This method has been around for years now, so it may not be new to some of you. By doing a simple search on google for inurl:”cbreceipt” it will yield hundreds of results to download products that either are currently on clickbank or was sold there at one time. I would not call this a hack, more of a google search exploit that you can easily fix. If you are currently offering a product on clickbank, the page you redirect the buyer to AFTER they have purchased could potentially be open for this exploit. Their are many sites that are still vulnerable to this exploit and a few other’s that I will show you. Do a search for the following on Google to see more examples of exploits.
- Thank You For Your Order + download
- Congratulations on your purchase
- inurl:”cbreceipt” + keyword
For Alexa you can also do a search for
- Thank You for Your Purchase!
- Your credit card statement will show a charge
With these simple searches, you can easily pull up hundreds of ebooks and other products that people are selling on there website. Now I am not condoning you actually do this, I simply want to educate you for your own site on how to prevent this. If you visit these sites, I suggest you use an anonymous proxy so it hides your IP address. Now if you are currently offering a product on your site, you not only need to check to see if your site is indexed by this method, you need to check your log files as well. Compare the amount of sales you made in a given week, then compare the stats to your download page to see how close they match up. If you are selling a product for $40, and each week 1 person downloads it for free, that is $160/month you are losing. Yes I understand that person might not have purchased the book anyways since they were looking for a freebie, but you never know.
To help prevent your site from getting listed with this exploit, you need to add the noindex, nofollow meta tag. The nofollow is different then the rel=”nofollow” as you will be placing this in an actual meta tag on your download page. This will tell the spiders to not index this page as do not follow anything on this page. You can also setup specific rules in a robots.txt file to go even further in customizing rules for specific bots to spider your site. This is a must for any marketer trying to make a living selling there own product, you want to prevent people from getting it for free to maximize your sales potential.
Another tip I can give you is to NEVER name your pages or directories as the following:
- download.html .htm .php .asp
- thankyou.html .htm .php .asp
- thank-you.html .htm .php .asp
- ordercomplete.html .htm .php .asp
- order-thankyou.html .htm .php .asp
- order-thank-you.html .htm .php .asp
- receipt.html .htm .php .asp
Setting up your pages or directories like this to download your digital product is setting yourself up once again to let people access it for free. These are the most commonly used page or directory names marketers tend to use on their site. Stay away from using these to ensure yourself that your product download page will not be easily found by lurking eyes. Remember to check your log files, I know I said this before, but you should alway be looking to see where your traffic is coming from as well as where they went.Share and Enjoy: