I had a newsletter recently which reported that if you use PayPal, people could search for your thank-you page and use view source to discover the location of your e-books, and download them without paying. The ezine gave details of how to avoid this problem.
Is this a problem with ClickBank?
Posted on: 8:10 pm on January 16, 2002
EBookCompiler
It's a problem with anything depending on how you setup your thank you page
Probably not the answer you wanted, but I'll try and explain...
If you are using CGI, PHP, ASP scripts, then with a little clever code, you can make your pages more or less totally inaccessible without going via your payment link.
If you are using HTML then you need to be careful
Why?
First off HTML pages can get indexed into search engines.
For the search engine to find the page, there must be a link on some other page. So provided there are no links anywhere to the page, except via your clickbank link, then you don't have to worry. If your thankyou page was previously linked, maybe you want to rename it.
Next, some people call their thankyou page obvious names
Next, some people suggest you create a robots.txt file - definition herehttp://www.searchenginerocket.com/basics/robotstxt.html- to tell search engies not to index your thank you page. Don't do it!. First off some search engines may index your thank you page because they see it robots.txt - not all search engines are well behaved! Also a clever thief can guess you have robots.txt file and type into their browser
Instead of robots.txt it is much better not to link to the thank you page anywhere (so it can't get indexed), and as I say change it once in a while.
Also you need to check your have a default file (usually called index.html or index.htm or UNIX web hosts, or default.htm or default.asp) in each folder on your site. Why? Because many web hosts enable directory listing if a folder does not contain this file.
And lastly, check the last 2 URL variants with a period . on the end. Some (very few in my experience) web hosts enable directory listing if you do that. if your host does, ask them to change the setting - and if they don't - it's time to change web host.
Posted on: 3:24 am on January 18, 2002
HBrio
Also you might want to keep an eye on your web site system logs. I check mine daily and if something seems abnormal like a higher than average access to download if a page or file I would be made aware of it.
Gary Killops
Posted on: 5:40 pm on February 11, 2002
justjeni
Thank you Sunil!! So much - for that great explanation. I have been concerned about this myself and did plan to change the links about once a month or so but still, it's frustrating knowing under handed people have so darned many tricks up their sleeves one cannot possibly keep on top of all of them! (Love your e-zine too by the way!) I just wanted to tell you how much I appreciated your response to the person who asked about this. I can see you took some time to do that and not many people will do that these days. You also put my mind at ease and whew..does that feel good!
Now, as for this comment from HBrio Also you might want to keep an eye on your web site system logs. How do you do that? On and off I try to find some info as to how to do this and what I would need, but I am not even sure just what it is I am looking for! Tx! - both of you! Jj
Posted on: 3:31 am on February 13, 2002
EBookCompiler
If your hosting account has logging (most paid ones except the very cheap have it) there should be a file called log or access_log or similar some place
Download the file using FTP. It may be VERY large depending on how busy your site is
The file is probably some form of text file, most likely 1 line per access per site
e.g. fred access page.html which links to image1.gif and image2.gif and header.jpeg - this would be 4 lines
In each line it probably shows the IP address or network of the person accessing the file, the file name, time/date and maybe other stuff
Load the text file into an editor which can handle large files (not Notepad) but EDIT in MS-DOS will work unless the file is very large, and search for the file name of your EXE file download, or the name of your thank you page.
If you see a zillion accesses, you know it's time to tighten up your security.
Posted on: 6:37 am on February 13, 2002
justjeni
Thank you for that info, Sunil! Wow...I had no idea I could do that. And, (DUH) I always wondered what that file was! Okay, okay, I'm still learning! And not ashamed to admit it. A wise man (my beloved father)once said to me: "If you don't ask questions, you don't get answers!"
Thanks again. You've been a big help.
Posted on: 2:47 am on February 14, 2002
dreuby
Thanks - I've downloaded my logs several times, but never found anything that will read them (including some apps that are supposed to be for that!)
With any business, it is up to the individual owner of said business to ensure the success of the business. You may make more or less than any sample figures or results that might be quoted on our web sites or other publications. All business involves risk, and many businesses do not succeed. Further, Answers 2000 Limited does NOT represent that any particular individual or business is typical, or that any results or experiences achieved by any particular individual/business is necessarily typical.
Disclosure:
Our company's websites' content (including this website's content) includes advertisements for
our own company's websites, products, and services,
and for other organization's websites, products, and services.
In the case of links to other organization's websites,
our company may receive a payment, (1) if you purchase products or services,
or (2) if you sign-up for third party offers, after following links from this website.
Unless specifically otherwise stated, information about other organization's products and services,
is based on information provided by that organization,
the product/service vendor, and/or publicly available information - and should
not be taken to mean that we have used the product/service in question.
Additionally, our company's websites contain some adverts which we are paid
to display, but whose content is not selected by us, such as Google AdSense ads. For more
detailed information, please see Advertising/Endorsements Disclosures
Our sites use cookies, some of which may already be set on your computer. Use of our site
constitutes consent for this. For details, please see Privacy.
Click privacy for information about our company's privacy, data collection and data retention policies, and your rights.
