Protecting Your Profits

By Chris Houg
Posted Monday, November 29, 2004

Learn how to get the most out of your hard work by protecting the location of your download pages and cloaking your affiliate links Is Your Download Page Secure?

I was excited when I first set up my web site. I was finally going to start making some money working from home. I did start make sales ... but to my horror, I found out my product was being downloaded more than I was selling the product.

Since the internet is a wonderful place to search for information, I researched a little bit and found out why. My "hidden" return value wasn't at all well hidden. All someone had to do was view the source code and "voila!", they had my download page.

Again, I went searching on the internet for a solution. I read about html encryptors that can scramble my web page so that if someone viewed the source, all they would see would be a bunch of hieroglyphics. At least that's what I saw on their demo pages.

Their weren't that many to choose from. so I picked the one that seemed to do the best job. Now my "return" links were secure and my profits would go soaring.

And they did ... for a while.

Again, I started seeing more downloads that sales. I started looking into this, and the more I looked into it, the more I learned about these hieroglyphics. The software simply transformed the text to hex codes and anyone that has the time or a hex decoder can very simply decode it.

My search went on for a better product, and better products came out. Now the newer products have complex algorithms to encrypt web pages, disable right clicks, disable text selection, etc. My search was over, and finally a had a product that could make my web page theft proof. I tried everything I could to view the code, copy the text, etc. It seemed safe and secure so now my web pages were safe and secure.

Or so I thought.

Then I discovered why. Simply put, any html encryptor is just a facade. They give the buyer a "false" sense of security that their page is protected. The simple truth is this:

For the web page to display and act correctly, the "unlock key" must be delivered within the web page. That means everytime someone was viewing my web page, the page was decrypted. Otherwise all they would see was a scrambled mess. For your forms to work, your graphics to display, your javascript to run, it all had to be decrypted on the visitors computer before any of that would happen.

But, doesn't someone have to be a hacker or a programmer or a cryptologist in order to view this information and decode it?

Well, I thought so at first. I did some research again, delving deeper into the unknown regions that were previously unexplored by me to find out if their was an easy way for this to be done. I found messages that told you how you could easily type in a javascript command into your location bar on your web page and the html code would magically appear on your screen. And it did too. Didn't matter who wrote the encryptor.

Now, there aren't going to be that many people that go that far just to get your product, unless your product is so unique and so pricy that it would really be worth it to the thief. Most likely, it would just be a challenge to a hacker who really has no interest in your product, but, just enjoys the "quest".

I was still feeling fairly confident that my download pages were somewhat safe.

Then I discovered a fatal flaw. I discovered that the encrypted web pages code could easily be viewed by anyone without any programming experience, hacking knowledge, etc. In fact, the html encrypters can be totally worthless except for the fact that they will prevent email harvesters from stealing your email address and spamming you to death.

Currently I would estimate about 2-3% of the visitors have this capability to easily view any encrypted web page. Of those viewers, maybe 10% may know the quick and easy method to view your source code and get your download link. So the numbers aren't that great and when the makers of these programs say that it will foil over 99% of the thieves, they are probably right.

What's the real solution? The real solution would be to use a script housed on your server. These scripts would execute on your server, so that the only time the download page would display, is if the script verified that person actually paid for your product and then it would allow redirection to your download page. Since the script would only run off of your server's computer and not the visitor's computer, there's not much of a chance that your download page can be found.

Protecting Your Affiliate Link

I see so many affiliate links that aren't protected in any way. This is a shame as people deserve their commissions when they are working their fingers to the bone trying to make a living, just to have someone decide they want a discount on a product or just plain be mean, and not get any benefit out of it except for not allowing you to get paid for your commission. For example:

ClickBank

There's a lot of products on ClickBank and a lot of affiliates that market those products. The problem lies with other affiliates of ClickBank. They simply replace your username with theirs and they get an instant discount in the result of getting paid YOUR commission. A typical ClickBank link looks like:

(http://hop.clickbank.net/?YourName/ProductName)

Just replace "yourname" with "theirname" and you lose your commission and they get a discount.

Other affiliate links typically look something like:

(http://www.somedomain.com/cgi-bin/aff/main.cgi?YourName)

Here they can either on purpose or out of habit just type (www.somedomain.com) and "voila", no commission for you and the visitor or advertisee is not getting ANY benefit out of it.

The solution would be to use an affiliate link cloaker. Basically what these programs do is create an HTML page with your affiliate link in it. You upload the page to your server and name it what you want. You then market the web page you just uploaded to your server. A "cloaked" page would typically look like:

(http://www.yourdomain.com/yourname.html)

When the page is loaded on a person's computer, they are instantly "redirected" to the sales page using your correct affiliate link all without the knowledge of the visitor. As far as the visitor is concerned, they are on your server looking at the sales page. While effective, if you market quite a few affiliate links, you can literally have hundreds of these little "web pages" on your server. While not a problem in itself, it can get difficult trying to remember what the name of the file is when you are trying to market it.

There are affiliate link cloakers that will house more than one link or URL in them and you call on the link simply by using a special "identifier" at the end of the link. For example, you can have:

(http://www.yourdomain.com/safelists.cgi?aff=safelist1)

and for the 2nd safelist it could be:

(http://www.yourdomain.com/safelists.cgi?aff=safelist2)

Of course the name at the end should be something that you associate with that affiliate link. It can be the actual name of the product, a number, or whatever you choose.

Another convenient aspect of a cloaker that works this way is that it can reduce 100 different affiliate "files" to 5 if each file would contain 20 links.

You can also group links then by the person/company or product type. For example, one file could be all of your safelists or one file could hold 15 of the products from ABC Company that you market.

Digital Traffic Cop is an ebook that allows anyone to create CGI scripts by simply filling in a form and clicking on the create button. It is extremely easy to use and has features not found in any other download page protectors or affiliate link cloakers. For a live demonstration and to see the other features, visit (http://www.productmarketingcenter.com/cop)

About the Author
Chris is the author of "Make Money On The Internet" which shows how to create your own digital products and "Digital Traffic Cop" which lets anyone easily create CGI scripts for the protection of their download pages and cloaking their affiliate links.