Since my post about finding all the local pharma hacked websites, I’ve been trying to find an easy way to show the hacked website owners “an official” way to see these hidden pharma links that were placed on their sites and also a way to capitalize on the situation.
The links on these pharma hacked websites are hidden. So, if the website owner goes to their website to look around they aren’t going to see the paragraphs of text and links to viagra and cialis websites. This poses a problem. Unless of course like in the image below, you can see them directly on Google by using a simple search string.
To actually see these pharma spam links you have to dig into the code of the compromised page. Joe website owner is not going to even know how to view the source code of a page on their website never mind look through hundreds of lines of code to understand what happened.
When I contacted some of the affected site owners, I sent them a link to the Google cache “text only” version of a compromised page on their site, like so:
But that didn’t prove very effective for getting responses as I only got one reply. I guess people are either very leery of “Your website is hacked” notices or they just don’t get it. Either way there has to be a way of letting people know that their site is hacked and for them to actually “get it”.
Then I thought, maybe one of these security companies that offers malware removal has an affiliate program where I can send the owner’s of compromised websites.
I looked around a bit and found the Sucuri Security affiliate program and checked it out. Sucuri offers a 25% payout to affiliates. Their basic one website coverage and malware removal is $89.99 per year and includes:
- Malware & Blacklist Monitoring
- Email, SMS & Twitter Alerting
- Malware Cleanup (No page limit)
- Server-Side Scanning
- Blacklist Removal
This is a pretty reasonable way for the owner of a pharma hacked site to get it fixed up. As a Sucuri affiliate, it pays $22.49 per signup for this basic plan, which isn’t bad for just referring a pharma hacked site and offering the site owner an inexpensive fix.
There are a shitload of pharma hacked sites out there, so do the math…
They offer affiliate links to send someone with a hacked site directly to their Sitecheck malware scanner, but since there is no parameter available to append the URL of a pharma hacked site to the affiliate URL, you have to rely on the owner of the hacked site to put their website URL into the Sitecheck form and hit the scan button. This is a major fail point for an affiliate conversion.
So I got Sucuri up on their live chat to see what the deal is:
Hey there, have a question about Sucuri or our services? Go ahead, ask us in the chat field below, we’d be happy to help! If you need support, please log in and submit a ticket.
CapeLinks: RE: affiliate program. How about being able to append the URL of a hacked site to the affiliate scan link? In other words, Affiliate link straight to a hacked site’s scan results? I have found a number of pharma hacked local sites and would like to refer these sites through your affiliate program, but would be WAY more effective if I could send them via affiliate link right to the results of a sitecheck scan for their website URL. ??
Larry P.: humm
we dont offer it yet
you can append &scan at the end
and it will send you to sitecheck directly
but not to the scan url
CapeLinks: Get on it. You guys are missing the boat.
Larry P.: if it was just up to me 🙂
but I will pass to my managers
another solution would be to send to one URL you control
like yoursite.com/resultsforsite2.com <http://yoursite.com/resultsforsite2.com>
and in there, you add our affiliate as an iframe with &noredir at the end
and then you redirect the user
CapeLinks: Could probably get it to work via framed page. How does your affiliate program work? is it cookie based? and how long does cookie last?
many aff programs don’t allow that sort of thing. called cookie stuffing
but yeah that could work
Larry P.: yes, cookie based
we keep for 60 days the cookie
CapeLinks: suppose could make a script that set your cookie and then redirected user to scan results, but would scan override my aff cookie?
Larry P.: nope, it would not override
CapeLinks: cleanest would be for you guys to add another affiliate parameter like &URLtoscan=affectedsite.com.
would be a great promotional tool for affiliates to use. No brainer IMHO
Larry P.: yep
I will push to our managers
if they like it
they can probably add it very fast
It is doubtful that the iframe method he suggested would work, since this would rely on the setting of a third party (Sucuri) cookie, which is nearly impossible these days in modern browsers.
It could be done by loading the Sucuri Sitescan url for a hacked site into a frame and having an affiliate button in the top and bottom frame surrounding it with “click here to fix”, but there are several conversion fail points with those sorts of methods too.
We’ll see if they take my suggestion.