Hello!
I've been using TE3 on gallery-dump.com for more than a year now, I want to thank you for the well-made software, it works well.
However, I am faced with an annoying kind of wannabe-cheater, who registers domain that do not belong to him, and, as return URL, provides his affiliate internal URL with the website.
A practical example: the image host imgzeus.com allows to upload images and receive money when enough thousands of people view them.
Some people post imgzeus images on my site;
And the abuser has registered imgzeus.com with gallery-dump, with, as return URL, his *own* personal portfolio, with the images he uploaded to imgzeus.
Do you see the idea ?
Random people from Imgzeus visit my site for random reasons. And for each of them, I'll be sending a hit back to the person who registered imgzeus in the trade system.
This is just wrong, and for the moment my only solution is to blacklist whole domains although they are legit websites and all, it's a sad waste.
Against this, I could recommend three possible protection options :
1 - actual ownership verification: that trade registration must be verified by email with an email domain being the same as the domain registered in the linktrade
The strictest measure of all, not very recommended, but a worthy addition as an option, I think.
2 - Force the return URL to the nothing more than the domain for the trade. Here, my abuser could only ask for imgzeus.com as return URL, not /slash/ something.
Definitely my favorite option.
Gotta wildcard for with and without "www" and include subdomains, that said.
3 - Adding the option to blacklist the email addresses used during trade registration. Here, my abuser always uses the same email address.
Besides, when deleting a trade, TE3 should really send a notification to the person who rejected it.
What do you think of those suggestions, at least the first and, on top of all, second suggestions ?
I hope you can think of it
Kind regards,
Oliver
Constructive feedback, against a repeated abuse behaviour
Moderator: Rock