Wow, did you guys hear about this? verifiedcasinos.com

chayton

aka LooHoo
webmeister
PABnonaccred
CAG
Joined
Jun 5, 2006
Location
Edmonton Canada
Seems the owner of this website got busted after it was proved that he had hacked an exploit in Akismet (sorry I think after reading the whole thread this is wrong, it's a social plugin NOT Akismet) to display an iframe with his casino aff links from multiple wordpress sites. I hadn't read about it, but this was unearthed in August. I'm including a link to the notice from GPWA.

You do not have permission to view link Log in or register now.
 
Last edited:
You know, thiat website (verifiedcasinos) is reminding me of something - those links at the bottom, "As seen on USA Today" etc. Where have I seen that before? Was it on one of the fake casinomeister sites?
 
We have to be grateful there is a great network of affiliates, casino reps and affiliate managers that are self-policing the internet to protect players and protect earnings of hardworking webmasters. Just like any other industry, there are always those that seek to deceive, cheat and just generally act in a negative way. The more of the sites like verifiedcasinos.com that get identified the better ;)
 
This has been going on a LONG time, there was someone who was a member here who was trying to have something done about it a year or two ago and she was having a hard time getting anyone to listen to her - I don't remember who it was though.

This scummy affiliate had hacked into thousands of wordpress sites - and most of them don't have anything to do with gambling, and probably don't even know they have a piggybacked page on their website. Like if you do a google search for "infoexgraphics.com-online-casinos" and you'll see it comes up with over 22 thousand!!! :eek2: pages. Of course I didn't check them all, but most of those are wordpress sites that have been hacked and carry an extra casino affiliate page.
 
We have to be grateful there is a great network of affiliates, casino reps and affiliate managers that are self-policing the internet to protect players and protect earnings of hardworking webmasters. Just like any other industry, there are always those that seek to deceive, cheat and just generally act in a negative way. The more of the sites like verifiedcasinos.com that get identified the better ;)

A year ago I would have agreed with you, but my latest experience with some of the largest MGS affiliate programs this past Spring totally changed my mind about this. The only way to properly watch your back is to hire a lawyer.
 
A year ago I would have agreed with you, but my latest experience with some of the largest MGS affiliate programs this past Spring totally changed my mind about this. The only way to properly watch your back is to hire a lawyer.


Agree, some of the responses from some of the affiliate programs about this issue was mind boggling and they will be getting a nice write up from me soon. Saying things like "They signed up on ppc deal, so no problems"and "This is a competitive business, its not our responsibility go talk to Google" etc. (that's not quote for quote but pretty much it, can post the exact quotes if need be)


I have been watching this thing since the post first came about, it was quite an eye opener in many aspects.
 
I can't believe that this person is still an affiliate of ANY casino or why anyone would want to do any kind of business with them - what they've done is not only unethical and sneaky, isn't it also illegal?

The one guy in the thread over there was saying that one of the aff managers was saying "oh no, all the traffic from x is coming from verifiedcasinos..." and this guy is saying "OF course it is because he's hacked a bloody iframe into every other site on the internet!" lol. Well I'm paraphrasing a bit, but you know what I mean. The aff programs see the traffic as coming from that one source so they don't necessarily think anything is wrong. And maybe some of them are just enjoying the traffic.

I was thinking someone should contact every site that has that hack and let them know. But 22 thousand sites? sheesh I'm too far behind in my work already. :rolleyes:
 
I can't believe that this person is still an affiliate of ANY casino or why anyone would want to do any kind of business with them - what they've done is not only unethical and sneaky, isn't it also illegal?

The one guy in the thread over there was saying that one of the aff managers was saying "oh no, all the traffic from x is coming from verifiedcasinos..." and this guy is saying "OF course it is because he's hacked a bloody iframe into every other site on the internet!" lol. Well I'm paraphrasing a bit, but you know what I mean. The aff programs see the traffic as coming from that one source so they don't necessarily think anything is wrong. And maybe some of them are just enjoying the traffic.

