1. By continuing to use the site, you agree to the use of cookies .This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the cookie policy.Find out more.
    Dismiss Notice
  2. Follow Casinomeister on Twitter | Facebook | YouTube | Casinomeister.us US Residents Click here! |  Svenska Svenska | 
Dismiss Notice
REGISTER NOW!! Why? Because you can't do diddly squat without having been registered!

At the moment you have limited access to view most discussions: you can't make contact with thousands of fellow players, affiliates, casino reps, and all sorts of other riff-raff.

Registration is fast, simple and absolutely free so please, join Casinomeister here!

Wow, did you guys hear about this? verifiedcasinos.com

Discussion in 'Content Thieves and other Evil Doers' started by chayton, Oct 16, 2014.

    Oct 16, 2014
  1. chayton

    chayton aka LooHoo CAG PABnonaccred webmeister

    Occupation:
    Freelance Designer
    Location:
    Edmonton Canada
    Seems the owner of this website got busted after it was proved that he had hacked an exploit in Akismet (sorry I think after reading the whole thread this is wrong, it's a social plugin NOT Akismet) to display an iframe with his casino aff links from multiple wordpress sites. I hadn't read about it, but this was unearthed in August. I'm including a link to the notice from GPWA.

    You must register/login in order to see the link.
     
    Last edited: Oct 16, 2014
    5 people like this.
  2. Oct 16, 2014
  3. chayton

    chayton aka LooHoo CAG PABnonaccred webmeister

    Occupation:
    Freelance Designer
    Location:
    Edmonton Canada
    You know, thiat website (verifiedcasinos) is reminding me of something - those links at the bottom, "As seen on USA Today" etc. Where have I seen that before? Was it on one of the fake casinomeister sites?
     
  4. Oct 16, 2014
  5. conker

    conker Super Moderator CAG MM webmeister

    Occupation:
    Marketer
    Location:
    UK
    We have to be grateful there is a great network of affiliates, casino reps and affiliate managers that are self-policing the internet to protect players and protect earnings of hardworking webmasters. Just like any other industry, there are always those that seek to deceive, cheat and just generally act in a negative way. The more of the sites like verifiedcasinos.com that get identified the better ;)
     
    1 person likes this.
  6. Oct 16, 2014
  7. chayton

    chayton aka LooHoo CAG PABnonaccred webmeister

    Occupation:
    Freelance Designer
    Location:
    Edmonton Canada
    This has been going on a LONG time, there was someone who was a member here who was trying to have something done about it a year or two ago and she was having a hard time getting anyone to listen to her - I don't remember who it was though.

    This scummy affiliate had hacked into thousands of wordpress sites - and most of them don't have anything to do with gambling, and probably don't even know they have a piggybacked page on their website. Like if you do a google search for "infoexgraphics.com-online-casinos" and you'll see it comes up with over 22 thousand!!! :eek2: pages. Of course I didn't check them all, but most of those are wordpress sites that have been hacked and carry an extra casino affiliate page.
     
  8. Oct 16, 2014
  9. Casinomeister

    Casinomeister Forum Cheermeister Staff Member

    Occupation:
    Homemaker
    Location:
    Bierland
    A year ago I would have agreed with you, but my latest experience with some of the largest MGS affiliate programs this past Spring totally changed my mind about this. The only way to properly watch your back is to hire a lawyer.
     
    2 people like this.
  10. Oct 16, 2014
  11. mattsgame

    mattsgame Ueber Meister CAG webmeister

    Occupation:
    Web Master
    Location:
    Clown Town

    Agree, some of the responses from some of the affiliate programs about this issue was mind boggling and they will be getting a nice write up from me soon. Saying things like "They signed up on ppc deal, so no problems"and "This is a competitive business, its not our responsibility go talk to Google" etc. (that's not quote for quote but pretty much it, can post the exact quotes if need be)


    I have been watching this thing since the post first came about, it was quite an eye opener in many aspects.
     
