Cookie Stuffing: A to Z - Dr. Mortal

Copyright Information in this document is the sole property of Dr. Mortal („The Copyright Holders‟). No part of this document may be duplicated, transmitted, resold or reproduced in any form or by any means without prior permission in writing from the copyright holder. Unauthorized duplication of this ebook in any way or form is strictly prohibited. Violators will be prosecuted to the fullest extent of the law. Disclaimer The copyright holder Dr. Mortal does not assume any responsibility for the use or misuse of this information. Any financial loss sustained to any persons or property from the use of this information is solely the result of the individual, and, or company. Dr. Mortal does not guarantee any future results using this information. You will learn proven Cookie Stuffing methods, but what you personally achieve will not be the results from this information. In order to achieve the personal satisfaction desired is solely up to the reader / user, by what actions are taken. The amount of time, money, and effort you put forth will determine upon your individual results.

Introduction

With this ebook, I'll try to give you everything you need to know about cookie stuffing to get started and learn some decent advanced stuff to be as undetectable as possible. This is not a step by step guide on how to make money or get accepted at affiliate networks, but a guide which gives you the knowledge to understand and develop methods on your own. I basically wrote this ebook, because I think the CS talk on BHW hit rock bottom, so hopefully a few people that are new to CS get a introduction and some that already know the basics get some new ideas and methods, so the CS talk perk up again. One thing before we are getting started: If you have problems understanding something, read it again and if you still don't understand what I am trying to say, please feel free to ask me, whether I don't explained it well or my english sucked too much;-)

Are you ready? Then let's go...

What is Cookie Stuffing and why does it work?

First of all, why do affiliate networks use cookies? When you refer someone with your affiliate link to a website and he/she makes a sale you get your commission. The cookie tells them that he/she came to their website through your link, even if they left the website in between. In short, they track their sales with the cookie. Different advertisers use different length of time till a cookie expires. Most of them use 30 or 60 days. But before stuffing them, please make sure there is a cookie time duration, because it could also be that they use session cookies. That would mean that the cookie expires (gets deleted) when the user closes his browser. So you don't get commission when he purchases something after closing his browser in between, which is very likely when stuffing people.

Now, what is cookie stuffing? The term „Cookie Stuffing“ means, that you give a user or better hundreds and thousands of users :P - your affiliate cookie without them knowing about it. Why? Because you get commission when they buy something from your advertiser! So, your goal is to give them your cookie in a way they don't notice it. Now, you'll learn how to stuff people and later on I'll explain different methods to hide your tracks.

Basic Methods

There are different methods to stuff a user. Which you choose depends mostly on where you stuff. There are four well-known methods:

. ● Iframe Stuffing

. ● Image Stuffing

. ● Javascript Stuffing

. ● Flash Stuffing In this ebook we'll focus on the first two of them (Iframe Stuffing and Image Stuffing). With them we can stuff easily and are almost undetectable (with a few tricks). So, let's start!

Iframe Stuffing

I think iframe stuffing is the most known and easiest to understand method to stuff someone, BUT it's also the quickest method to get you banned if you don't hide your stuffing. In this chapter I'll explain how it works and in a later chapter I'll give you methods to hide it.

Iframes are designed for including other documents in a frame in your webpage. That means another webpage is now part of your webpage and is loaded whenever your webpage is loaded. So, if you paste your affiliate link in your iframe, it gets loaded every time someone loads your webpage. Now, when you put your affiliate link in the iframe, the site gets loaded and the cookie gets stuffed. The code looks like this:

<iframe src="http://www.affiliate-link.com/" height="1" width="1" frameborder="0"></iframe>

In this code I made two important things. The first one is that I made the iframe 1 pixel high and 1 pixel wide, so no one can see the content of the iframe. But in some browsers you still see the iframe, because there is a border. To get rid of the border and make sure the iframe is kind of invisible I set the frameborder to 0.

Now, you know the basics of iframe stuffing, but please don't stuff without any further protection. Some ebooks say this would be safe and no one will notice the iframe. Don't be an idiot, your affiliate manager will look into your code and WILL find the iframe! If you are unlucky he already notices that a cookie gets dropped when he just visits your site. Just read on, before starting to stuff!