I was thinking someone should contact every site that has that hack and let them know. But 22 thousand sites? sheesh I'm too far behind in my work already. :rolleyes:


It is, but casinos don't have much respect for the laws of the countries where their players and affiliates reside. It's the law of their chosen jurisdiction that matters.

What is needed is for the authorities to launch a prosecution for this, and then haul in the complicit affiliate programs as accessories. The affiliate programs and casinos that knowingly turn a blind eye are in effect, money laundering.

Failure to self police this could mean that they will be policed by the authorities in a manner that does not suit them, and there will be nothing they can do about it.

It could be the UK that upsets this status quo, because we have the Computer Misuse act, and this action would be a matter for the police. The proceeds of crime act could also see the casinos having revenue confiscated if it can be shown to have been derived through the hacking of thousands of wordpress websites. Any casino that has applied for a UK licence is right in the firing line.
 
It's frustrating that it seems like nobody really cares - they've reported to the ISP and Google and nothing's been done from either of them as far as I know. At this point it's less to do with the affiliate-ness of the issue, it's the bloody hacking that's the real thorn. So this person can just hack away with impunity and the best anyone can do is remove the hack if they find it themselves on their site? That seems really stupid.
 
It's frustrating that it seems like nobody really cares - they've reported to the ISP and Google and nothing's been done from either of them as far as I know. At this point it's less to do with the affiliate-ness of the issue, it's the bloody hacking that's the real thorn. So this person can just hack away with impunity and the best anyone can do is remove the hack if they find it themselves on their site? That seems really stupid.

It's those who's sites have been hacked that can set the ball rolling on this. They are the direct victims of this crime, so they can contact their own police forces as crime victims. Given the scale of this, there could be many forces in many countries involved, making this a matter for international policing in those countries who have similar computer misuse laws. The problem comes when it comes to getting an arrest and pressing charges. This scumbag could well be holed up in a country that does not recognise this as a crime, which will make it hard, if not impossible, to get this to trial. The nature of the hack also means that most victims are unaware they have been involved unless someone draws it to their attention. There is also the possibility that the hack could render some victims in breach of their own country's laws, as they would be seemingly promoting online casinos.

Google SHOULD care, as this is also a major attack on the integrity of their search engine. They seem very keen to put a stop to other forms of black hat SEO, and are also keen that users do not get the impression that Google search is not fit for purpose due to the results being flooded with irrelevant and artificially promoted results that are less relevant than the less prominent ones.
 
I think the main issue is that most people don't even realize that their website has this hack. It's not like they go to their website and there's a pic of some douchebag saying "You got pwned" - it's not touching any part of the 'real' site, it's just adding to it and google is picking up all the links. It's sort of like a virus that makes your computer a zombie - it still does what it's supposed to do, but it also is doing other stuff in the background.

So the 22K website owners are just oblivious that they have this bloody parasite attached to them.
 
I think the main issue is that most people don't even realize that their website has this hack. It's not like they go to their website and there's a pic of some douchebag saying "You got pwned" - it's not touching any part of the 'real' site, it's just adding to it and google is picking up all the links. It's sort of like a virus that makes your computer a zombie - it still does what it's supposed to do, but it also is doing other stuff in the background.So the 22K website owners are just oblivious that they have this bloody parasite attached to them.

Nevertheless, it's still illegal to infect someone else's computer with a virus, even a benign one. Many users don't realise they have a virus on their computer, but often the "benign" ones are not meant to affect the user in any way, they are designed to stay hidden and become part of a botnet, which can be used to cause serious problems for others.

This hack causes serious problems for the integrity of Google, it damages the business of other affiliates, and it brings the whole online casino industry into disrepute. It can damage the owner of the infected website too if people come across the site through a compromised Google search, and think that it's the site owner who has done something "black hat" in order to make money from online gambling.
 