    1 person likes this.
  12. Oct 16, 2014
  13. chayton

    chayton aka LooHoo CAG PABnonaccred webmeister

    Occupation:
    Freelance Designer
    Location:
    Edmonton Canada
    I can't believe that this person is still an affiliate of ANY casino or why anyone would want to do any kind of business with them - what they've done is not only unethical and sneaky, isn't it also illegal?

    The one guy in the thread over there was saying that one of the aff managers was saying "oh no, all the traffic from x is coming from verifiedcasinos..." and this guy is saying "OF course it is because he's hacked a bloody iframe into every other site on the internet!" lol. Well I'm paraphrasing a bit, but you know what I mean. The aff programs see the traffic as coming from that one source so they don't necessarily think anything is wrong. And maybe some of them are just enjoying the traffic.

    I was thinking someone should contact every site that has that hack and let them know. But 22 thousand sites? sheesh I'm too far behind in my work already. :rolleyes:
     
  14. Oct 16, 2014
  15. vinylweatherman

    vinylweatherman You type well loads CAG MM

    Occupation:
    STILL At Leisure
    Location:
    United Kingdom

    It is, but casinos don't have much respect for the laws of the countries where their players and affiliates reside. It's the law of their chosen jurisdiction that matters.

    What is needed is for the authorities to launch a prosecution for this, and then haul in the complicit affiliate programs as accessories. The affiliate programs and casinos that knowingly turn a blind eye are in effect, money laundering.

    Failure to self police this could mean that they will be policed by the authorities in a manner that does not suit them, and there will be nothing they can do about it.

    It could be the UK that upsets this status quo, because we have the Computer Misuse act, and this action would be a matter for the police. The proceeds of crime act could also see the casinos having revenue confiscated if it can be shown to have been derived through the hacking of thousands of wordpress websites. Any casino that has applied for a UK licence is right in the firing line.
     
    2 people like this.
  16. Oct 16, 2014
  17. chayton

    chayton aka LooHoo CAG PABnonaccred webmeister

    Occupation:
    Freelance Designer
    Location:
    Edmonton Canada
    It's frustrating that it seems like nobody really cares - they've reported to the ISP and Google and nothing's been done from either of them as far as I know. At this point it's less to do with the affiliate-ness of the issue, it's the bloody hacking that's the real thorn. So this person can just hack away with impunity and the best anyone can do is remove the hack if they find it themselves on their site? That seems really stupid.
     
  18. Oct 16, 2014
  19. vinylweatherman

    vinylweatherman You type well loads CAG MM

    Occupation:
    STILL At Leisure
    Location:
    United Kingdom
    It's those who's sites have been hacked that can set the ball rolling on this. They are the direct victims of this crime, so they can contact their own police forces as crime victims. Given the scale of this, there could be many forces in many countries involved, making this a matter for international policing in those countries who have similar computer misuse laws. The problem comes when it comes to getting an arrest and pressing charges. This scumbag could well be holed up in a country that does not recognise this as a crime, which will make it hard, if not impossible, to get this to trial. The nature of the hack also means that most victims are unaware they have been involved unless someone draws it to their attention. There is also the possibility that the hack could render some victims in breach of their own country's laws, as they would be seemingly promoting online casinos.

    Google SHOULD care, as this is also a major attack on the integrity of their search engine. They seem very keen to put a stop to other forms of black hat SEO, and are also keen that users do not get the impression that Google search is not fit for purpose due to the results being flooded with irrelevant and artificially promoted results that are less relevant than the less prominent ones.
     
    1 person likes this.
  20. Oct 16, 2014
  21. chayton

    chayton aka LooHoo CAG PABnonaccred webmeister

    Occupation:
    Freelance Designer
    Location:
    Edmonton Canada
    I think the main issue is that most people don't even realize that their website has this hack. It's not like they go to their website and there's a pic of some douchebag saying "You got pwned" - it's not touching any part of the 'real' site, it's just adding to it and google is picking up all the links. It's sort of like a virus that makes your computer a zombie - it still does what it's supposed to do, but it also is doing other stuff in the background.

    So the 22K website owners are just oblivious that they have this bloody parasite attached to them.
     