Image Stuffing

Now, let's start with the Image Stuffing. At first, I'll give you the code:

<img src="http://www.affiliate-link.com/">

You wonder why this works? Why this stuffs a cookie, even though the webpage (http://www.affiliate-link.com) does NOT get loaded? It's not like an iframe: The webpage doesn't load, because you just want to have an image! In order to understand why Image Stuffing works, you need to know how HTTP (Hypertext Transfer Protocol) is designed. Every message – means your request to the server and the response from it – is made up of two parts: The header and the body. The header contains important information about the body such as the data type or the code, so the receiver can interpret the actual data, which is in the body, correctly. Now, when you use the above code, you ask for an image. You won't get the webpage, because it isn't an image, but you'll get the header! This is the important part, you'll get the header! And you know what? The cookie is transferred via the header! You get the header, you get the cookie! Ok, this was a knaggy passage, but I hope you got it. If not, feel free to ask me. Important is that you understand that the cookie is in the header! If you want more information on this use big G with the term “HTTP Header”.

When you try the above code with FF, you'll hopefully see nothing. When you try it with IE, you'll probably see a red x. If you try it with Opera you might see a box with the text “Image” in it. And if you try it with Safari you might see a box with a question mark in it. I think these are the four most important browsers. Now, let's get rid of these things. Here are 3 different solutions:

1. 1. height="1" + width="1" 2. 2. alt=" " 3. 3. display:none I often read that people have problems with the red x, even though they use number 1 (downsizing the image). For some reason, I don't. I tested it with different versions of MSIE, FF, Opera and Safari and never had any problems. Anyway, I often read to use the alt tag with just a space character in it. Another method that works is to hide it with CSS. If you don't know how to use these three things, I give you the code in which I include them:

<img src="http://www.affiliate-link.com/" height="1" width="1" alt=" " style="display:none">

This will help you only on your own sites or in forums which allow HTML.

Image Stuffing has advantages and disadvantages over Iframe Stuffing. I think the

most important advantage of Image Stuffing is that it doesn't need to load the whole webpage when stuffing so that you don't see something loading in the status bar for a long time. This would be a weakness of Iframe Stuffing. Another disadvantage of Iframe Stuffing might be that the AM detect your stuffing much faster when going to your source code. But with Iframe Stuffing you can change the referer which you can't do with Image Stuffing. More on that later.

I hope you understood all the stuff I talked about, because now we are going to learn some advanced stuff :-) If you don't, please read it again before reading on.

Methods to make your stuffing nearly undetectable

In this section, I'll try to give you as many tips as I can to hide your stuffing. In order to realize these tricks, I'll often give you code which you have to put in your .htaccess file. For those of you who have no experience in cookie stuffing or web development, I'll tell you what you have to know about it.

The .htaccess file is a configuration file for your server. You have to create it and put it in the main directory. You don't know how to create such a file? Then I'll tell you (this is for windows users): You open the Editor which is provided by default, type in your code and click on “save as...”. Now, you click “All Files” where it says “File type” and where it says “File Name” you enter “.htaccess” without the quotation marks, but with the point/dot. Now, you're done. With this file you can password protect directories, deny IPs, redirect files and so on. You see, it can be very helpful!

Sorry, for those of you who knew that before, but this is also a guide for people who are knew to this stuff. Don't worry, the advanced stuff is not far away...

Blanking the referer

If you don't want the AM to see the site on which you are stuffing, one way is to blank the referer, so your AM don't see where the traffic is coming from. Please, do me a favor and don't blank the referer when using CJ (Commission Junction). They really don't like blank referers and might even ban you for that. When using CJ, always fake the referer - I'll talk about it later. For blanking the referer, the DMR (Double Meta Refresh) has proven of value. First of all, I'll give you the code, then I'll explain:

redirect1.php <?php echo"<metahttp-equiv=\"refresh\"content=\"0;url=http://your-site.com/redirect2.php\">";

?>

redirect2.php <?php

$referer = $_SERVER['HTTP_REFERER']; if($referer == "") {

echo "<meta http-equiv=\"refresh\" content=\"0;url=http://www.affiliate-link.com\">";

} else {

echo "<meta http-equiv=\"refresh\" content=\"0;url=http://www.your-site.com\">"; }

?>

Now, you just have to link your traffic to redirect1.php. This traffic will then get redirected to redirect2.php with a meta-refresh. A meta-refresh blanks the referer in most browsers, therefore we use it. But it blanks it NOT in all browsers, so we have to check it. We do this with the redirect2.php: If the referer is blank, it sends the user to your affiliate link (http://www.affiliate-link.com), if not it sends him to another site of your choice (http://www.your-site.com).