Agreed Vinyl, that's why it doesn't make sense that nobody seems to care - I mean like Google and the hosting company. A few of the aff programs pulled the plug, but there are still casinos listed and there are still all these hacked websites. If this guy had hacked a bank or a government site I'm sure there would be somebody all over it.

Awhile back do you remember there was something called pharmahack - basically the same thing except then you got a page selling viagra and hydrocodone and stuff like that. Everyone who got hacked was pissed, but basically nothing was done - it was all just, "Update your Wordpress and run scans etc" :(
 
Agreed Vinyl, that's why it doesn't make sense that nobody seems to care - I mean like Google and the hosting company. A few of the aff programs pulled the plug, but there are still casinos listed and there are still all these hacked websites. If this guy had hacked a bank or a government site I'm sure there would be somebody all over it.

Awhile back do you remember there was something called pharmahack - basically the same thing except then you got a page selling viagra and hydrocodone and stuff like that. Everyone who got hacked was pissed, but basically nothing was done - it was all just, "Update your Wordpress and run scans etc" :(

Is there a product like anti-virus for PC that scans your websites for things like this?

It seems that these new "digital laws" are not being taken seriously. If you broke into someone's house and used their stuff for your own ends, you would be arrested and charged, yet it seems breaking into someone's website or PC is met by telling the victim they should "run some scans" or "update.......". This is OK, like telling someone to get better locks and shut their windows when they go out, BUT one still expects burglars to be arrested and charged.

The hard work has already been done by the community, so Google don't even have to start from scratch. Google have the best tools and expertise of all to investigate the scope of this and prepare evidence that the authorities can use to go after the hacker, but it seems they don't care -- or are they trying to bury this because it is SO major a hack that they are trying to avoid embarrassment over their search algorithms being targeted and fooled so easily.

Maybe Wordpress will care because it seems it's always Wordpress sites that fall victim to these major hacks.
 
Actually I scanned a couple of the websites that I found that had been hacked (crazy is that you can do it to anyone's site too) and both of them were running outdated versions of wordpress.

So basically if you're running wordpress, you need to keep it updated. PLUS you need to scan your themes before you ever install them and keep THOSE updated. Ditto all your plugins.

The pharmahack guys were taking a paid-for version of a good theme and offering it for free through file sharing sites or torrents. A bunch of people download it and share the download themselves. Other people tweak the design and offer it for free, sometimes through free theme sites, more people download it. Lots of people get this cool theme for free, everyone is happy - especially the first guys. Because all those people who are using that theme? What they don't know is that the first guys have hidden some base64 in the php code or some other back door hack so as soon as the website is live, the hack is already there, no brute force needed.

This hack, from what the one guy at GPWA said, was probably from a plugin. Some kind of social media sharing thingie that I've never heard of but sounds like it's had security problems in the past.

EDIT: Sorry I wandered off there. :oops: To answer your question, an antivirus wouldn't catch something like this. Most security type plugins will do things like monitor changes between plugins that you're running against those in the repository, and checks the wordpress core files against what you have installed. So if there are weird php files showing up where they shouldn't be, or any base64 code added since you've installed, it might be able to find them. I think the best way to see if you've been hacked like in this case would be to use a spider - that would show all the links from your site, so if google is finding them, you should be able to find them too. Once you know you've got it, you'd have to figure out where it came from.
 
FYI the copy of the letter that is being sent out to all affiliate programs and affiliate managers can be found here
You do not have permission to view link Log in or register now.


The "hacker" has since joined a new network and is starting all over again.

Pretty determined, and pretty confident that he isn't likely to end up in jail over this. Very much the same behaviour we see from spammers. They know they will be stopped, but they won't actually get caught and jailed, so they already have it in their business plan to move quickly on to the next scam once the first gets shut down.

Ideally, the affiliate programs need to be on the ball so that despite all of this, he is caught out quick enough such that he never sees any commission from this, and so might eventually give it up.
 
