I am Francesco and I am so proud to finally be launching Indie Affiliates, a platform to share your affiliate program in minutes.
I built it because when I created my first affiliate program, I was super pumped about it but then I realized "How are marketers going to know that I created an affiliate program?"
So I started researching on Google but all the directories I could find to submit an affiliate program where:
A. Asking for $199/year or more
B. Were not the right "environment" for my SaaS
Which lead me to create Indie Affiliates, a platform where Indie Hackers (and startuppers in general) can easily submit their affiliate marketing program.
If your site is only meant for human end users, you can get lists of datacenter IPs and use that to block them (assuming they are running in a datacenter that's on the list). That tends to block all sorts of abuse.
If you are worried about blocking legit users with this method, you can show a CAPTCHA instead on every request from a suspect IP.
At any rate, get their IP from your logs and run a whois on it to get their ISP and location. You could also try emailing the ISP's abuse contact or filing a DMCA complaint with their hosting provider, although of course that might not work.
Look the Host header in your API backend and block it. It might be forged, but probably not.
Identify their host (reverse IP lookup) and block requests from that ASN. If they host in same place as you, complain and get them shut down (or move).
The obfuscated JS based domain checking others suggested.
None of these is perfect, but they don’t have to be. Just keep adding layers until they go away for good.
I had a similar thing happen to one of my websites. In Varnish I used something like this:
if (req.http.host ~ "^(?i)(example.com|www.example.com)") {
#redirect to https
}
else {
return(synth(403, "Not allowed."));
}
It basically checks if the host is my domain. I don’t know know what the equivalent of `req.http.host` is on the web server you use. This "solution" might run into issues with Google Translate, but I’m not sure.
One naive approach would be to look at what IP address(es) they're using when proxying and blocking them. (Or detecting them in code and redirecting them to your domain, perhaps.)
I am Francesco and I created Ink Studio AI out of a personal need because I wanted to get a new tattoo but wanted to experiment first and see what AI could come up with.
You can generate quite anything with it and the results are pretty accurate.
Let me know if you have any ideas/feedback for this
Thank you!
P.S. I am NOT planning on getting a Donald Trump tattoo
For now I prefer to just stick to Google Authentication as that is really secure and avoids me the "pain" of having to deal with password (which I value a lot).
I am Francesco and I am so proud to finally be launching Indie Affiliates, a platform to share your affiliate program in minutes.
I built it because when I created my first affiliate program, I was super pumped about it but then I realized "How are marketers going to know that I created an affiliate program?"
So I started researching on Google but all the directories I could find to submit an affiliate program where:
A. Asking for $199/year or more B. Were not the right "environment" for my SaaS
Which lead me to create Indie Affiliates, a platform where Indie Hackers (and startuppers in general) can easily submit their affiliate marketing program.