    1 person likes this.
  22. Oct 17, 2014
  23. vinylweatherman

    vinylweatherman You type well loads CAG MM

    Occupation:
    STILL At Leisure
    Location:
    United Kingdom
    Nevertheless, it's still illegal to infect someone else's computer with a virus, even a benign one. Many users don't realise they have a virus on their computer, but often the "benign" ones are not meant to affect the user in any way, they are designed to stay hidden and become part of a botnet, which can be used to cause serious problems for others.

    This hack causes serious problems for the integrity of Google, it damages the business of other affiliates, and it brings the whole online casino industry into disrepute. It can damage the owner of the infected website too if people come across the site through a compromised Google search, and think that it's the site owner who has done something "black hat" in order to make money from online gambling.
     
  24. Oct 17, 2014
  25. chayton

    chayton aka LooHoo CAG PABnonaccred webmeister

    Occupation:
    Freelance Designer
    Location:
    Edmonton Canada
    Agreed Vinyl, that's why it doesn't make sense that nobody seems to care - I mean like Google and the hosting company. A few of the aff programs pulled the plug, but there are still casinos listed and there are still all these hacked websites. If this guy had hacked a bank or a government site I'm sure there would be somebody all over it.

    Awhile back do you remember there was something called pharmahack - basically the same thing except then you got a page selling viagra and hydrocodone and stuff like that. Everyone who got hacked was pissed, but basically nothing was done - it was all just, "Update your Wordpress and run scans etc" :(
     
  26. Oct 17, 2014
  27. vinylweatherman

    vinylweatherman You type well loads CAG MM

    Occupation:
    STILL At Leisure
    Location:
    United Kingdom
    Is there a product like anti-virus for PC that scans your websites for things like this?

    It seems that these new "digital laws" are not being taken seriously. If you broke into someone's house and used their stuff for your own ends, you would be arrested and charged, yet it seems breaking into someone's website or PC is met by telling the victim they should "run some scans" or "update.......". This is OK, like telling someone to get better locks and shut their windows when they go out, BUT one still expects burglars to be arrested and charged.

    The hard work has already been done by the community, so Google don't even have to start from scratch. Google have the best tools and expertise of all to investigate the scope of this and prepare evidence that the authorities can use to go after the hacker, but it seems they don't care -- or are they trying to bury this because it is SO major a hack that they are trying to avoid embarrassment over their search algorithms being targeted and fooled so easily.

    Maybe Wordpress will care because it seems it's always Wordpress sites that fall victim to these major hacks.
     
  28. Oct 17, 2014
  29. chayton

    chayton aka LooHoo CAG PABnonaccred webmeister

    Occupation:
    Freelance Designer
    Location:
    Edmonton Canada
    Actually I scanned a couple of the websites that I found that had been hacked (crazy is that you can do it to anyone's site too) and both of them were running outdated versions of wordpress.

    So basically if you're running wordpress, you need to keep it updated. PLUS you need to scan your themes before you ever install them and keep THOSE updated. Ditto all your plugins.

    The pharmahack guys were taking a paid-for version of a good theme and offering it for free through file sharing sites or torrents. A bunch of people download it and share the download themselves. Other people tweak the design and offer it for free, sometimes through free theme sites, more people download it. Lots of people get this cool theme for free, everyone is happy - especially the first guys. Because all those people who are using that theme? What they don't know is that the first guys have hidden some base64 in the php code or some other back door hack so as soon as the website is live, the hack is already there, no brute force needed.

    This hack, from what the one guy at GPWA said, was probably from a plugin. Some kind of social media sharing thingie that I've never heard of but sounds like it's had security problems in the past.

    EDIT: Sorry I wandered off there. :oops: To answer your question, an antivirus wouldn't catch something like this. Most security type plugins will do things like monitor changes between plugins that you're running against those in the repository, and checks the wordpress core files against what you have installed. So if there are weird php files showing up where they shouldn't be, or any base64 code added since you've installed, it might be able to find them. I think the best way to see if you've been hacked like in this case would be to use a spider - that would show all the links from your site, so if google is finding them, you should be able to find them too. Once you know you've got it, you'd have to figure out where it came from.
     
