The Most Active and Friendliest
Affiliate Marketing Community Online!

“FunnelFlux  Zeydoo

Script to protect a landing page from spy tools

Steve @ Voluum

Service Manager
Service Manager
affiliate
Voluum
In a typical scenario, your landing page is available for anyone that has a link to it. This means that it can be viewed by someone who didn't go through your campaign URL and may have other intent than taking your offer.

Without right protection, it can get ripped at an insane speed and keep popping up on spy tools whenever you reach any volume.
  • Voluum has created a solution for you - let me introduce Lander Protection Script.
  • It blocks access to your landing page from visitors or programs that didn't come through a campaign URL.
  • What they will see instead is a blank page.

How does it work?

1.
You get a script that needs to be implemented on your landing page.
2. A special parameter called the lptoken that is automatically added to your lander URL.

Voluum then adds a unique value to this URL using this parameter and the script checks for that value.

Every visit that didn't go through Voluum and doesn't have the landing page token value will be blocked.

For every visit coming through a campaign URL, the landing page will be displayed and available for 30 minutes.

How to set it up?

I. Get the lander protection script

15d2d657f8dbc9.png


II. Paste the Lander Protection Script to your landing page

You’re good to go!

The lptoken is automatically added to all your lander URL, so you do not have to add it manually. Even it is not visible in a lander URL in Voluum, it will be visible after Voluum makes a redirect to the landing page. If you want to verify it, go through your campaign URL and check, if the lptoken is visible in the lander URL in your web browser's address bar. It should look like this: https://lander_url.com?lptoken=123456789
 

Graybeard

Well-Known Member
affiliate
server => JavaScript window.location()[script | page] => real landing page
I just caught a network (^this way^) that sent me 390 real out of 833 hits I paid for :eek: (popunders)
I am working with them to see if we can resolve the problem
1.) the websites are scamming them 2.) let's not go there yet ;)
 

Graybeard

Well-Known Member
affiliate
that sent me 390 real out of 833
Further investigation showed about 50% of the 390 "real" were HTTP1/ bots with faked user agents -- all real browsers since 2015 accept HTTP/2. The server for the domain is configured to accept HTTP/2

Needless to say, I hijack the bots and 302 them to the locations I want. Some are maybe real people with older junk devices that have no money anyway. So who cares?

Newer bots execute JavaScript and accept, and will offer, cookies. Headless Chrome (apparently) thanks Google :p
 

kostya3d

Affiliate
affiliate
server => JavaScript window.location()[script | page] => real landing page
I just caught a network (^this way^) that sent me 390 real out of 833 hits I paid for :eek: (popunders)
I am working with them to see if we can resolve the problem
1.) the websites are scamming them 2.) let's not go there yet ;)

Hello, Graybeard! Thank you for this information. Is it possible to ask you to elaborate on that?

As far as I understood, you mean to write a JavaScript piece of code, that will be placed in landing page, right?
This part 'window.location()' refers to the 'window.location()' object like 'window.location.href', 'window.location.location' (and others alike) from javascript, right?

I am learning PHP and JavaScript, and at the same time researching and writing down the fields I will need to learn later. Your answer will help me to optimize my learning process once I'll come to the level of using this function.

Thanks for your time!
 

Graybeard

Well-Known Member
affiliate
this idea ...
PHP:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="content-type" content="text/html; charset=UTF-8" />


<title>index</title>

  <script>window.location.replace("https:___//yyy.xxx.___com/path/?'.$query_string.'")</script>

<style type="text/css"></style>
  </head>
<body>
 <a href="https://twitter.com/YOU">Tweet my stats Here</a>
  </body>
</html>
 
Last edited:

Graybeard

Well-Known Member
affiliate
However, this is marginal (thanks elGoog and headless chrome).

This only works when there is JavaScript in the client (browser)
1. filter location => 2. to real location

Really, the best defense against scrapers (spy tools) seeing all the content of your landing pages is by using some server side dynamic rendered content.

Also, where is the user-agent (client) coming from <a data center server/VPN> kill the connection error code 403 (or 444 with Nginx).
 

kostya3d

Affiliate
affiliate
However, this is marginal (thanks elGoog and headless chrome).

This only works when there is JavaScript in the client (browser)
1. filter location => 2. to real location

Really, the best defense against scrapers (spy tools) seeing all the content of your landing pages is by using some server side dynamic rendered content.

Also, where is the user-agent (client) coming from <a data center server/VPN> kill the connection error code 403 (or 444 with Nginx).
Appreciate your help, thank you!
 
MI
Top