AutoRank Pro has several methods of cheat protection including complete IP tracking, the gateway page, gateway page sessions, and cookies. Here we
will discuss how they work, and what type of cheating they prevent. We will also discuss the cheat log so you can understand how to interpret it.
Complete IP Tracking
The first method of cheat protection is complete IP tracking. Put simply, a log of IP addresses is kept for each member. Each time a new click is
sent, the script checks the IP logs to see if that IP has clicked through before. If it has, the click is not counted and a cheat is (optionally)
recorded in the cheat log. In the Edit Options interface you can tell the software how often it should clear the IP logs. If you only want one hit
per IP per day, set that value to 86400. To keep the software execution times and sever load low, we recommend that you clear the IP logs at least
once each day.
The next cheat prevention mechanism is the gateway page. What this does is to create a gateway page on your server that surfers must click through
in order for a hit to be processed. Using this will protect you from <img> tag cheaters. For example, some cheaters will attempt to insert a
link to the in.cgi script in an image tag:
This will create an invisible image on the cheater's page, which will load the hit tracking script each time someone visits that page. Without the
gateway page, the hits would be counted, and this account would go up in the rankings without even sending visitors to your site. This type of cheat
can be done with other type of HTML tags, so we highly recommend that all users enable the gateway page.
If you have the gateway page enabled, it will keep track of sessions. Each time the gateway page is displayed, a new, unique, session will be generated.
You will be able to set the amount of time that session is valid for. Once a surfer has clicked on a link to your site, they will have a certain number of seconds
to click on the gateway page link before the session expires. If the session expires before they click, the hit will not be counted. If the session does
not expire before they click, the hit will be counted. We recommend that you keep the expire time around 45 seconds.
Sessions assist the gateway page to make sure that no HTML tag cheats are being used, and also make it more difficult for automated programs to fool
the system. In previous versions, and most other top sites scripts, the HTTP_REFERER information is used to check that the surfer is coming from a
valid URL. The problem with this is that the HTTP_REFERER value can be very easily spoofed, and the server will be tricked into thinking the surfer
came from a URL which they really did not. This allows an automated program to circumvent the gateway page - with sessions this is not possible. A valid
session must be created, and that can only be done by visiting the gateway page.
Cookies are very similar to the IP tracking, but are not as reliable. When someone clicks on a link to your site through in.cgi, a cookie will be set
in their browser. You will tell the software how long this cookie should last. If the same browser is used to click through again for the same account,
the hit will not be counted.
Some of the drawbacks of cookies are the fact that they can be easily spoofed, they can be deleted easily, and not all browsers have cookies enabled.
While this is the weakest of the cheat protection, it will still assist you in getting the most accurate hit count possible. It is very quick to set
and check cookies, so we recommend all users enable them. Generally, expire times will be set to one day.
What this does is look at the HTTP headers sent with a request to determine if the surfer is using a proxy to make the request. If the headers are
there, the hit is ignored. Please note that this is not 100% effective against proxy servers. In our research we found that only about 60% of proxy
servers send the extra HTTP headers that are required to determine if it is a proxy server. We will be continuing the effort to eliminate proxy
cheating with further improvements in future versions.
Why block proxy servers? Using proxy servers is a way that many automated hitbots will use to increase their hit count. Using a different proxy
server for each hit will change the IP address of the hitbot, and the software will think that it is coming from a new user. Because there are
many publicly accessible proxy servers, obtaining a large number of unique IP addresses is possible - hitbots can theoretically produce several
thousand false hits per day using public proxy servers.
What about valid proxy requests? Some ISPs today do use proxy servers, which means that if you enable the proxy filtering some valid hits will not
be counted. This is a side effect of the proxy filtering, but we feel that you would rather block out a few valid hits in order to protect yourself
from hundreds or thousands of invalid hits. This may lower your overall total in hit count, but the distribution should be fairly even over all of
your members, thus giving a fair ranking result.
someones site, the code will immediately break out of the frameset and your gateway page will be the only thing visible. In order for this
to work, you must have the gateway page enabled. If you create a custom version of the gateway, be sure to include the following body tag
in place of the one you would be using:
<body onLoad="if (self != top) top.location = self.location">
You can add other attributes to this body tag, but make sure that the onLoad statement remains.
In this section we will discuss the entries you will find in the cheat log. Note that just because there is an entry in the cheat log
for a specific account does not mean that the account is trying to cheat you. The cheat log should only be used as a resource to help
No Cookie Support - If you are only allowing hits from cookie enabled browsers,
this message indicates a browser was used that does not support cookies. Note that
the gateway page must be enabled for this option to work.
Multiple Click - Cookie - This cheat message indicates someone used the same browser
to click through more than one time for an account.
Multiple Click - IP Address - This cheat message indicates someone with the indicated IP
clicked through more than one time for an account.
Proxy Detected - This message indicates that the user trying to send a hit was using a
proxy server to make their request. These cheat messages will only appear if you have the proxy
filtering option enabled. In some of these messages you will find 2 IP addresses, with one that
is labeled as a proxy. The first IP address is the IP address of the user and the second IP
address is the IP address of the proxy. This allows you to see the real IP address of the person
making the request. Please note that not all proxy servers will provide the second IP, so some of
these cheat messages will only contain the IP of the proxy server.
Unsupported Browser - This message indicates that the surfer is using a browser which is not
supported by the software. 99% of todays browsers are supported, so this will mostly filter out
hitbots trying to send you bogus hits.
Bad Referring URL - If you are using the gateway page, this message indicates that the surfer's
browser did not send a referring URL or that the referring URL that was sent does not match
the URL of your in.cgi script. Almost all browsers send this information, so this usually indicates a hitbot.
Expired Gateway Session - This message indicates that the surfer clicked on the gateway page link
after the session had expired. This is probably not something to be worried about unless you see it
happening many times for the same account.