How Do They Do This?

[lotus]

Hi,

I've been trying to find out for weeks how some sites are doing the following:

Someone clicks an adwords ad which goes to > siteA.com. An invisible javascript form is loaded and POSTS a private value which then redirects to:

SiteB.com

This site shows an incentive page. But if you type in the url directly without going through the external javascript form, a completely different page of content is loaded. BUT the urls are exactly the same.

I've got the javascript code for SiteA.com. What I want to know is what is happening on SiteB.com. Is it php? if so can anyone show me some If/then code to redirect based on the private POST value. It must also have some htaccess code in there too right?

Thanks
lotus

[ContemptX]

The site is using cloaked content, which means that depending how you reach the site you will see different content and so will search engines.

there are a few things out thier that does this, including simplifiedsec

[interpro]

The link that's clicked could pass a value to the URL destination. For example, the link could be something like 'domain.com/page.php?code=27'

When the visitor clicks the link to go to the URL, the PHP code at page.php examines the value of 'code'. If it's 27, a certain content is shown. If code is not 27, different content can be shown.

With PHP, you can also see where the visitor came from. If the visitor'e IP address is a search engine robot, you could show a highly optimized page to get a better search engine ranking. If the IP address is not a search engine robot, meaning that it's a real human visitor, you could show your salespage content instead. This is the way most search engine cloakers work.

The PHP approach is probably better than trying to do the same effect with JavaScript, since JavaScript can be turned off by the visitor. Additionally, the search engine robots will see the JavaScript code and may be able to determine that something fishy is happening. With PHP, there's nothing in the html code presented to the user other than just the content you want them to see.

[lotus]

Thanks, anyone know the php code? I've tried:

if $variable = $_POST['private value'];

{
header("Location: fake.php");
}
else
{
header("Location: whitehat.php");
}
</php>
I was planning on then doing a htaccess redirect for whitehat.php to make it the same url as fake.php

The code isn't working. If I don't use the htaccess, it seems like a fairly large and difficult script to hold 2 completely different page contents (even the menus are different).

Because the url doesn't change at all (I've checked in live HTTP headers), there doesn't appear to be a bridge php page. It loads quickly that's why I thought it was htaccess.

Also the only javascript is at the beginning to force an automatic form submit. The rest is totally hidden. The aff managers wouldn't see that first site (with the javascript form) at all.

PS. checked out simplified sec, and they say the way they fake the referer is through double meta refresh which this definitely is not (been caught too many times using that anyway).

[interpro]

Try this -

1) create a page called goto.php, with only the following code:

<?php

$page = $_GET['code'];

if($page == 27)
{
header("Location: salespage1.html");
}
else
{
header("Location: salespage2.html");
}
?>

Don't put any other code in goto.php, especially before the '<?php' line

2) FTP goto.php to your server

3) Next, browse to goto.php by going to the URL

yourdomain.com/goto.php?code=27

When you go to this URL, you should be shown salespage1.html

If you change the 27 to anything else, or if you just go to
yourdomain.com/goto.php you will be shown salespage2.html

Using this example, you would never actually see the page goto.php since
the server executes the php code and then displays the proper destination
page depending upon the value of 'code'.

[Narith]

Lovely :) Thanks.. I got a new idea from your sample code..

[klopklop]

nice.....................

[leedaman]

this is sorta like what i need
can this code be modified to not include the (27) instruction but just switch between to 2 urls? so 50% of users go to one page and other 50% to the other page?

[interpro]

There are a couple of ways you could 'split' the traffic between 2 pages.

You could generate a random number in the php code. If the random number is even, go to the first url, otherwise go to the second url. This is probably the easiest, but isn't guaranteed to give a 50/50 split.

Another way is to create a counter on your web host and increment the counter every time there's an access to your php page. If the counter is an even number, go to the first url, otherwise go to the secong url. This would give you an even 50/50 split.

[leedaman]

<?php
$rand=rand(1,1000);
if($rand<501){
?>

{
header("Location: salespage1.html");

<?php
}else{
?>

{
header("Location: salespage2.html");

<?php
}
?>


does that look correct ? sorry i am a noob with php