With which stuffing method does that work? It works when you do Iframe Stuffing, but not when you do image stuffing. So, when you stuff with an iframe, put the redirect1.php in the iframe. I heard people say an iframe blanks the referer; this may be right for some browsers, but NOT for all, so you have to put the DMR in the iframe in order to blank the referer of all your users.

You wonder if it is possible to blank the referer when you are stuffing with images? It is, but only for IE users! This may be helpful when stuffing forums, but you always have to send traffic from a second source to your affiliate link, because it would look very suspicious if you were only sending IE users. In order to blank the referer you need SSL (Secure Sockets Layer), it's a security protocol. You can see if it is used when you look

CSing is a

game.Play

hard and

earn

big……..

at the address bar: If there is a “https://” before the URL. How to blank the referer exactly (when image stuffing), I'll show you later (in the forum stuffer part), after discussing a few more things. Then we will code a little image stuffer with some of the things we have learned ;-)

Checking the referer

Before we are able to fake the referer, we need to talk about how to check the referer. This is not only useful when you want to fake the referer. Imagine you can stuff only people which are coming from a specific webpage or domain to your site. You could stuff only people who are coming from Google or if you want only people who are coming from Google and searched for a specific term. If you are experienced in cloaking you know how to do it. This is very easy, but I think the best way to protect you from stuffing your AM. If you read this guide carefully, you already know how to check the referer, but here is the code again:

<?php $referer = $_SERVER['HTTP_REFERER'];

?>

This script will look up the referer and save it in the variable named “referer”. We used this in the DMR, too. So, if you want to stuff only people who are coming from http://www.abc.com/page5.html you would take the following code and put it somewhere in your webpage (between <body> and </body>):

<?php $referer = $_SERVER['HTTP_REFERER']; if($referer == "http://www.abc.com/page5.html") {

echo "<img src=\"http://www.affiliate-link.com\" width=\"1\" height=\"1\" alt=\" \">"; }

?>

In this example, we obviously stuff with the image method, so be aware that it will pass the referer. But don't worry, this is not bad, your AM won't get stuffed, because he doesn't come from the above referer.

You want to stuff people who are coming from a specific domain regardless from which page of this domain? Here is the code with Google.com by way of example:

<?php $referer = $_SERVER['HTTP_REFERER']; $domain = substr($referer, 0, 22); if($domain == "http://www.google.com/")

{ echo"<imgsrc=\"http://www.affiliate-link.com\"width=\"1\" height=\"1\" alt=\" \">";

}

?>

At first, we get the referer and save it in the variable $referer. Then we use the substr function in oder to cut our string (the referer) to our needs. Now, important is what the two numbers mean. The first number is the start position of the string; 0 is the first character. The second number is the length of the new string we want to have (here 22). This means it cuts the referer, for example http://www.google.com/#hl=en&q=education so that we start at the position 0 (first character) and count 22 characters (→ http://www.google.com/). Thus, the new string

has a length of 22 characters. This string is now saved in the variable named $domain. The if loop and the stuffing code should be clear, I think. You can do that with every URL you want.

Faking the referer

When I say faking the referer I don't really mean faking, but I don't know how to put it more correctly. You will see what I mean ;-)

This works not with images or only with a mix of image and iframe. I will show you how to fake the referer with an iframe.

We have 3 pages in my example. Your Black Hat Site, another page (e.g. a subpage of your BH Site) and your White Hat Site. On your Black Hat Page you'll stuff with an iframe. In this iframe you'll open the subpage I talked about. This page just redirects the user to your BH Site, but with a redirect which passes the referer. The White Hat Site will read the referer and either redirect the user to the affiliate link or open the normal White Hat Site. Now, the important part: The White Hat Site only makes the redirect to the affiliate link when the referer is the subpage of the BH Site. This means that the redirect method we used (on the subpage of the BH Site) passes the referer in the browser the user uses. Now, on the White Hat Site we redirect them with the exact same redirect method we used on the BH subpage, so we can be sure that the affiliate network will see the White Hat Site as the referer (in 100% of cases). But if they go to your White Hat Site, they will see your normal site, because they don't have the BH

subpage as referer. The method seems a bit familiar to you? No wonder, it's similar to the DMR with the referer checking to make sure the browser does what we want it to do :-)