Get booted from an aff program, open a new account, change your links for your iframe(s) and you're back in business. :rolleyes:


Funny how when a PLAYER does this they are accused of FRAUD, which is a CRIMINAL offence. If affiliates can do this, why can't advantage players do it and have a blind eye turned too? Even the terms and conditions for affiliates are not really enforced, yet they are rigorously enforced on players.

Given that ID verification is down to anti money laundering laws, and thus out of the hands of the casinos, how come affiliates can so easily get away with this kind of thing? I would have thought they would get caught on these new accounts on their first attempt to withdraw earnings, just as the dodgy players usually gets busted when they have to produce documents on the Nth account that actually produces something they can withdraw.
 
Funny how when a PLAYER does this they are accused of FRAUD, which is a CRIMINAL offence. If affiliates can do this, why can't advantage players do it and have a blind eye turned too? Even the terms and conditions for affiliates are not really enforced, yet they are rigorously enforced on players.

Given that ID verification is down to anti money laundering laws, and thus out of the hands of the casinos, how come affiliates can so easily get away with this kind of thing? I would have thought they would get caught on these new accounts on their first attempt to withdraw earnings, just as the dodgy players usually gets busted when they have to produce documents on the Nth account that actually produces something they can withdraw.

Well I suppose it comes down to first of all, noticing that it's happening and then prove that it's happening and then find out who's behind it. From what I understand (although I may be wrong) the way this is set up with an iframe is that any referrals seem to be coming from the correct domain. So the aff program might not notice anything strange even if they were looking for it. The people who own the websites are oblivious because their main site hasn't been hacked. So that leaves it up to other affiliates who are checking their SERPS and find it.

Then once someone finds it they need to find someone who will listen - there was someone trying to do something about this over a year ago, and at GPWA someone else commented that when they said something 6 months ago nobody cared. I mean, sure it's possible that those websites allowed someone to place a page on their site. :rolleyes: But really, who do you go to or who do you tell? Especially since the only people who seem to care are other affiliates, so any complaining sounds like sour grapes or whatever. The guy who started this time was stubborn though, and didn't give up until someone started listening.

Who knows though if it will change anything. No matter if some aff programs dump this person temporarily, there will still be others who won't care about their methods. Complaints were made to Google and the ISP and none of that seemed to do anything.

I personally am not really outraged at what he's done - TBH I have to admire the guy a bit for exploiting the system so well for so long. Maybe that's because my site isn't really my main source of income like with other affiliates though. Of course what he's done is probably criminal and of course it's unethical, but really - he's not defacing the main sites of any of those sites who have his page, so they're not (technically) getting hurt. He's bringing in business so the casinos aren't hurt. He's hurting other affiliates though by filling the first 10 pages of Google with his links and that's a problem - also maybe if this doesn't get nipped in the bud, I can see where people are going to start thinking, "Hey, if this guy can get away with it, why shouldn't I do something like that too?" and then it will just be a free-for-all where everyone loses.
 
Well I suppose it comes down to first of all, noticing that it's happening and then prove that it's happening and then find out who's behind it. From what I understand (although I may be wrong) the way this is set up with an iframe is that any referrals seem to be coming from the correct domain. So the aff program might not notice anything strange even if they were looking for it. The people who own the websites are oblivious because their main site hasn't been hacked. So that leaves it up to other affiliates who are checking their SERPS and find it.

Then once someone finds it they need to find someone who will listen - there was someone trying to do something about this over a year ago, and at GPWA someone else commented that when they said something 6 months ago nobody cared. I mean, sure it's possible that those websites allowed someone to place a page on their site. :rolleyes: But really, who do you go to or who do you tell? Especially since the only people who seem to care are other affiliates, so any complaining sounds like sour grapes or whatever. The guy who started this time was stubborn though, and didn't give up until someone started listening.

