“mobile”/ Voluum
Welcome to Our Community
Wanting to join the rest of our members? Feel free to sign up today.

Script to protect a landing page from spy tools

Discussion in 'Programming and Scripts' started by Karolina Voluum, Jul 17, 2019.

  1. Karolina Voluum

    Karolina Voluum Service Manager Service Manager affiliate

    109
    45
    31
    In a typical scenario, your landing page is available for anyone that has a link to it. This means that it can be viewed by someone who didn't go through your campaign URL and may have other intent than taking your offer.

    Without right protection, it can get ripped at an insane speed and keep popping up on spy tools whenever you reach any volume.
    • Voluum has created a solution for you - let me introduce Lander Protection Script.
    • It blocks access to your landing page from visitors or programs that didn't come through a campaign URL.
    • What they will see instead is a blank page.

    How does it work?

    1.
    You get a script that needs to be implemented on your landing page.
    2. A special parameter called the lptoken that is automatically added to your lander URL.

    Voluum then adds a unique value to this URL using this parameter and the script checks for that value.

    Every visit that didn't go through Voluum and doesn't have the landing page token value will be blocked.

    For every visit coming through a campaign URL, the landing page will be displayed and available for 30 minutes.

    How to set it up?

    I. Get the lander protection script

    [​IMG]

    II. Paste the Lander Protection Script to your landing page

    You’re good to go!

    The lptoken is automatically added to all your lander URL, so you do not have to add it manually. Even it is not visible in a lander URL in Voluum, it will be visible after Voluum makes a redirect to the landing page. If you want to verify it, go through your campaign URL and check, if the lptoken is visible in the lander URL in your web browser's address bar. It should look like this: https://lander_url.com?lptoken=123456789
     
  2. CPA Evolution
  3. Graybeard

    Graybeard Well-Known Member affiliate

    5,023
    2,408
    113
    server => JavaScript window.location()[script | page] => real landing page
    I just caught a network (^this way^) that sent me 390 real out of 833 hits I paid for :eek: (popunders)
    I am working with them to see if we can resolve the problem
    1.) the websites are scamming them 2.) let's not go there yet ;)
     
    Lord Patrick likes this.
  4. Graybeard

    Graybeard Well-Known Member affiliate

    5,023
    2,408
    113
    Further investigation showed about 50% of the 390 "real" were HTTP1/ bots with faked user agents -- all real browsers since 2015 accept HTTP/2. The server for the domain is configured to accept HTTP/2

    Needless to say, I hijack the bots and 302 them to the locations I want. Some are maybe real people with older junk devices that have no money anyway. So who cares?

    Newer bots execute JavaScript and accept, and will offer, cookies. Headless Chrome (apparently) thanks Google :p
     
    KristofSX likes this.
  5. kostya3d

    kostya3d Affiliate affiliate

    6
    0
    1
    Hello, Graybeard! Thank you for this information. Is it possible to ask you to elaborate on that?

    As far as I understood, you mean to write a JavaScript piece of code, that will be placed in landing page, right?
    This part 'window.location()' refers to the 'window.location()' object like 'window.location.href', 'window.location.location' (and others alike) from javascript, right?

    I am learning PHP and JavaScript, and at the same time researching and writing down the fields I will need to learn later. Your answer will help me to optimize my learning process once I'll come to the level of using this function.

    Thanks for your time!
     
  6. Graybeard

    Graybeard Well-Known Member affiliate

    5,023
    2,408
    113
    this idea ...
    PHP:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE html>
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8" />


    <title>index</title>

      <script>window.location.replace("https:___//yyy.xxx.___com/path/?'.$query_string.'")</script>

    <style type="text/css"></style>
      </head>
    <body>
     <a href="https://twitter.com/YOU">Tweet my stats Here</a>
      </body>
    </html>

     
    Last edited: Sep 2, 2019
  7. kostya3d

    kostya3d Affiliate affiliate

    6
    0
    1
    Thank you for reply!
     
  8. Graybeard

    Graybeard Well-Known Member affiliate

    5,023
    2,408
    113
    However, this is marginal (thanks elGoog and headless chrome).

    This only works when there is JavaScript in the client (browser)
    1. filter location => 2. to real location

    Really, the best defense against scrapers (spy tools) seeing all the content of your landing pages is by using some server side dynamic rendered content.

    Also, where is the user-agent (client) coming from <a data center server/VPN> kill the connection error code 403 (or 444 with Nginx).
     
  9. kostya3d

    kostya3d Affiliate affiliate

    6
    0
    1
    Appreciate your help, thank you!
     
banners