IMG SRC fraud to perl scripts

I have an affiliate program where I provide users hyperlinks (click) and Img src (impressions) per banner they want to display.  Problem is some users are putting the CLICK DIRECTLY in an <img src ="click" width=0 height=0> tag and frauding me.  What can I do to stop this?  Please provide as many options as possible.  There doesn't seem to be any $ENV difference whether someone clicks or whether someone uses the IMG SRC click.

Thank you very much.
sbsunAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sbsunAuthor Commented:
also..  The click is actually a "double" pass.. ie user clicks, perl script sets cookies in first domain, redirects users browser back to SAME script (maybe different domain) with a encrypted id, then cookies are set in second pass domain (maybe same or different).. then redirects the user to final page.  Maybe some how on the second pass there is a way to check or KILL the img src call?

dunno.
0
sbsunAuthor Commented:
also..  using Apache web server.
0
sbsunAuthor Commented:
also..  using Apache web server.
0
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

guadalupeCommented:
Not sure I understand all the ins and outs but as to controlling if the click on a href was one of a text nature or of a graphic nature I do not believe this is possible.  The http request ask for the link as provided in the href tag but no more.

I don't know what your setup is but what about a perl which scans html docs looking for img links at the top of the code and erasing the links.  With some carefull forethought you could make a safe code.  Can't think of anything else sorry this Is pretty lame but explain a little more clearly the set up and maybe I can give you more.
0
sbsunAuthor Commented:
ok.

my "sales people" will get code from me to advertise for online retailers.  

the code they get is a <a href="www.mydomain.com/click.pl?AdId=1112&Seller=David">
<img src ="www.mydomain.com/impression.pl?AdId=1112&Seller=David">

so what people I believe are doing and have seen is

<img src="www.mydomain.com/click.pl?AdId=1112&Seller=David">

They place this in a hidden frame and it basically logs a click whenever the page loads.. obviously without a click.

When the click.pl is called... it sets some cookies, then redirects  the users browser BACK to click.pl passing an encrypted id to verify the second pass, then sets some more cookies and finally redirects the users browser to the online retailer site.

There's gotta be something a qualified programmer can do to slap these punks back... :)



0
jhurstCommented:
Make the image a submit button in a form, method=post.  Now, the invoked script can check the REQUEST_METHOD.  Now, an <img src= will look like a GET not a POST.
0
sbsunAuthor Commented:
nope.. can't do that because I already have over 20,000 sales people using the old style.
0
jhurstCommented:
OK, then you have a problem, I would agree.  There is no way you can determine what you want.  If you want to find what is available to a called script then just dump all the cgi-variables that are there and you will see that there is nothing that can help you.  Sad really.  

So, I guess this is a new answer, that it is not possible.

Now you could make the script that is the click through generate a form that then uses some Javascript to open a window, at least ensuring that the thing is seen.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sbsunAuthor Commented:
thanks for your time... the javascript I'll look into in depth and see what that might lead to.

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Perl

From novice to tech pro — start learning today.