Cookie Stuffers on macRumers.com

Discussion in 'Site and Forum Feedback' started by KonichiJ, Aug 29, 2009.

  1. KonichiJ macrumors newbie

    Joined:
    Aug 29, 2009
    #1
    Wanted to post this to make moderators/admin at macrumors.com aware of a potentially harmful practice occuring on your forum.

    There are over 4 posts on this forum that include an image link to snagpic.c-m with a 1x1 .gif, including here:

    http://forums.macrumors.com/showthread.php?t=721136

    and here,

    http://forums.macrumors.com/showthread.php?t=719869

    that may contain data that will plant a cookie within one of your visiting guest's, moderator's, or admin's webbrowser for website affiliate programs like amazon.com or eBay partner network which will earn the offending poster or website if your visitor were to visit that said affiliate program's website to make a purchase. The cookie may override any cookie that your website fairly placed on that user's computer potentially stealing away any earnings that you should have earned.

    This exact same thing happened on my own forum this week. The offending posters had placed the .gif on my website, which after further inspection, did not contain harmful data...but could have at a later date should they decide to manipulate that data for the cookie stuffing method.

    Here are some links on your forum with the clear.gif posts

    http://www.google.com/search?hl=en&...crumors.com+snagpic&btnG=Search&aq=f&oq=&aqi=

    Take care,
     
  2. GoCubsGo macrumors Nehalem

    GoCubsGo

    Joined:
    Feb 19, 2005
    #2
    Interesting, there aren't really images on that page aside from the avatars.
     
  3. KonichiJ thread starter macrumors newbie

    Joined:
    Aug 29, 2009
    #3
    The images are so small (1x1 pixel), you can't view them without doing a "view source".
     
  4. GoCubsGo macrumors Nehalem

    GoCubsGo

    Joined:
    Feb 19, 2005
    #4
    So you're saying these are harmful? Sure you know the source of them?
     
  5. KonichiJ thread starter macrumors newbie

    Joined:
    Aug 29, 2009
    #5
    "potentially" as it will be macrumors.com's job to figure that one out. I don't think a .gif or .jpeg could do any real harm to an unsuspecting user's computer but it could harm macrumors.com's bottom line stealing away earnings that could pay for server costs and other expenses for hosting a website.

    Wiki article on cookie stuffing: http://en.wikipedia.org/wiki/Cookie_stuffing
     
  6. xUKHCx Administrator emeritus

    xUKHCx

    Joined:
    Jan 15, 2006
    Location:
    The Kop
    #6
    Thanks for the feedback, the search results you linked to are from the google cache and were actually deleted from the forums on the 17th of August having only been up for a very short time.

    As you probably realise from your first post the url that the specific case comes from is blocked.
     
  7. KonichiJ thread starter macrumors newbie

    Joined:
    Aug 29, 2009
    #7
    ah, very good. I hadn't gone that far into detail.....

    I just noticed I mispelled macrumors on the thread title.... heh. Anyway, I'm kind of on a mission this morning to find some forums with these posts....looks like you've already taken care of everything here. Take care...
     
  8. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #8
    Just a note that browsers have a setting to only allow cookies from the site you're visiting, and blocking ones from 3rd party sites, which I believe will keep the cookie stuffing from happening. Below is how to set your browser to not accept third party cookies.

    Firefox: Preferences > Privacy > uncheck Accepts third party cookies

    Safari: Preferences > Security > choose Accept cookies: Only from sites I visit

    Opera: Preferences > Advanced > Cookies (left panel) > choose Accept only cookies from sites I visit
     

Share This Page