Now, it's time to code it and it's a little bit more complicated as I described it, because we need two different redirects for different browsers. One for IE and one for all the other browsers. This is because we need a method that passes the referer, but the first one does not redirect correctly with IE and the other does not redirect with FF. I tried it with a few browsers and different versions of them and decided that it's best to split these two methods like the way I told (one for IE, the other one for the rest). This means that we need to check the browser the user is using. Now, I'll give you the code to redirect them:

subpage_of_bh-site.php <?php if(stristr($_SERVER['HTTP_USER_AGENT'], 'MSIE')) {

print <<<END <html> <head> <title>redirect</title> </head> <body onload="javascript:frmBla.submit();"> <form action="http://www.white-hat-site.com/" method="post"

name="frmBla"> </form> </body> </html> END;

}

else { print <<<END <html> <head> <title>redirect</title> </head> <body> <script language=Javascript> document.location.href="http://www.white-hat-site.com/"; </script> </body> </html> END;

} ?>

This code at first checks if “msie” is contained in the user agent, so we know if the user utilizes a IE version. If so it redirects them with the first method, else it uses the other method. This code will send the user to http://www.white-hat-site.com/. I think and hope I coded it clearly arranged enough, so I think I don't have to explain more at this point. So, let's go on with the White Hat Site:

index.php

<?php $referer = $_SERVER['HTTP_REFERER']; if($referer=="http://www.black-hat-site.com/subpage_of_bh-site.php") {

include("redirect123.php"); } else {

include("normal-white-hat-site.php");

}

?>

This is the index page of your white hat site. If the referer is the subpage of the BH site, the redirect123.php will be included. This redirected123.php has nearly the same content as the page subpage_of_bh-site.php, but it doesn't link to the white hat site, but to your affiliate product. If the referer is not the subpage of the BH site, the user gets to see the normal white hat site.

You have problems understanding my idea? Okay, I made a picture for you, so maybe you'll understand better. Also, I put the codes in a zip file named “faking_referer.zip”. Here's the picture:

Stuff a certain percentage of your users

Another method to minimize the chance that you stuff your AM is to randomly stuff a certain percentage of your visitors. This can be good for another thing, too. Normally, you would remove the 1x1 tracking pixel from your advertiser – if there is a 1x1 pixel – but if you stuff only a percentage of your visitors you could leave it there if you are doing it right. Anyway, I think there is no reason to do that, so I'll not go into it any further.

Okay, there are many ways to stuff randomly users, depending on what stuffing method you use. I'll show you how to do it in an easy way by just putting the image or iframe code in one of five cases:

<?php $rzahl = rand(1,5); if($rzahl==1) {

echo "<img src=\"http://www.affiliate-link.com\" width=\"1\" height=\"1\" alt=\" \">";

}

?>

This is an easy variant of stuffing 20% of the visitors. But with this code we can also rotate different affiliate links. If you want to stuff 2 affiliate links with the stuffing percentage of 20% (each) it would look like this:

<?php $rzahl = rand(1,5); if($rzahl==1) {

echo "<img src=\"http://www.affiliate-link-1.com\" width=\"1\" height=\"1\" alt=\" \">"; } if($rzahl==2) {

echo "<img src=\"http://www.affiliate-link-2.com\" width=\"1\" height=\"1\" alt=\" \">";

}

?>

I hope you get the idea! Let's move on and make the stuffing code look less suspicious...

Redirects with .htaccess file

If the AM takes a look at your source code and is one of the visitors who gets stuffed, it is very likely that he'll see that your stuffing, isn't it? It's too obvious with the affiliate link. So, let's hide it with the aid of the .htaccess file.

You can make your code to something like this and also stuff people:

<img src="pic.png" width="1" height="1" alt=" ">

But you have to add the following code to your .htaccess file:

RewriteEngine on RewriteRule pic.png http://www.affiliate-link.com/ [L,R=301]

This will redirect the pic.png to your affiliate link, so the visitor gets stuffed. The good thing about it is that your AM can't see your .htaccess file :-

1x1px images are suspicious

They are suspicious, aren't they? So, how do we get rid of it? You already read the answer! We use an external CSS file in which we say “hide the image”, so we can not only remove width and height we could also give them 100px of height or width if we wanted to, but I think it doesn't matter (the example is with width and height). If you don't use an external CSS file, use it from now on ;-) It's not hard to implement it. If you don't know how, google it.

