Bodybuilding.com has quietly acknowledged that a massive cross site scripting security hole has been open for the past year. Due to the nature of the security problem it allowed attackers to gain access to the users cookies and their accounts. They have no way of knowing how many users were affected. Has there been any word from commission junction if there will be any adjustments to payments up or down?
CJ's tracking pixels are hosted by CJ (unless the advertiser does batch transactions), so that should not have an impact on commissions.
It looks like they are just ignoring the problem. (sorry can't link) http://forum.bodybuilding.com/showthread.php?t=106793071 There are forum posts with links to exploits on the site and they are ignoring it. WOW! Shouldn't they be contacting all their account holders?
Wow. This is going to sound like a silly question, but those tracking pixels in the affiliate link. I don't know if I've always kept them in all of my posts. (I'll insert the code as HTML, and then the pixel will mess up the formating, so I'll delete it) Have I just made a big no-no? I thought the SID code and the affiliate link itself was what was important. What does the tracking pixel actually do?
The "tracking pixel" that I'm referring to is separate from the impression tracking pixel (the 1x1 image on most CJ links). The impressions tracking pixel is not required, and most top affiliates (coupon sites, search marketers, etc...) do not use the impressions pixel. The tracking pixel that records when a sale is made is hard coded (or dynamically coded) into the merchant's website. On the order confirmation page, the pixel is loaded (since it is included in the merchant's HTML code) and then CJ records the sale. Hope this helps to clarify things!
I tried following that Bodybuilding.com link but there site is down. I keep getting a "Service not Available" error.
Brilliant. Thanks for clearing it up. I don't think I've encountered a tracking pixel. Just the impression tracking pixel. I assume that I can rip the link from any of the text links and use it as a 301 redirect and life should be fine?