etc., to hide the fact that they are spammers.

If you want to check for the cookie, in your browser, go to Options and look for your security setting. In Firefox 15, you need to check the custom settings for history, I believe. I found it on mine (amazonmerchants) and deleted it.
 

Asher Kelman

OPF Owner/Editor-in-Chief
I'm impressed with all this explanation! Thanks Maggie, Bart, Tom, Andy, Jerome and Robert. I wonder whether this is the work of one fellow with some software to help him, or else does he use a boiler room approach with a nest of very low paid serfs?

How much can he get from 74,000 links? Now this is only from 2 embedded images. how many more might he have?!!!

Asher
 

Jerome Marot

Well-known member
This is called 'cookie stuffing'. or Image Cookie Stuffing

What happens is that every person that visited the posts that Robin posted has a cookie added to their browser.

A quick note on cookie stuffing. Your browser can be configured so that sites can post cookies for other sites or not. In the first case, we have pure "cookie stuffing" because a site as "spammer.org" can post a cookie for "amazon.com" to read.

But nowadays most browsers are configured so that only amazon can read and set cookies for amazon. And this is the reason why this particular spammer needs to really send you to the amazon page. The image link, when clicked, forwards your browser to another link, this one from amazon but in the form "amazon.com__referrer=spammer.org" and amazon themselves set the cookie to store that this particular site sent them a customer.

The intended use for this system is, for example, if openphotographyforums.com ran reviews of cameras and on the latest review from, say, the D600, the user could click a link to amazon. Then we would have "amazon.com__referrer=openphotographyforums.com" and amazon would get potential camera buyers from here.

Some sites make the bulk of their income from referring. For example and to stay in photography, Ken Rockwell openly uses it. In that case, readers of his blog are actually aware that it is a way to keep the site running.
 
Top