Does anyone know how to disharm them dame things to keep a mother f***ker from useing them.I know three guys useing them on topsites and trades.

You could ping them to death if you have a quicker connection then them http://adultwebmasterinfo.com/ubb/smile.gif

sandman,
i have access to a fast connect. how do you ping them to death?? i want to try it...

I am more interested in how you CATCH those mother fuckers... anyone know?

Yeah I know how to catch them using the stats in UCJ 4.

Click the reffers button. Scroll to the bottom and click the update reffers button to process the latest reffering info.

Ok now is the work part. If you think someone is cheating you then maybe you start inspecting thier site. If you have no clue you can inspect them all. OR compare this list to sextracker stats and see if there is any large disrepencies. (Like if sextracker says they sent 100 and your UCJ stats say 1000 look closer)

Well what are you looking for?
Look at the outgoing stats. This is where these hitbot guys get you. By sending hits through your script to fake productivity.
(To make it seem that the "surfers" they send are clicking on something.)

How do you know. Well by looking at other sites in your reffering list. (Especially sites you KNOW are not cheating you. You can start to see a pattern. You should be able to see which links are getting the most clicks and in which order. At least roughly) With this knowledge now start comparing the suspect site. If you notice that the suspect sites "surfers" all click only one link OR a unusually large number or thier "surfers" click a link that normally doesn't get THAT high a percentage of outclicks you can start to be suspicious.

You can also take this one step further by changing the link names on your pages then watching for surfers that click links that are no longer there since you changed them and the old link names are no longer on your site. (If a sites "surfers" click links that no longer exist on your site you can be fairly sure that this is a hitbot. I caught 3 cheaters the first day I got UCJ 4 installed this way http://adultwebmasterinfo.com/ubb/wink.gif

Not sure if this is understandable. But I hope it's some help http://adultwebmasterinfo.com/ubb/wink.gif I hate cheaters. I hope they all burn in hell!!

If you don't undestand ask me. Maybe I can clarify anything that was to cryptic.

sonic
24513624

Lets get it out in the open guys, Dan/Tim get you asses into this thread http://adultwebmasterinfo.com/ubb/smile.gif

How does a hitbot work, and how can scripts be coded to stop them.

One idea i had for my script i am working on is including a surferID INTO the html page as a hidden file.

This ID would be their IP encrypted (by whatever encryption, md5 say). When the surfer clicks on the out.cgi, the script would check to see if any hidden fields were passed to it. It can then check if that field is correct for that surfer (so use IP, browser, etc for the encryption instead i think). If it is not correct, out.cgi would be called by a surfer who has not gone in through in.cgi...

its just an idea, maybe i am way off the ballpark?

To me it would seem a hitbot sends requests for in.cgi to get high IN stats, and then requests out.cgi to get the productivity.

I guess that once these things are implemented hitbot coders can code around them though http://adultwebmasterinfo.com/ubb/frown.gif

Let get some ideas going guys.

nice post sonic.

Richard.

TrafficTrade uses a keycode that is regenerated every 2 min (or 1 min can't remember) if someothing is wrong with that code the traffic will not be counted, it will also be stored in a cookie and used for the productivity tracking.
I'm not completely sure if that is the way TT works but pretty sure.
Anyway TT is currently not for sale so it is not a spam post http://adultwebmasterinfo.com/ubb/smile.gif

The main reason I keep it fairly quiet how to catch cheaters is that I don't want them to know how they were caught. If they are educated too far (saying we caught you by this method) then that is only encouraging them to establish counter measures for enhanced cheating. Nobody wants that so please leave them in the dark as much as possible ... Just let them know that if they cheat ... THEY WILL BE CAUGHT!!!!

Well unfortunately nothing will ever be 100% cheat proof. As long as surfers can do something hitbots can also. They can fake just about anything when well done.

However we can make cheater's life harder. Problem is the more protection you add the more cpu your script needs. It would be possible to make a script solid as rock, but you'd need a huge server to handle it.

Bio uses something like what you're saying Rich, the cookie is encoded with infos about the surfer but a bot could easily request in.cgi, read the cookie and pass it to out.cgi (or the id).

I guess it's an endless battle. It's like sysadmins against hackers.

Dan

yea, i appreciate that the faker could request in.cgi and recieve the page and find the hidden field, then send to out.cgi.

*sigh*

http://adultwebmasterinfo.com/ubb/frown.gif

Only trading with reputable webmasters is a pretty good start though, but like you say, anything a surfer can do, can be imitated by code.

Rich

http://adultwebmasterinfo.com/ubb/frown.gif

Add the time the in.cgi was hit.... then have out.cgi check what time in was hit. anything weird going on then have the script give you a bib to your cell phone? + the trade is being suspended

It's a good idea Due,

that's part of what is encoded in the super cookie... Problem is, let's say the guy falls on your site, then he leaves for 30mins-1hour, comes back and clicks on your site. You want to be alerted about this guy? Currently his hits are just not tracked.

But you can say.. Let's be alerted if the guy clicks >5 times with the expired cookie. Okay well good idea but the question is: how do we implement this? Cookies, impossible (too easy to cheat, a bot could send the 1st time clicked cookie). Ips? What do we do with big providers like AOL which uses proxies.. A bunch of their surfers have the same ip.

Seems like we won't find THE solution very soon http://adultwebmasterinfo.com/ubb/frown.gif

Dan

I don't quite understand what you are talking about Dan, can you explain refering to the way bio currently works.

As for creating unique surfer ids, how about taking a combo of IP, Browser, etc and encrypting via a key on the server side?

Well no I feel the same way as Tim, less details is better http://adultwebmasterinfo.com/ubb/smile.gif

But humm I can tell you the cookie is encoded with the time the surfer came in, and a couple of other informations about him. When the out is called for this surfer, these infos are verified.

My point was, what the script should do when it detects the infos are innacurate? Let's say you put a delay of 1 hour in the cookie. Due suggested to be beeped & suspend the trade if it happens. But what if the guy left his computer for 1 hour just after he loaded your site. When he comes back he clicks one of your links. His infos are innacurate but he's still a valid surfer, not a hit bot.

We could say "if the guy clicks more than 5 times on a link to out.cgi with innacurate infos it means he's a hitbot". It's a good idea but very hard to code in a script due to the reasons mentionned in my previous post.

Finally if you try to keep infos about your surfers on the server side, you'll have the problem of IPs. You can have 10,000 AOL surfers but they share like 30 different IPs. How do you make the distinction between the 10,000 surfers? Not to mention it's also gonna use a bunch of cpu

Dan