So it came to light today that another exploit was discovered in Prosper. An as yet unnamed affiliate was able to hack into roughly 150 prosper installs, take screenshots of campaign data and in a few cases, even hijacked some clicks.

There are a few easy things that you can do to prevent this from happening to you. One of the most effective is to lock down your .htaccess file and only whitelist the IPs that you use to access it.

Here’s an example:

#Lock down 202
<Files 202-login.php>
order deny,allow
deny from all
allow from 127.0.0.1 # substitute your ip address here
allow from 1234512.1234234.1234234.123 # whitelist another
ErrorDocument 403 http://www.makemoniesonline.com/
</Files>


What does this do? It allows you access to prosper, but sends off anyone else to a domain of your choosing.