Cloaking

Protect the Streams from Bots

Here is an example of creating a forced stream that will protect other streams from bots.

  1. Create a stream for a safe page:
    • Stream type “Forced”. The streams of this type are always checked before others.
    • Choose Scheme “Direct URL” or “Action”. You can use “Show text”, “Show HTML” or “CURL”, whatever you think is appropriate.
    • Add a filter “Bots” with mode “Alow”.

Now you can add streams for real traffic (for money pages). Just choose stream type “Regular” (Streams of that type are checked after forced streams).

Cloaking for Advertising Networks

This is the most dangerous way of passing the ad moderation, after which your ad or your account may be blocked. If possible, use pre-landing page method.

Cloaking is used to bypass requirements of ad networks in using direct links (without redirects).

  1. Create a campaign.
  2. Create a stream:
    • Type «Forced»
    • Add the filter “Bots: Allow”
    • Choose a scheme “Direct URL” and choose the redirect type “CURL”, paste here the URL of the page that you want to show for bots and moderators (“Show HTML” with the page code is also suitable)
  3. After passing the moderation create streams for “real” users.

Attention! Keitaro does not give 100% guarantee of catching bots and moderators. Improve the security limit streams for the real users with filters. For example, if you have the ads targeting across Spain add a filter by a country.

Cloak a Website

We can show alternative content for bots. To do that, we integrate Click API Client to the website.

  1. Prepare a HTML page that you want to show to bots.
  2. Create a campaign.
  3. Create a stream for bots:
    • Choose type “Regular”.
    • Choose schema “Direct URL”.
    • Choose redirect type “CURL”.
    • Enter bot page URL to the URL field
    • Add a filter “Bots: allow”
  4. Create a stream for others:
    • Type “Regular”
    • Schema “Action”
    • Action “Do nothing”
  5. Open the page “Additional > Integration”.
  6. Choose “Click API Client v2”;
  7. Follow the instructions to connect the code to your website.
  8. Replace in the code $client->execute(); to $client->executeAndBreak();.

Cloaking for Static Website

Solution for websites without PHP, where the website acts as a secure page.

  1. Create a campaign;
  2. Create a stream for bots:
    • Stream type: “Forced”;
    • Action “Do nothing”;
    • Add the filter “Bot: Allow”;
  3. Create a second stream (Money page)
    • Stream type “Regular”;
    • Scheme “Redirect”;
    • Redirect type “Redirect for Script” (permissible also: Meta redirect and Double Meta redirect).
  4. Open the page “Integrate” (“Additional” menu).
  5. Choose “Script”;
  6. Connect the code to your website according to the instruction.

How to check cloaking

Use the browser extension that replaces UserAgent. For example, “UserAgent Switcher” for Chrome.

How to prepare a save page

  1. Open the page in any browser.
  2. In the menu choose “Save As”.
  3. Choose “save with pictures” and name it like index.html.
  4. Create a folder in the Keitaro directory.
  5. Upload all the files to it.
  6. Open in a browser the page with the address: http://domain.com/folder/.
  7. If the page opens normally, write its address in the stream with the scheme “Direct URL” and choose “CURL”.

Cloaking Tips

  • Regularly update Bot DB on page “Maintenance > Geo-DBs”.
  • Use filter “IPv6: reject”. Google and Facebook own billions of IPv6 addresses and they're using them for bots.
  • Always remember to create a forced stream for bots (with a filter Bots+allow).
  • Restrict your streams (money pages) by filters like Country and device type.
  • If you have a risk to get banned, do not enable cloaking immediately. Watch your “Click Log” and see what visitors are coming (its bot status, geo, user agent). Update your stream filters if needed.
  • Use multiple domains or subdomains. Your domain might be get banned, do not give them your best one.
  • Make sure your domain is not flagged. To check that use these tools http://urlvoid.com, http://virustotal.com.