vBulletin Mods

The Official vBulletin Modifications Site
https://www.vbulletin.org/forum/showthread.php?t=189979

Cookie Stuffing Detector [Inside- What is Cookie Stuffing and Why you Should Care]
by sockwater
04 Sep 2008 01:03

1 Attachment(s)
This modification will help protect your boards against cookie stuffing scams.


What is Cookie Stuffing
From Wikipedia:
Quote:

Cookie stuffing or cookie dropping is a Blackhat technique used to generate fraudulent affiliate sales. It involves placing an affiliate tracking cookie on a website visitor's computer without their knowledge, which will then generate revenue for the person doing the cookie stuffing. Income is generated when the affected user visits the target affiliate site and either creates an account or makes a purchase, depending on the terms of the affiliate agreement. This not only generates fraudulent affiliate sales, but also has the potential to overwrite legitimate affiliates' cookies, essentially stealing their legitimately earned commissions.

Operators of websites that allow user-generated content, such as forums that allow users to post, should be aware of this technique in order to protect their visitors from this attack. Cookie stuffing can be accomplished with as little as including an image in a forum post.
People can use your boards for this illegitimate practice if you don't protect yourself
There are several techniques for cookie stuffing, one of which works on most vBulletin forums. I'll put the following in code tags so only licensed vB owners can read it.
Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

If you don't want people doing this, read on.


What this mod does

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Installation
Import the product XML file in your Product Manager, then visit the Options group "Cookie Stuffing Detector Options".

After installation, you can check if this is working by creating a post and ....

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Future development
I am planning to expand this mod to:
  • Scan all posts in the database for possible cookie stuffing attempts.
  • Check posts when the user submits them for cookie stuffing attempts, and reject the post.
Known issues / Caveats
  • Broken images will cause false positives
  • This is marked as a 3.7.x mod, because that is what I developed it on and what I use it on. It has a good chance of working on 3.6.x as well, but I haven't tested that.
  • All admins and mods (even when viewing a forum they are not a mod in) will see the message in a post if it is a possible cookie stuffing attempt. This is by design.

Tested in... (on Windows XP)
  • Firefox 3
  • Internet Explorer 7
  • Opera 9.5
  • Safari 3
  • Google Chrome?!

FreshFroot 04 Sep 2008 02:36

awesome stuff.

I heard about the cookie stuffing issues at DP and ebay.

Good to see, there is a way to protect ourselves!

thanks a bunch.

Floris 04 Sep 2008 03:48

This only works on bbcode that has a non image as image.
But you can use any image remotely hosted in the img tag and that img can be forced to be executed as a php file.

The remote image is actually php code that sets a cookie with the affiliate code, and then sets the mime via header and returns a real image.

example: http://floris.vbulletin.com/stuff/vborgtest.jpg

The img above is http://floris.vbulletin.com/stuff/vborgtest.jpg[/img] which is actually a php file that sets a cookie for floris.vbcom with user 'vborgtest'

hence: stuffing.

This plugin doesn't seem to check for real cookie stuffing, unless I am mistaken?

sockwater 04 Sep 2008 04:30

Right, except that's not really what we're talking about since there is no monetary gain in that.


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


Merjawy 04 Sep 2008 08:57

Thanks..

Installed on 3.7.3 and when I checked "Print debug output" I can't browse to any thread.. IE7 loads the thread then I get a notice can't find the page and I go to 404

I used Google Chrome and its fine and see at the buttom it says
6 of 6 posts on this page checked for cookie stuffing

but why IE stuffed with the setting?


Thanks

Mecho 04 Sep 2008 10:40

so it just can happen if User post an image using [img] tag and that image has url ?!!

ArnyVee 04 Sep 2008 11:58

Gonna keep an eye on this one :D

sockwater 04 Sep 2008 17:24

Quote:

Originally Posted by Merjawy (Post 1614222)
Installed on 3.7.3 and when I checked "Print debug output" I can't browse to any thread.. IE7 loads the thread then I get a notice can't find the page and I go to 404
I used Google Chrome and its fine and see at the buttom it says
6 of 6 posts on this page checked for cookie stuffing
but why IE stuffed with the setting?

I don't think this mod can cause 404 not found errors and the like. It's just a bit of Javascript added to the page after it loads. I think the source of your problem lies elsewhere.

Quote:

Originally Posted by Mecho (Post 1614264)
so it just can happen if User post an ....

My reply is in [code] tags so that only license holders can see it.

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


Brandon Sheley 04 Sep 2008 18:15

Quote:

Originally Posted by ArnyVee (Post 1614296)
Gonna keep an eye on this one :D

ditto :up:

cheat-master30 04 Sep 2008 21:58

This sounds good, and I'm considering installing it, but one question... wouldn't this flag up vBulletin album images because the image format is something like picture.php?id= or something?

sockwater 04 Sep 2008 22:56

Quote:

Originally Posted by cheat-master30 (Post 1614648)
... wouldn't this flag up vBulletin album images because the image format is something like picture.php?id= or something?

Nope :)

Merjawy 05 Sep 2008 03:25

Well,, as soon I check the second option "Print Debug Outpit" I pop up says can't find the page and throws me into page can not be displayed . (just like 404)

as soon I uncheck it, forum goes back to normal

sockwater 05 Sep 2008 03:40

Quote:

Originally Posted by Merjawy (Post 1614807)
Well,, as soon I check the second option "Print Debug Outpit" I pop up says can't find the page and throws me into page can not be displayed . (just like 404)

as soon I uncheck it, forum goes back to normal

Can you tell me what the exact message in the popup is? Also, can you copy the page source code for a page that cannot be display and PM it to me or post it here? That will help me get to the bottom of this.

FiMeTi 07 Sep 2008 12:29

Great job mate!
I installed this - SECURITY GOES FIRST! :)

cheers

//edit

I posted the Test-Link wich you´ve offered at the top with a [img] tag in my forums,
but I dont get a Warning - just the checked information at the bottom:
1 of 1 posts on this page checked for cookie stuffing.

PossumX 07 Sep 2008 15:04

Great concept, and will keep an eye on this one as it progresses.

PossumX <<TAGS>> mod.


All times are GMT. The time now is 16:28.

Powered by vBulletin® Version 3.8.12
Copyright © 2019, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright ©2001 - , vbulletin.org. All rights reserved.