Clickbank is a large affiliate provider that is mainly known for informational products such as ebooks.
If you look around on their website you find a lot of webmaster related products but also products of other niches such as Business to Business and Money & Employment. The interesting part (for us) begins when we take a look at their requirements for pages, or better thank you pages, that sell Clickbank products.
The requirement is that a thank you page has to be created on the website that sells the product; these pages are displayed after the purchase has been made. Many Clickbank webmasters put download information of their products on the page to make it as easy as possible for their customers to download the product once the purchase has been made.
Guess what happens if you search for terms that have to be on those pages on Google? Right, hundreds of Thank you Clickbank pages appear that can be used to grab the product without purchasing it.
I add some tips on securing the pages at the end as well. Most Thank You pages will contain the following or a similar sentence:
Please Note: Your credit card will be billed by "CLKBANK*COM". The name "CLKBANK*COM"will appear on your credit card statement.
A search for Clkbank is however not enough and we need to find another phrase that is on most of those pages, and that one is "right click". Searching for clkbank right click reveals hundreds of product pages that offer the product as a download after making the purchase. You could try other phrases such as "Clkbank thank you" for instance.
And here is how you could try and stop this. I'm not a Clickbank affiliate and do not know if Clickbank offers a better way of protecting those pages. The first thing that comes to my mind is add a referrer check using simply htaccess to those pages. If the page before opening this was not on the same domain do not display it.
This would get rid of most users from Google because this is obviously not the correct previous page which should be the Buy page instead. This could be countered by Referrer spoofing but you probably get rid of the majority of downloads this way.
The only other way to make it more secure would be to create a unique password for each purchaser and send it to the registered email account with a link to a website where the product can be downloaded from after logging in. This is a bit harder to code and puts additional burden on the buyer but secures the product.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.