Here is an example:

bla.html

... <img class="bild" src="pic.png" width="100" height="100" alt=" "> ...

bla.css

img.bild { display: none; }

So, it's that easy. If you wanted to, you could also minimize the picture to 1x1 in the

CSS file. There are ways to give your AM another CSS file, but I don't think that it is necessary. In reality, there would also be much more code in the CSS file, so it wouldn't catch so.'s eye as easily as in the example code.

Tutorial on how to Code a Forum Stuffer

I think it gets maybe a bit boring to read the information without a bigger aim. Only pieces which have to put together to make something valuable, so I decided to give you the rest of the information included in a tutorial in which we'll code a little forum stuffer which blanks the referer. The goal of this tutorial is NOT to get a script, but to give you some more tricks and show you how to put a few things you've already learned together.

Let's start with the question what the stuffer should be able to: . ● Only people who come from the page you are stuffing on will get stuffed . ● Show an image if the victim does not get stuffed . ● Stuff 1 IP only 1 time in 48 hours . ● Blank the referer . ● Don't stuff certain IPs Now, I'll give you the example names and a rough overview about the concept. We are stuffing on the page http://www.forum.com/thread123.html with the URL http://our-site.com/sig.png. When the user has the referer http://www.forum.com/thread123.html, we want to redirect him to our php script (https://our-site.com/sig.php, remember: we need SSL to blank the referer (works only with IE)) else we redirect him to the image sig.PNG. This works when you have a UNIX-server - which is very likely - because they distinguish between upper and lower case. When the user gets redirected to the php script, the script will look if the user got stuffed in the last 48 hours and stuff him if he didn't get stuffed and don't stuff him if he got already stuffed in the last 48 hours. But it stuffs only when he does not have an IP which is on the black list. BUT the user does not get stuffed until we make sure he has a blank referer, so we sent them to a http page (https → http) to blank the referer

in IE. This page checks if the referer is blank and redirects them to another page which checks it again in order to make sure the redirecting method doesn't leave a referer. Okay, you didn't understand the last few sentences? No problem, we will now discuss every step in detail...

Referer Checking via .htaccess

Okay, the first thing we want to do is to redirect only those people who come from the

forum you are stuffing to the php script. The other ones get promptly redirected to the image (sig.PNG). In order to do this we use the .htaccess file and the following code:

RewriteEngine on RewriteCond %{HTTP_REFERER} !^http://(www\.)?forum\.com(/.*)?$ [NC] RewriteRule sig.png http://our-site.com/sig.PNG [L,R=301]

RewriteCond %{HTTP_REFERER} ^http://(www\.)?forum\.com(/.*)?$ [NC] RewriteRule sig.png https://our-site.com/sig.php [L,R=301]

This will redirect all people who come from the domain forum.com (thought this might be easier, because you'll probably stuff more than one thread) to our php script and the others to the image. Now, we'll go on with the php script. Don't Stuff Certain IPs

You have IPs from your affiliate network? Then you probably don't want to stuff them. Therefore we need a database; okay, we could do it without one, but we need one anyway. So, that's the code to create the tables:

CREATE TABLE tableone ( id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, ip VARCHAR(15) NOT NULL, vtime VARCHAR(11) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8;

CREATE TABLE tabletwo ( id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, blackip VARCHAR(15) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8;

You don't know where to put the code? Okay, this does not belong to a cookie stuffing ebook, but since there are probably some of you who never used databases, I'll show you how to set it up, but I do that in an extra pdf, because not all of you need that. The pdf file (Instructions.pdf) is in the zip folder of the forum stuffer.

Here is the code to connect with the database:

sig.php <?php @mysql_connect("host name", "mysql user name", "mysql password") or die("Connection to MySQL failed!"); @mysql_select_db("mysql database name") or die("Database access failed!"); /* Here starts the stuffing code */ ?>

In the above code you have to replace “host name”, “mysql user name”, “mysql password” and “mysql database name” with the information of your database. Now, we begin with the IP blacklist...

It's very simple, you put the IPs of your affiliate network in the field “blackip” of your table “tabletwo”. You can do it with php, but if you are new to programming, just use phpMyAdmin. In the Instructions.pdf file, I explain it to you with screen shots, so all of you can do it.

