Home | Archive | SEO Tools | Contact

Making Dirty Money From Affiliates With Cookie Stuffing

A beautiful introduction
Well, this is down-right dirty, nasty stuff. I had an idea a while back how to skim some money from affiliates and I was surprised that nobody had thought of it before. After a bit of Googling, I of course found – it actually has been done before (: However, there’s not overly much written about it so I’m going to do a little bit of blogging on the subject.

Before you read this, if you’re one of those whiter than white, whitehats who thinks people shouldn’t even blog about blackhat stuff and you’re already desperately trying to open whatever linux based, environmentally friendly, open-source mail client it is you use to flame me, you should probably know that all you’ll achieve is you’ll make my laugh and I’ll probably post it for the world to see. (: Besides, my “ethics” behind this is if we make enough noise about blackhat techniques and lots of people use them, they will have to be fixed and the Internets will be a better place for all. It just so happens you can make filthy money in the process.

Here’s the coolest thing about this technique: It requires almost no technical knowledge and you can set it up in minutes.

Here’s the not-so-cool thing about this technique: If you have any morals or anything like that, you’re going to have to put them in a box for now. Throw the box in the river, then throw the river into space.

What’s the plan?
Dead simple: Earn affiliate commission that we’re not really meant to by giving people our cookie.

I can do this in 2 steps?
Yes, it’s dead easy:

Step 1: Sign up to every affiliate programme going. You can try the big ones like Amazon and Ebay, but generally you’ll have more luck going through an affiliate scheme that’s running though an affiliate network. The reasoning here is that Amazon, Ebay and all the big players run their own affiliate schemes directly. If you’re caught nicking pennies off them, you’ll probably get banned pretty quick (although I ran some pretty large tests doing this and never heard a so much as a peep from either of them).

Going through an affiliate network is a lot easier. Basically, if you’re stuffing all these cookies onto visitors computers, you’re making the affiliate network a bunch of cash. Guess what, they’re in business to make cash and they really aren’t going to bust your balls unless they have a merchant complain. If you read through most of the affiliate networks TOS, you normally find a clause like “If we ever actually get around to bothering to see why a particular affiliate is earnings thousands of pounds a week while we aren’t tracking any clicks, we’ll probably give you some type of slap on the wrist via e-mail. This is assuming we can move the cash out of the way of our gold-plated keyboards.”

Step 2: All we have to do now is take all of our referral URLs and stick them in a 1pixel (invisible) iframe on every webpage we have control over. The higher the traffic the better! Don’t have any high traffic websites? Ahh, c’mon! Generating traffic isn’t hard – make some linkbait and stick it the code on that page! Get 50,000 visitors from Digg, you think maybe Digg users shop online? Damn straight they do! Or have you considered hub sites that allow you to put your own HTML in?….

The possibilities are endless, anywhere you can stick an iframe, you can drop your 30-day cookie onto a machine. Did I mention it’s almost Christmas? I hear more people buy stuff online around now.

I’ll let you be creative with how you use this. Don’t shoot the messenger. ^_^

Like this article? Then subscribe to the feed!

Related Posts:

Next Post:
Will It Make Money? Top 3 Considerations »

Previous Post:

« Back From SMX London

35 responses to “Making Dirty Money From Affiliates With Cookie Stuffing”

  • RZ2849 says:

    Had this idea about 2 years ago (and I’m sure I wasn’t the first to come up with it). Never sacked up to actually do it, mostly because I think you run a non-zero chance of ending up in jail on fraud charges if you do this in any sort of big way. It’s one thing to use “black hat” methods to rank in Google; it’s another to run a large-scale scheme to intentionally defraud merchants. Plus, any merchant worth their salt will figure out that the CTR is all out of whack anyway.

    I like the way you think, though. :)

    Comment by RZ2849
    November 19th, 2007 @ 5:11 am

  • Mark says:

    I did some research into the actual “legality” of cookie stuffing, from what I can make out (I may well be wrong, I’m no lawyer) there isn’t actually any grounds for “fraud” so to speak. I couldn’t find one single case of anybody being sued, or anything close.

    As I say, I’m not saying it’s legal, but I’d be interested if somebody could give me some firm facts either way :(

    I’ve tested it a few times and I know people who regulary send merchants 40,000 visitors with no clicks and have been doing so for a good few months though with no reprise. Thanks for the comment.

    Comment by Mark
    November 19th, 2007 @ 5:18 am

  • David says:

    I thought the cookie only gets set when the user clicks the link?

    Comment by David
    November 19th, 2007 @ 5:44 am

  • Mark says:

    Nope, loading the URL in an iframe gives them the cookie just fine.

    Comment by Mark
    November 19th, 2007 @ 1:47 pm

  • Mike says:


    CJ and Linkshare have dedicated staff to track cookie stuffing and this is no joke. The idea to cookie stuff people’s PC’s with ebay and Amazon is a rather old idea.

