I recently got the chance to speak on Whiteboard Friday over at SEOmoz, it was a quick session whereby a few SEO’s just give up a couple of tricks that the general population may not be aware of, i chose to talk about cookie stuffing.
Cookie stuffing is not new and has been blogged about a few times so i am not pretending to have actually come up with the method. I wanted to talk about it because i have been doing it slightly different using .htaccess and i have also been getting some really good results.
Basically, Cookie stuffing is a method in which you place cookies on users computers without them nessecerally knowing about it. It can be used on your affiliate sites to auto drop a cookie without the user actually clicking through your banner and converting on the retailers site. This allows you to get a much better conversion rate for visitors of your site because even if they hit your page, bounce, and then goto the retailers page at a later date (within the cookie length) you still get the sale.
It can also be used off site, whereby you would drop a cookie for a large affiliate site (such as ebay or amazon) by simply having a reference to your image. You can use this trick anywhere which allows you to use image code.
So here are the steps to do it…
1) Create a directory on your server with an inconspicuous name such as /stats
2) In that directory create a .htaccess file with the following code…
RewriteEngine On
RewriteRule yourfakeimage.jpg http://www.cookiedroppingurl.com [R,L]
3) Place the /stats/yourfakeimage.jpg code in the footer of your site and then when the browser requests the image the .htaccess will return them the url which drops the cookie, this is all done in the background so unless someone is specifically looking out for it then you should get away with doing it
Obviously, you can use /stats/yourfakeimage.jpg in any other site that allows you to reference an image, aslong as the site doesnt cache the image locally on their server then you will be able to serve up as many cookies as you like.
There has been a lot of debate about whether using this method on external sites is classed as stealing and Esrun wrote a great article on cookie dropping.
I just want to add that you should be careful doing this, obviously if your affiliate see’s that you are generating a 100% clickthrough rate then they are going to start asking questions and can even ban you from the program.
About the Author:
Chewie is a guy who moved to London from the North of England to further his career in SEO. He has a background in design, coding, and marketing. He tries to keep this blog up to date as best he can, and talk about a ton of different things.
Email this author | All posts by Chewie | Subscribe to Entries (RSS)
June 13th, 2008 at 3:48 pm
How would you do this in IIS6? That’s the environment I am on with my servers and I want to look into this more.
June 13th, 2008 at 4:18 pm
Hi Brent,
I have tried a few methods of doing this, but found that using .htaccess on apache is by far the easiest, and most bullet proof way of doing it.
If you are running php on IIS6 then you have some options available to you. You could reference an image which is actually an php script. So write the script to redirect to the Affiliate cookie dropping URL and call it yourimage.jpg. I guess you could actually do the same thing with ASP but i dont have any experience in that?
Can you set up a redirect in II6 for an individual file? You could try that and set the redirect to goto the cookie dropping URL when yourimage.jpg is called. Try it and let me know if that works.
My friend Esrun has some coding examples for other methods which may or may not work on IIS6…
http://www.esrun.co.uk/blog/wp-content/uploads/2008/03/cookie_stuffing_resource_files.zip
June 13th, 2008 at 5:52 pm
You could probably pull this off with a tiny as well.
The technical parts make total sense to me - it’s knowing what affiliates to use that I don’t know much about. I’ve never done much with affiliates before.
June 13th, 2008 at 5:53 pm
Er..whoops, my last comment contained an HTML tag that was stripped out:
“You could probably pull this off with a tiny (iframe) as well”
June 13th, 2008 at 6:04 pm
Matthew: You certainly can use an iframe but obviously that doesn’t allow you to drop Cookie’s from 3rd party sites that you dont own. With the image you can drop it anywhere on the web and the cookie will be delivered.
June 13th, 2008 at 6:49 pm
@Brent, I think you can use http://urlrewriter.net/ to accomplish this. I’ve recently started working in an Windows IIS environment as well and am looking into URL rewriting for other purposes, still, you should be able to accomplish similar results as you can with mod-rewrite/Apache.
More specific in the help section of that site and this page:
http://urlrewriter.net/index.php/support/reference/actions/rewrite
June 13th, 2008 at 8:42 pm
This is a low form of spam and is agianst the TOS with 99.9% of all affiliate companies. Not to mention this trick has been used for several years and some people are actually getting sued by affiliates over it.
June 13th, 2008 at 9:20 pm
You are completely correct Spambuster, i would not advise anyone to use the technique on a site they want to build up.