Now, this is the code for our php script:

$ipaddress = $_SERVER['REMOTE_ADDR']; $blackipquery = mysql_query("SELECT * FROM tabletwo WHERE blackip='$ipaddress'"); if(mysql_num_rows($blackipquery) > 0) { header('Location: http://our-site.com/sig.PNG'); } else { //continue the stuffing script }

This code snippet saves the users IP in the variable “$ipaddress” and then look how many rows with this IP are in “blackip”. If the user has an IP which is in the field “blackip”, he gets redirected to our image sig.PNG (because there is 1 row and 1>0 is true), else the script goes along and he doesn't get redirected.

Stuff a user only once in a time period

It would look suspicious, if you sent the same user again and again to your affiliate offer. So, we want to stuff a user only once in a certain time period. I'll give you the code and explain then.

$dtime = time(); $del = $dtime -172800; mysql_query("DELETE FROM tableone WHERE vtime < $del");

$ipaddress = $_SERVER['REMOTE_ADDR']; $ipquery = mysql_query("SELECT * FROM tableone WHERE ip='$ipaddress'"); if(mysql_num_rows($ipquery) < 1) { mysql_query("INSERT INTO tableone (vtime, ip) values ('$dtime', '$ipaddress')"); header('Location: http://our-site.com/redirect1.php');

} else { header('Location: http://our-site.com/sig.PNG');

}

Okay, let's try to understand the code ;-) In the first line, we save the time that has past since 01/01/1970 (I believe to remember) in the variable “$dtime”. Now, in this example I use a time period of 2 days. That makes 60*60*24*2 seconds (172800 seconds). We subtract the 172800 from our variable “$dtime” and save the result in the variable “$del”. Then we delete all entries in the field “vtime” which are less than the number which is saved in “$del”. Which entries does the field “vtime” have? There, we save the variable “$dtime” which gets greater by time, because the time which has past since 01/01/1970 gets greater by time^^ We save the users IP in the variable “$ipaddress” and if the IP is not already in the field “ip”, we save his IP and the time in the corresponding fields “ip” and “vtime” and then redirect the user to the page redirect1.php (script finished), else he gets redirected to the image (because his IP was already in the database).

This is hard to understand if you have never programmed, but you don't have to understand all of it. It's important that you understand how it works; the code you need for it can be copied ;-)

Redirects

If the user is almost ready to stuff, we check now his referer on the page redirect1.php. The referer should have been blanked for IE users when they got redirected from the

https page to the http page. Let's check if they have a blank referer and send them to another redirect page if they have and if not, show them the image (sig.PNG). You may ask why we don't send them instantly to our affiliate link if he has a blank referer. I tested it with several thousand users and ALL of them kept their blank referer, so the affiliate network would not see a referer, BUT actually the user (browser) gets the header redirect and the BROWSER does what it wants to do with it. Now, it looks like all MSIE versions I got, kept the blank referer – which most of the browsers do with a header redirect – but I think, better be safe than sorry! So, let's redirect them to the other page with a header redirect to the affiliate link:

redirect1.php <?php

$referer = $_SERVER['HTTP_REFERER']; if($referer == "") {

header('Location: http://our-site.com/redirect2.php'); } else {

header('Location: http://our-site.com/sig.PNG');

}

?>

redirect2.php <?php

$referer = $_SERVER['HTTP_REFERER']; if($referer == "") {

header('Location: http://affiliate-link.com'); } else { header('Location: http://our-site.com/sig.PNG'); }

?>

This way, we can be sure it has a blank referer :-)

Now, we have a little forum stuffer. You can improve it with the knowledge you got in

this ebook or already had. You can redirect users who access the sig.php file with a blank referer (direct access) or all users who does not come from the forum you stuff, to the image. We did this in the .htaccess file with the image sig.png. But, you can do that also for the sig.php. You can also stuff a certain percentage of the users (who have a blank referer). If you want you can also redirect all users who don't use the IE at the beginning of the php script or even when they try to load the sig.png (with the aid of the .htaccess file). They will get filtered anyway, but you could filter them earlier, so they don't have to go through the script. We learned it (browser checking) when we faked the referer for iframe stuffing. You remember? You could do it also with the .htaccess file, but I don't think you will ever need it. If you do, ask me and I'll give you the code ;-)

I put the whole forum stuffer in a zip file, so you can copy from there if you want to test something or use it as your basic structur

Conclusion

Now, you're ready to stuff, aren't you? Maybe, you have to read the ebook twice or more to understand all of it. But if you have questions, ask me and I'll try to help you. I hope you enjoyed my ebook and learnt a few new things. Please, do me one favor and don't try to copy my ebook...

So, good luck for your stuffing!! And if you have questions, ask me