    I’ve heard from many people who have been kicked outta CJ for doing this. It would only be too simple to buy 100k popunder traffic and stuff thousands computers every single day with cookies.

    On a mass scale only ebay and Amazon are worthwhile cause everyone buys from them. Everything else is a timewaste. Though as mentioned above ebay will track this eventually and that’s 1 reason why Amazon only has 1 day cookies.

    Do you say you are doing this successfully with ebay? I believe, if you plan to do this on a mass scale, you should program something sophisticated, e.g. something which generates clicks automatically, a random CTR, sent through a huge network of proxies rotating all your sites where you also actually have some real ebay/Amazon links/banners for the case of a hand check.

    For that I’d suggest opening a separate CJ account.

    Comment by Mike
    November 19th, 2007 @ 2:59 pm

  • Mike says:

    Oh, yes, forgot in my last post. There are better and less obvious – less intrusive – ways than using iframes. ;-)

    Comment by Mike
    November 19th, 2007 @ 3:01 pm

  • Mark says:

    Please share then, Mike (: I use CSS to align most of my iframes just east of Syria.

    Comment by Mark
    November 19th, 2007 @ 3:19 pm

  • Mark says:

    @ Mike’s long post

    Definitely some great ideas there, Mike! You dirty rat haha (: Not my usual long guide, I simply wanted to inspire some thoughts on possibilities. Like the idea of network of proxies. Great to see other people throwing their ideas in the bucket!

    Comment by Mark
    November 19th, 2007 @ 3:22 pm

  • Mike says:

    Hhm, I don’t know the CSS trick. I’ve used the tag though ;-) When embedding images, instead of the image url put in the aff. URL in it. Height/width set to 1 px so no one sees it but the url will be loaded.

    Advantage compared to iframe = no sounds will be loaded

    To go a step further and so that no one who digs deep can find it, you could actually use a real image in the img tag and then redirect the loading of that image to your affiliate URL in the .htaccess file ;-)

    I’m no programmer nor a geek so I don’t have the htaccess directive at hand but you surely know what I mean.

    Yep, I have many ideas but lack of money to implement them :-)

    Comment by Mike
    November 19th, 2007 @ 3:34 pm

  • Mike says:

    oops, some part has been stripped above.

    I mean the tag of course.

    Comment by Mike
    November 19th, 2007 @ 3:35 pm

  • Mike says:


    img tag simply.

    Comment by Mike
    November 19th, 2007 @ 3:35 pm

  • Matt L says:

    I’m usually the first to jump off a train because it’s heading into sketchy areas, but I’m still having problems figuring out where this is unethical. Once the cookie leaves our hands as a merchant, it’s free game.

    Certainly not illegal – the cookie stuffer is doing the same thing the merchant did. The visitor didn’t know when either cookie hit their computer unless they were specifically looking. Saying it’s unethical almost seems to fall into the camp of web geeks who say selling links (i.e. advertising) is unethical. Hmm…

    Comment by Matt L
    November 20th, 2007 @ 1:39 am

  • Matt L says:

    I can understand though why sites may ban a person for that though, just because of the negative PR drummed up by the (previously mentioned) web geeks

    Comment by Matt L
    November 20th, 2007 @ 1:40 am

  • Andrew Smith says:

    Mark – You forgot to mention the creme de la creme to REALLY make money from this method…. Get your 1px iFrame on a real estate site!

    Comment by Andrew Smith
    November 20th, 2007 @ 10:15 am

  • Mark says:

    Oh crapness, I’m crap aren’t I? Andrew is absolutely right – I had a discussion with him about this technique the other day.

    If you can cookie stuff for real estate and get a 5% commission on a £500,000 sale.. Well, you’re laughing. Cheers, Andrew!

    Comment by Mark
    November 21st, 2007 @ 5:02 pm

  • Samuel says:

    What? Image tag will have no sounds? Cool! I’ve been using iFrames all along, time to change.

    Usually hidden cookie will cause a small little dot, is there anyway to remove it?

    Hey Mark, tell us more about the css trick, sounds interesting.

    Comment by Samuel
    November 22nd, 2007 @ 4:16 am

  • Samuel says:

    I just tested, image tag is the best, no dots, no sounds, no messing with css.

    Comment by Samuel
    November 22nd, 2007 @ 4:45 am

  • Neil says:

    How to cookie stuff without getting caught. Never tried it but here’s what I’d do:

    1. Put up a webpage (yoursite.com/index.php) with some content and a link to the merchant, make it look legit, no funny business.

    2. On index.php, read the referrer (i.e. read the referrer page content) and see if it contains your iframe (so we know if the visitor has arrived from your cookie stuff page) – if it does then do a javascript redirect to the merchant (causing the cookie to be put down), otherwise display the page normally (so when people just type in your URL they’ll see a normal page).

    3. On the page you want to cookie stuff, instead of going iframe=merchant site, do iframe=yoursite.com/index.php

    4. When the merchant checks the referrer for all the traffic you’re sending, they’ll see yoursite.com/index.php, NOT your cookie stuff page. When they visit the page, it won’t javascript redirect to the merchant site (giving the game away), it’ll just display your normal legit looking page.

