Interestingly, not the url in the 'form action:'. Any orders placed on my order forms (through their site) still come to me. I do feel for you losing out on the cj links though.
Right, so you are not making any money from this .... but you heard what Christopher said?? He's getting orders. His users "might" get a warning 'cos the URL will not match the URL on the SSL. If he's not using SSL, he'll just get extra business through this, i.e. it's good for sites that are directly selling their goods. Forums would benefit as well (partly). They won't get any ad income, but will get more exposure, possibly new members, new posts etc. People who are simply promting an offline business will also benefit from this, as they do not make money through clicks, rather want people to find them on the net and visit their store or call them or whatever. (By the way, just because you don't agree with something, doesn't make it incorrect) Anyway, as I said you are not benefiting from this ...... so, why don't you try one of these solutions: 1. Add some code to your page. Look at the domain and if it contains 1bu.com, block the request. Or 2. Do something more permament. Check to see if the domain is www.yourdomain.com. If not, block it. They are replacing all www.yourdomain.coms by www.yourdomain.com.1bu.com .... so you will need to save "www.yourdomain.com" in a text file, open it and compare it against the domain. Or 3. Not sure if this will work, but you might be able to edit robots.txt and block their domain. Robots.txt is not really my area and so, I am not sure if this is even possiblt. Perhaps someone else might be able to confirm this.
I doubt I would get orders from them because there is no way they would show up for my keyword unless they did some very heavy offpage seo, and they wouldn't with no advantage to them. If by chance someone did order through their 'rendering' of my site it would work. I think it's fair to say this thing affects sites differently, and is much worse for some than others.
1001, you might go to something like experts-exchange.com (very, very, handy place), sign up and post a question in php or some other relevent section based on your server, tell them what's happening and ask how to block it. Someone there can write a script that should take care of it. I started playing around with writing something myself, but my php skills are limited and I'm slow. I don't have time to complete it right now. I'm late for supper
I'm surprised to see that some people are saying they are Ok with orders coming from 1bu. This is a classical man-in-the-middle attack scheme and if one of your customers places an order through 1bu, these guys simply can steal any personal or financial information involved in such transaction. Anyone who cares about their business, should block these guys' IP addresses. J.D.
No, I checked. The form action goes straight to my url, they are not stealing the data. I'm not saying that I am happy with what they are doing, I'm not condoning it. I would rather they not do it... but I also think that calling this an 'infection', like it was a virus, is overblown. They don't appear to be collecting data or hijacking affiliate links. From what I can tell, nothing they are doing is very devious... but maybe it could trigger a duplicate filter or may cause other seo problems, but none that i've noticed. I do wonder what their purpose is though. Anyone able to read chinese?
There is no way that anyone developed a script like that or is doing that to so many pages without it being devious. If I find my site in there, I will tell anyone who will listen...
I suspect you can find your site 'there'. I think they are just running a one page script that grabs your page real time. Basically just mirroring your page, changing your on page links to their own filtered links. They don't actually have everyone's pages stored on their server. Anything typed in (url).1bu.com will be mirrored unless their script is blocked from doing so.
Your site *is* there - they redirect requests and rewrite responses on the fly. They DNS server recognizes any domain name that end with 1bu and interacts with their web proxy to place requests to the original website. Block their IP addresses. J.D.
I used the page in the following quote to delete one of my sites from their "scheme" a couple of hours ago and it is now corrected. Check out http://www.hotdeeds.com.1bu.com/ to see the results. The opt out is confusing and a PITA for multiple sites, but it appears to solve the problem. By the way, I've never mentioned it before, but this is a great forum and you guys are very helpful to an old dog trying to learn a few new tricks. Roger
Alright guys, put this in terms a dummy or a newbie can understand, they are stealing SERP's and directing traffic to their sites like a cheap directory gets in the SERP's using your keywords or domain Please explain this in words the average non-webmaster can understand
I do wonder how they are getting these urls into google. They must have a list of sites with their 1bu.com tagged onto the end for google to find all these. I just checked and found that google has also indexed a ton of page caches from the wayback machine, archive.org Brings up the same thought, how has google found all those pages unless archive.org has a directory somewhere of all the sites they have cached?
I would advise everybody to avoid using any of their tools. It's like opening spam mail - you will just invite more because now they know you do exist and ready to interact with them. Blocking their traffic is the way to go. They appear to work only from these two addresses - 219.129.21.137, 219.133.55.45. If anybody has seen other addresses, please share. J.D.
So they are stealing pages, putting their URL's on them and have a mirror site in China for those pages, again someone who understands what is going on put it in terms a dummy can understand
Who has the google complaint email again? I don't need anymore help moving down in the SERP's with Google.