As i said in the post, there has been much debated about the morales of this technique and i also did say that it is certainly not new.
June 14th, 2008 at 9:35 pm
Question:
Let’s say that I own an affiliate website. Let’s pretend it is bestbuy.com. Is there any way that BestBuy can tell that I am doing the stuffing?
I know some companies that have affiliate programs utilize third party companies to analyze the incoming affiliate traffic and check for “fraud”.
June 15th, 2008 at 2:17 am
Spambuster . . . It’s important to understand this technique for several reasons other than for profit reasons. Admitedly, I find both intriguing but mainly because this was going on for years without my knowledge and I ran major affiliate programs in the computer and consumer electronics industries. Plus, my past is one of blackhat (you’d call it spam) tactics to achieve incredible rankings from 2001 through 2005 in the computer and CE field targetting Amazon.com. My ability to hack Amazon’s UGC features is my biggest claim to fame.
Chewie/Chuck Allied,
I don’t understand this . . . it seems so straight forward in Apache but I can’t figure it out in IIS. It seems considerably more difficult in IIS. Am I missing something? Do you have code samples? I’d swap server space on a colocated dedicated T1 for you to show me, step by step how to do this (and as you do it).
I seriously feel like such a moron having not discovered this before now. It tells you how clueless people on the ‘other side’ of the affiliate business are oblivious to some tactics. I even used to compare conversion rates to watch for stuff like this and never caught it. Grrrr.
Brent D. Payne
June 15th, 2008 at 7:35 pm
Mike: When the page loads you can see the status bar change to opening page http://www.cookieurl.com so a keen eye can spot it.
Brent: I have absolutely no idea how to do it on IIS, i am a LAMP man myself and dont have a lot of knowledge about Win boxes. Hopefully someone else will be able to help you out? Do you have access to php on the IIS server?
June 18th, 2008 at 6:37 am
[...] Cookie Stuffing with .htaccess I recently got the chance to speak on Whiteboard Friday over at SEOmoz, it was a quick session whereby a few SEO’s just give up a couple of tricks that the general population may not be aware of, i chose to talk about cookie stuffing. … [...]
July 3rd, 2008 at 9:48 am
Stupid question …I see how you can serve the cookie but how do you show the image too so it looks legit?
July 3rd, 2008 at 10:33 am
Hey Law,
It’s not a stupid question, you can’t actually show the image so the best thing to do is (in the html) assign the height and width to be 1px and also use alt=” “
July 3rd, 2008 at 5:26 pm
Ok its a shame…I have a competitor who is hot linking to my images on my server. I was going to fix but then I saw this and I started to think …”what better justice than this”?
hmm….
July 5th, 2008 at 1:41 pm
Hey Law,
Well if you have someone who is hot linking to your images then simply do a 301 redirect on the image to your homepage, that way you can effectively pass some link juice and authority back to your own site.
Do a search on the net on how to combat hot linkers, else i might do a blog post on it with some coding examples if u cant find anything.
July 22nd, 2008 at 7:55 pm
I have a video and screenshot guide for this exact method on my blog
August 15th, 2008 at 9:38 pm
“Ok its a shame…I have a competitor who is hot linking to my images on my server. I was going to fix but then I saw this and I started to think …”what better justice than this”?
hmm….”
This is a BRILLIANT idea…Set up a site with hot link bait then replace some of the images with htaccess trick and some aff links….Wonder if this would work? Though the 301 is also a good idea…
August 15th, 2008 at 11:29 pm
Hey GM,
You could easily set the image to provide a cookie drop, although depending on what your are cookie dropping and who is linking to you then it may be better to 301 and get the link juice.
August 19th, 2008 at 5:44 pm
In IIS6 you’ll need a URL rewriter component installed on your server. I’ve used http://www.isapirewrite.com/.
You need to read their instructions on creating an httpd.ini file. If your image is something like myimage.gif, then the httpd.ini file will look like:
————————————-
[ISAPI_Rewrite]
# Block external access to the httpd.ini and httpd.parse.errors files
RewriteRule /httpd(?:\.ini|\.parse\.errors) [F,I,O]
#Fake Tracking Cookie
RewriteRule /myimage.gif /myaspredirectscript.asp [I,L]
————————————-
I am in the first stages of testing this so I don’t guarantee it 100%, it’s the approach I intend to take.
August 19th, 2008 at 8:43 pm
do you know how to hide the referer when cookie stuffing forums?