    2 people like this.
  30. Oct 17, 2014
  31. Redbush54

    Redbush54 Experienced Member PABaccred webmeister

    Occupation:
    igaming
    Location:
    At the end of the rainbow
    FYI the copy of the letter that is being sent out to all affiliate programs and affiliate managers can be found here You must register/login in order to see the link.

    The "hacker" has since joined a new network and is starting all over again.
     
    1 person likes this.
  32. Oct 17, 2014
  33. vinylweatherman

    vinylweatherman You type well loads CAG MM

    Occupation:
    STILL At Leisure
    Location:
    United Kingdom
    Pretty determined, and pretty confident that he isn't likely to end up in jail over this. Very much the same behaviour we see from spammers. They know they will be stopped, but they won't actually get caught and jailed, so they already have it in their business plan to move quickly on to the next scam once the first gets shut down.

    Ideally, the affiliate programs need to be on the ball so that despite all of this, he is caught out quick enough such that he never sees any commission from this, and so might eventually give it up.
     
  34. Oct 17, 2014
  35. chayton

    chayton aka LooHoo CAG PABnonaccred webmeister

    Occupation:
    Freelance Designer
    Location:
    Edmonton Canada
    Get booted from an aff program, open a new account, change your links for your iframe(s) and you're back in business. :rolleyes:
     
  36. Oct 18, 2014
  37. vinylweatherman

    vinylweatherman You type well loads CAG MM

    Occupation:
    STILL At Leisure
    Location:
    United Kingdom

    Funny how when a PLAYER does this they are accused of FRAUD, which is a CRIMINAL offence. If affiliates can do this, why can't advantage players do it and have a blind eye turned too? Even the terms and conditions for affiliates are not really enforced, yet they are rigorously enforced on players.

    Given that ID verification is down to anti money laundering laws, and thus out of the hands of the casinos, how come affiliates can so easily get away with this kind of thing? I would have thought they would get caught on these new accounts on their first attempt to withdraw earnings, just as the dodgy players usually gets busted when they have to produce documents on the Nth account that actually produces something they can withdraw.
     
  38. Oct 18, 2014
  39. chayton

    chayton aka LooHoo CAG PABnonaccred webmeister

    Occupation:
    Freelance Designer
    Location:
    Edmonton Canada
    Well I suppose it comes down to first of all, noticing that it's happening and then prove that it's happening and then find out who's behind it. From what I understand (although I may be wrong) the way this is set up with an iframe is that any referrals seem to be coming from the correct domain. So the aff program might not notice anything strange even if they were looking for it. The people who own the websites are oblivious because their main site hasn't been hacked. So that leaves it up to other affiliates who are checking their SERPS and find it.

    Then once someone finds it they need to find someone who will listen - there was someone trying to do something about this over a year ago, and at GPWA someone else commented that when they said something 6 months ago nobody cared. I mean, sure it's possible that those websites allowed someone to place a page on their site. :rolleyes: But really, who do you go to or who do you tell? Especially since the only people who seem to care are other affiliates, so any complaining sounds like sour grapes or whatever. The guy who started this time was stubborn though, and didn't give up until someone started listening.

    Who knows though if it will change anything. No matter if some aff programs dump this person temporarily, there will still be others who won't care about their methods. Complaints were made to Google and the ISP and none of that seemed to do anything.

    I personally am not really outraged at what he's done - TBH I have to admire the guy a bit for exploiting the system so well for so long. Maybe that's because my site isn't really my main source of income like with other affiliates though. Of course what he's done is probably criminal and of course it's unethical, but really - he's not defacing the main sites of any of those sites who have his page, so they're not (technically) getting hurt. He's bringing in business so the casinos aren't hurt. He's hurting other affiliates though by filling the first 10 pages of Google with his links and that's a problem - also maybe if this doesn't get nipped in the bud, I can see where people are going to start thinking, "Hey, if this guy can get away with it, why shouldn't I do something like that too?" and then it will just be a free-for-all where everyone loses.
     

Share This Page