Who knows though if it will change anything. No matter if some aff programs dump this person temporarily, there will still be others who won't care about their methods. Complaints were made to Google and the ISP and none of that seemed to do anything.

I personally am not really outraged at what he's done - TBH I have to admire the guy a bit for exploiting the system so well for so long. Maybe that's because my site isn't really my main source of income like with other affiliates though. Of course what he's done is probably criminal and of course it's unethical, but really - he's not defacing the main sites of any of those sites who have his page, so they're not (technically) getting hurt. He's bringing in business so the casinos aren't hurt. He's hurting other affiliates though by filling the first 10 pages of Google with his links and that's a problem - also maybe if this doesn't get nipped in the bud, I can see where people are going to start thinking, "Hey, if this guy can get away with it, why shouldn't I do something like that too?" and then it will just be a free-for-all where everyone loses.

Why not?

Maybe it's the only way to get this taken seriously, make it a big enough problem for them that they can no longer afford to turn a blind eye. If the casinos do nothing unless it can be proved to them that the "victim" website didn't give permission, then what's wrong with advantage players borrowing a friend's identity and expecting the casino to object only if they know that no permission to do so was granted.?
 
Why not?

Maybe it's the only way to get this taken seriously, make it a big enough problem for them that they can no longer afford to turn a blind eye. If the casinos do nothing unless it can be proved to them that the "victim" website didn't give permission, then what's wrong with advantage players borrowing a friend's identity and expecting the casino to object only if they know that no permission to do so was granted.?

I disagree. :p I don't think that the fact that one or two (or ten or twenty :rolleyes:) affiliates are doing unethical stuff gives everyone else the right to do the same. Just like promoting rogue casinos - lots of them still do it, does that mean it's ok?
 
Funny how when a PLAYER does this they are accused of FRAUD, which is a CRIMINAL offence. If affiliates can do this, why can't advantage players do it and have a blind eye turned too? Even the terms and conditions for affiliates are not really enforced, yet they are rigorously enforced on players...
Seriously? Or are you just being coy. :p

It's a no brainer - fraudsters can cost the casinos serious money - degenerate affiliates can actually increase the traffic flow. This is (IMO) why a number of affiliate programs are reluctant to take action against against those who are using unorthodox or unethical means to gain traffic. Bottom line is that when one complains about unethical business practices, you'll get a lot of lip service - but the cash-flow overrides good business sense and propriety.
 
Seriously? Or are you just being coy. :p

It's a no brainer - fraudsters can cost the casinos serious money - degenerate affiliates can actually increase the traffic flow. This is (IMO) why a number of affiliate programs are reluctant to take action against against those who are using unorthodox or unethical means to gain traffic. Bottom line is that when one complains about unethical business practices, you'll get a lot of lip service - but the cash-flow overrides good business sense and propriety.

Just showing the blatant double standards in play here. Whether something is "wrong" seems to depend upon the viewpoint. When it's hacking affiliates, it's "wrong" from the viewpoint of pretty much everyone except the casinos. Well, some players don't have a problem with borrowing a friend's ID for play, and so long as the friend is happy with this, they don't view it as the crime of "identity theft". Casinos say it's wrong, even when there is agreement between the parties, because it can cost them money. Well, this means it can MAKE the AP money, which is the SAME JUSTIFICATION that casinos are using to support the toleration of "advantage affiliates" who hack others sites, even though this hacking is a CRIME, not merely a "civil wrong".

True standards do not switch direction due to the ebb and flow of money. Any that do are false standards, and not something to be overly concerned about.

All three are just doing the same thing, and have the same aim, to make as much money as possible from the industry. (The three being:- Casinos, Advantage players, and Advantage affiliates). All three have the same response to getting caught too, they do their best to wriggle out of it so that they can carry on doing what they were doing.

I have to wonder whether the new UK regulators have even considered this dark side of the affiliate business, and if so, how they intend to curb it.
 

Users who are viewing this thread

Meister Ratings

Back
Top