    I have to say, it’s quite funny to hear people describe cookie stuffing as fraud. I mean, the merchants aren’t losing out, to suggest they are is lunacy. They have to pay commissions to someone in the end. As for fraud, well, look it up in a frickin’ dictionary before using the term. At best cookie stuffing violates TOS.

    Comment by Neil
    November 23rd, 2007 @ 3:42 pm

  • saher says:

    very cheeky indeed :)

    Comment by saher
    November 28th, 2007 @ 1:14 am

  • amin says:

    This is stealing from the merchants and fraud. and will get you kicked out any affiliate program or network once it’s discovered .

    Comment by amin
    December 6th, 2007 @ 5:22 pm

  • Mark says:

    Hi. Welcome to blackhat.

    Comment by Mark
    December 6th, 2007 @ 5:42 pm

  • Paul says:

    Has anyone actually tried this and knows that it works? Better yet does anyone “know” someone who has tried this and made money?

    Comment by Paul
    December 6th, 2007 @ 6:01 pm

  • Samuel says:

    Actually, I use invisible cookies for tracking my ads, rather than loading 100s of them all over the place. The invisible cookie will drop into the tracking ID of my affiliate link so I know exactly which keyword convert but the merchant does not know my keywords because I used numbers.

    Comment by Samuel
    December 7th, 2007 @ 6:32 am

  • Digerati Marketing » Affiliate Networks Don’t Care About Cookie Stuffing says:

    [...] month I wrote an article called Making Dirty Money From Affiliates With Cookie Stuffing, which for those of who you didn’t read it, basically outlined a technique to deliver your [...]

    Comment by Digerati Marketing » Affiliate Networks Don’t Care About Cookie Stuffing
    December 22nd, 2007 @ 5:34 am

  • Robert says:

    So what have I done wrong?

    I inserted

    into page html code and nothing happens.

    Iframe worked but, of course, loaded merchant’s page, enabled sound and slowed things down (due to additional loading of merchant pages).

    Would appreciate any assistance, thanks.

    Comment by Robert
    March 11th, 2008 @ 11:00 am

  • Sarah K says:

    I was banned after just 2 months of “successfully” cookie stuffing – I say don’t do it!! Focus on getting more real traffic..

    Comment by Sarah K
    April 8th, 2008 @ 5:50 am

  • Samuel says:

    Haha! You were banned? Which affiliate network did you use & how did you get caught?

    Comment by Samuel
    April 8th, 2008 @ 8:14 am

  • Johnson says:

    @Sarah K

    Then you weren’t successful. Learn a few more techniques then “come again” ;)

    Comment by Johnson
    September 19th, 2008 @ 8:18 am

  • greyhatter says:

    Actually it looks like it might be highly illegal if it’s done methodically as part of a racket, and ebay has apparently dropped (but not prosecuted) several hundred affiliates for doing it. I considered using Autostumbler to do it, but you might want to check out http://www.out-law.com/page-9403 where they say Though eBay does not say how much it has lost through the alleged fraud, it said that it has paid out to DPS and KFC on “a substantial number of Revenue Actions that were in no way related to referral of any user by either DPS’s or KFC’s advertisements and for which neither DPS nor KFC were due compensation”.

    Comment by greyhatter
    September 23rd, 2008 @ 11:09 pm

  • luride says:

    Amazon seems to use this type of thing themselves. Their ad code contains this sort of thing:

    Comment by luride
    February 4th, 2009 @ 1:35 am

  • luride says:

    Oops. the code has disappeared! here it is: without the brackets

    Comment by luride
    February 4th, 2009 @ 1:36 am

  • Steve says:

    Does anyone know how to say make a craigslist ad with an image in it andin the image code having the cookie stuffed?
    if theimage was hosted on my domain?
    If so please email me at


    Comment by Steve
    February 4th, 2009 @ 3:00 pm

  • scott says:

    Oh damn, this is the most awesome-ist blog/post I has ever readed. I’ve been wanting to learn about cookie-stuffing a bit :D .

    Comment by scott
    February 6th, 2009 @ 6:29 am

  • John Dumas says:

    If you guys only knew of the hundreds of world renowned marketers whom use stuffed cookies you would have no question about the issue.

    I even know of a dozen or so top 100 Alexa ranked websites that use the SAME exact methods except they have top coders making their scripts for them.

    Comment by John Dumas
    February 25th, 2009 @ 2:17 am

  • Digerati Marketing » Geo-Targeted Image Based Cookie Stuffing says:

    [...] Back in 2007 I did a post about making money with affiliates by cookie stuffing. While nobody admits to cookie stuffing, it turns out you’re all lying shits as that post [...]

    Comment by Digerati Marketing » Geo-Targeted Image Based Cookie Stuffing
    July 16th, 2009 @ 10:32 pm