So it came to light today that another exploit was discovered in Prosper. An as yet unnamed affiliate was able to hack into roughly 150 prosper installs, take screenshots of campaign data and in a few cases, even hijacked some clicks.

There are a few easy things that you can do to prevent this from happening to you. One of the most effective is to lock down your .htaccess file and only whitelist the IPs that you use to access it.

Here’s an example:

#Lock down 202
<Files 202-login.php>
order deny,allow
deny from all
allow from 127.0.0.1 # substitute your ip address here
allow from 1234512.1234234.1234234.123 # whitelist another
ErrorDocument 403 http://www.makemoniesonline.com/
</Files>


What does this do? It allows you access to prosper, but sends off anyone else to a domain of your choosing.

As we all know, it’s a drag to refresh stats if it requires logging in, downloading a file and extracting subids. Fortunately I just discovered that CJ has had a web services API for a while now. Since I’ve been trying to use Prosper202 more recently, I wanted to see how easy it would be to pull CJ stats in. Fortunately, this turned out to be pretty simple.

Here are the steps:
1. Download nusoap. You can get it here. (You can of course use a different soap client if you prefer, but then the calls will be different.)
2. Get a CJ API developer key from here.
3. We’re going to be reusing a couple of php/curl classes originally written by Smaxor, then updated by Bandit. These are the 2 files here: curl.class.php and prosper202.class.php. You’ll need to remove the .txt extension from them.
4. Let’s say we’re going to put our subid update script in the $UPDATE_DIR. Then we want to move the nusoap files to $UPDATE_DIR/lib and the php/curl class files to $UPDATE_DIR/includes.
5. Finally, we can put the script that pulls all of these together into $UPDATE_DIR:


/*
* AUTHOR: pharmboy (http://www.interwebmonies.com)
* DATE: 2/16/09
* VERSION: 0.1
*
* This code downloads subids from Commission Junction, then uploads those subids into prosper202 as conversions.
*/

$p202->p202_login(”yourprosperusername”, “yourprosperpassword”);
$p202->update_converted_subids($converted_subids);


What the code does is log in and find all of your transactions over the past 8 hours from all of your sites and uploads the sub ids. According to the API docs, 8 hours is the max look back time frame, so assuming you want your stats constantly updated, you’ll need to run this in a cron job. Enjoy.

I’m not a current beta tester but a few days ago I saw a short demo of Tracking202 Pro. Though I didn’t get a chance to play around with it, based on what I did see, it looks pretty slick. They now have complete, real cost data through the search engine APIs. You can drill down from campaign level to ad group level to the keyword level and show all searched and bidded keyword’s costs and revenues. You can also resume and pause individual keywords through the interface. Set up is also simpler as there is no longer the need to manually input all of your campaign, landing page and creatives. Instead, you append another id to your redirect link and based on that id, t202 pro will figure out the rest. Given that I just got a brief overview, I am sure I missed some other stuff as well.

All of this does come at a cost. During the beta program, the cost to use tracking202 pro is free, except you must pay the API charges. Once it comes out of beta, there will be a fee for it. I didn’t write down the proposed pricing structure, but I believe that it is tiered: For users spending less than $100,000/month on their campaigns, I believe the cost is $50/month plus 2% of your campaign spend + API charges. I don’t recall offhand the cost for higher campaign spends.

The 202 guys will be at ASW so if you are going, I’m sure that they will be more than happy to show you themselves.

Courtesy of Shawn Collins: Use code ASW09MYRRH to get a free gold pass (regular price of $549) to Affiliate Summit West 09 being held January 11-13, 2009 at the Rio All-Suite Hotel & Casino in Las Vegas. Use of the code is limited to 25 people.

If the code isn’t working anymore, that means it’s has been all used up. You may still be able to get a free Silver pass using the code COPYBLOGGERSILVER.

For some reason, when it comes to managing their finances, affiliates are mostly clueless. Whenever I see a post on an affiliate forum that has anything to do with incorporating or taxes, I cringe inside because I know that ultimately, 99% of the thread will contain pure misinformation. I don’t know why this is. If you make any reasonable amount of money, how you manage your finances makes a huge difference in the amount of money you take home, so educating yourself in this area seems like a good idea. To help the undereducated out, I’ll cover some year end strategies you can employ to reduce your tax bill.

Manipulate the timing of your expenses and revenues

The first set of recommendations have to do with rearranging your expenses and revenues. If you will be in the same or lower tax bracket next year, you’ll want to defer as much income as possible to the future. If instead you anticipate being in a higher tax bracket next year, you should recognize as much revenue as you can now, while deferring your expenses.

The following suggestions assume that you’re using the cash-basis method of accounting, as opposed to accrual. If you don’t know the difference, talk to your accountant or consult your friend, Google. The following methods also assume you want to defer your income:

• Prepay expenses on your credit card. You can recognize the expense as of the transaction date of the charge even if you don’t actually pay it off until next year. This does not go for store charge cards, however–those expenses can only be realized when they’re paid. According to these CPAs, in general, you can prepay up to a year’s worth of expenses under the following conditions:
  • The expenditure is an actual payment — not a refundable deposit,
  • The prepayment is for a substantial business purpose and not merely to avoid taxes, and
  • The deduction does not materially distort income

  What this means is you can load up your favorite PPC accounts by prepaying for clicks now on your credit card. You can recognize this expense this year, even if you don’t pay it immediately.

• If you make payments by check, you can mail them just before the end of the year and have them count as a current year expense, even if they are not cashed until the following year. If you use this method, send your check via registered or certified mail to prove when you sent them.

Set up or contribute to a Small Business Retirement Plan

Retirement plans like a self-employed 401k are one of the biggest tax advantages that the government gives small business owners, especially if you make a lot of money. Consider this: for the 2008 tax year, you can contribute up to $46,000 in a self-employed 401k or up to $51,000 if you’re 50 years or older. Compare that to the poor slobs working a regular W-2 job who can only contribute a max of $15,500 to their 401k (or $20,500 if they’re over 50). An extra $30,000 in tax-deferred money earning interest makes a huge difference by the time you reach retirement age.

For more details on this, I suggest checking out Fidelity’s comparison of available small business retirement plans.

A final warning

I am not an accountant. Nor did I stay at a Holiday Inn last night. If none of what I said makes any sense to you and you’re making decent coin, it’s time to consult a professional.

The web is already filled with too many completely worthless affiliate marketing blogs. And now I’ve added another.

In all honesty, though, I guarantee that you will not find videos of me singing karaoke or detailing what I had for lunch. That crap doesn’t make you rich and IMO is a complete waste of time. If you want entertainment, go see a movie. If you want to make money, you need to work. Occasionally there may be a worthwhile piece of info that I can relate, so stay tuned.