eBook authors eBook Software - create and publish your own ebooks
Create your own eBooks
 
   
EBookApprentice.com
Learn How To Create, Publish & Market E-Books
 		   
EBookCompiler.com
E-Book Creation Software
 		   
EBookPower.com
Add sophisticated multimedia to your E-Books
 		   
CoverFactory.com
Create E-Book covers in minutes
 		  
  EBookSubmit.com
E-Book Marketing & Promotion made easy
 		  EBookJungle.com
Search engine for E-Books
 		  EBookInterviews.com
Interviews with eBook authors
 		  EBookEnhance.com
Tools for building better eBooks
 		 
 
Archived Message:

Download security


 
dreuby I had a newsletter recently which reported that if you use PayPal, people could search for your thank-you page and use view source to discover the location of your e-books, and download them without paying. The ezine gave details of how to avoid this problem.

Is this a problem with ClickBank?

Posted on: 8:10 pm on January 16, 2002
EBookCompiler It's a problem with anything depending on how you setup your thank you page

Probably not the answer you wanted, but I'll try and explain...

If you are using CGI, PHP, ASP scripts, then with a little clever code, you can make your pages more or less totally inaccessible without going via your payment link.

If you are using HTML then you need to be careful

Why?

First off HTML pages can get indexed into search engines.  

For the search engine to  find the page, there must be a link on some other page.  So provided there are no links anywhere to the page, except via your clickbank link, then you don't have to worry.  If your thankyou page was previously linked, maybe you want to rename it.

Next, some people call their thankyou page obvious names

For example:
www.yoursite.com/thankyou.html

It doesn't take much to guess this!   So instead call your thank you page something like (and change it once in a while)

www.yoursite.com/afjdaks324sadf.html

Next, some people suggest you create a robots.txt file - definition herehttp://www.searchenginerocket.com/basics/robotstxt.html- to tell search engies not to index your thank you page.   Don't do it!.  First off some search engines may index your thank you page because they see it robots.txt - not all search engines are well behaved!   Also a clever thief can guess you have robots.txt file and type into their browser

www.yoursite.com/robots.txt

and hey presto they know the thankyou URL!

Instead of robots.txt it is much better not to link to the thank you page anywhere (so it can't get indexed), and as I say change it once in a while.

Also  you need to check your have a default file (usually called index.html or index.htm or UNIX web hosts, or default.htm or default.asp) in each folder on your site.    Why?  Because many web hosts enable directory listing if a folder does not contain this file.

For example,  on many web hosts,

www.yoursite.com/
or
www.yoursite.com/subdir/

will list all the files in your site - ouch!

And lastly, check the last 2 URL variants with a period . on the end.  Some (very few in my experience) web hosts enable directory listing if you do that.  if your host does, ask them to change the setting - and if they don't - it's time to change web host.

Posted on: 3:24 am on January 18, 2002
HBrio Also you might want to keep an eye on your web site system logs. I check mine daily and if something seems abnormal like a higher than average access to download if a page or file I would be made aware of it.

Gary Killops

Posted on: 5:40 pm on February 11, 2002
justjeni Thank you Sunil!!  So much - for that great explanation.  I have been concerned about this myself and did plan to change the links about once a month or so but still, it's frustrating knowing under handed people have so darned many tricks up their sleeves one cannot possibly keep on top of all of them!
(Love your e-zine too by the way!)
I just wanted to tell you how much I appreciated your response to the person who asked about this.  I can see you took some time to do that and not many people will do that these days.  You also put my mind at ease and whew..does that feel good!

Now, as for this comment from HBrio
Also you might want to keep an eye on your web site system logs.
How do you do that?  On and off I try to find some info as to how to do this and what I would need, but I am not even sure just what it is I am looking for!
Tx!  - both of you!
Jj

Posted on: 3:31 am on February 13, 2002
EBookCompiler If your hosting account has logging (most paid ones except the very cheap have it)  there should be a file called log or access_log or similar some place

Download the file using FTP.  It may be VERY large depending on how busy your site is

The file is probably some form of text file, most likely 1 line per access per site

e.g.
fred access page.html which links to image1.gif and image2.gif and header.jpeg - this would be 4 lines

In each line it probably shows the IP address or network of the person accessing the file, the file name, time/date and maybe other stuff

Load the text file into an editor which can handle large files (not Notepad) but EDIT in MS-DOS will work unless the file is very large, and search for the file name of your EXE file download, or the name of your thank you page.

If you see a zillion accesses, you know it's time to tighten up your security.

Posted on: 6:37 am on February 13, 2002
justjeni Thank you for that info, Sunil!  Wow...I had no idea I could do that.  And, (DUH) I always wondered what that file was!  Okay, okay, I'm still learning!  And not ashamed to admit it.  A wise man (my beloved father)once said to me:
"If you don't ask questions, you don't get answers!"

Thanks again.  You've been a big help.

Posted on: 2:47 am on February 14, 2002
dreuby Thanks - I've downloaded my logs several times, but never found anything that will read them (including some apps that are supposed to be for that!)

I'll try working through my text editors.

Posted on: 12:49 pm on February 14, 2002

Go to discussion thread


Participate in current/new discussions


Copyright © 2000-2012, Answers 2000 Limited.

With any business, it is up to the individual owner of said business to ensure the success of the business. You may make more or less than any sample figures or results that might be quoted on our web sites or other publications. All business involves risk, and many businesses do not succeed. Further, Answers 2000 Limited does NOT represent that any particular individual or business is typical, or that any results or experiences achieved by any particular individual/business is necessarily typical.

Disclosure: Our company's websites' content (including this website's content) includes advertisements for our own company's websites, products, and services, and for other organization's websites, products, and services. In the case of links to other organization's websites, our company may receive a payment, (1) if you purchase products or services, or (2) if you sign-up for third party offers, after following links from this website. Unless specifically otherwise stated, information about other organization's products and services, is based on information provided by that organization, the product/service vendor, and/or publicly available information - and should not be taken to mean that we have used the product/service in question. Additionally, our company's websites contain some adverts which we are paid to display, but whose content is not selected by us, such as Google AdSense ads. For more detailed information, please see Advertising/Endorsements Disclosures

About and Terms Of Use    Privacy    Advertising/Endorsements Disclosures