The Most Active and Friendliest
Affiliate Marketing Community Online!

“Adavice”/  “RollerAds”/

Script to protect a landing page from spy tools

Steve @ Voluum

Service Manager
Service Manager
Voluum
In a typical scenario, your landing page is available for anyone that has a link to it. This means that it can be viewed by someone who didn't go through your campaign URL and may have other intent than taking your offer.

Without right protection, it can get ripped at an insane speed and keep popping up on spy tools whenever you reach any volume.
  • Voluum has created a solution for you - let me introduce Lander Protection Script.
  • It blocks access to your landing page from visitors or programs that didn't come through a campaign URL.
  • What they will see instead is a blank page.

How does it work?

1.
You get a script that needs to be implemented on your landing page.
2. A special parameter called the lptoken that is automatically added to your lander URL.

Voluum then adds a unique value to this URL using this parameter and the script checks for that value.

Every visit that didn't go through Voluum and doesn't have the landing page token value will be blocked.

For every visit coming through a campaign URL, the landing page will be displayed and available for 30 minutes.

How to set it up?

I. Get the lander protection script

15d2d657f8dbc9.png


II. Paste the Lander Protection Script to your landing page

You’re good to go!

The lptoken is automatically added to all your lander URL, so you do not have to add it manually. Even it is not visible in a lander URL in Voluum, it will be visible after Voluum makes a redirect to the landing page. If you want to verify it, go through your campaign URL and check, if the lptoken is visible in the lander URL in your web browser's address bar. It should look like this: https://lander_url.com?lptoken=123456789
 
server => JavaScript window.location()[script | page] => real landing page
I just caught a network (^this way^) that sent me 390 real out of 833 hits I paid for :eek: (popunders)
I am working with them to see if we can resolve the problem
1.) the websites are scamming them 2.) let's not go there yet ;)
 
server => JavaScript window.location()[script | page] => real landing page
I just caught a network (^this way^) that sent me 390 real out of 833 hits I paid for :eek: (popunders)
I am working with them to see if we can resolve the problem
1.) the websites are scamming them 2.) let's not go there yet ;)

Hello, Graybeard! Thank you for this information. Is it possible to ask you to elaborate on that?

As far as I understood, you mean to write a JavaScript piece of code, that will be placed in landing page, right?
This part 'window.location()' refers to the 'window.location()' object like 'window.location.href', 'window.location.location' (and others alike) from javascript, right?

I am learning PHP and JavaScript, and at the same time researching and writing down the fields I will need to learn later. Your answer will help me to optimize my learning process once I'll come to the level of using this function.

Thanks for your time!
 
that sent me 390 real out of 833
Further investigation showed about 50% of the 390 "real" were HTTP1/ bots with faked user agents -- all real browsers since 2015 accept HTTP/2. The server for the domain is configured to accept HTTP/2

Needless to say, I hijack the bots and 302 them to the locations I want. Some are maybe real people with older junk devices that have no money anyway. So who cares?

Newer bots execute JavaScript and accept, and will offer, cookies. Headless Chrome (apparently) thanks Google :p
 
However, this is marginal (thanks elGoog and headless chrome).

This only works when there is JavaScript in the client (browser)
1. filter location => 2. to real location

Really, the best defense against scrapers (spy tools) seeing all the content of your landing pages is by using some server side dynamic rendered content.

Also, where is the user-agent (client) coming from <a data center server/VPN> kill the connection error code 403 (or 444 with Nginx).
Appreciate your help, thank you!
 
this idea ...
PHP:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="content-type" content="text/html; charset=UTF-8" />


<title>index</title>

  <script>window.location.replace("https:___//yyy.xxx.___com/path/?'.$query_string.'")</script>

<style type="text/css"></style>
  </head>
<body>
 <a href="https://twitter.com/YOU">Tweet my stats Here</a>
  </body>
</html>
 
Last edited:
However, this is marginal (thanks elGoog and headless chrome).

This only works when there is JavaScript in the client (browser)
1. filter location => 2. to real location

Really, the best defense against scrapers (spy tools) seeing all the content of your landing pages is by using some server side dynamic rendered content.

Also, where is the user-agent (client) coming from <a data center server/VPN> kill the connection error code 403 (or 444 with Nginx).
 
And this method is not only suitable for landing pages? If it's a big site with a bunch of subdomains, will it work?
 
Today Google Headless and Selenium based scrapers will use WebDriver and follow JavaScript links.
Since you can forge the user-agent headers to appear as a normal user browser --you are basically screwed.
One thing that you can do is only allow the latest and 1 version prior browser version to open the page/website.
Browsers update automatically now --bots have to fix the forged headers manually and some people are lazy.
 
banners
Back