Is Ad Surf Daily a Scam?

I’ve gotten a lot of questions from friends and business associates about the Ad Surf Daily Cash Generator program. Now that the US Attorney’s office has seized assets and filed suit, with Florida Attorney General Bill McCollum right behind, it seems likely that the program will not continue.

A Few Facts

Initially, I was approached by people who wanted me to look at the program to see if it seemed legit. My friends know that I do not join multi-level marketing programs, nor anything that seems like it might be a network marketing venture. Nonetheless, I took a peek at this program to find out if there was anything suspect about it on behalf of those friends.

The first clue that there might be something “up” was that people were wondering if it might be a scam.  Why? Well… the good old adage, “If it sounds too good to be true…” comes to mind.

Here’s the premise: you sign up for the program (even with a free account, if you prefer) under a sponsor. You then begin to “auto surf” ads every day. There are rewards for doing this, including the right to place a website of your own into the ad rotating system so that other people will be forced to view your site.

At this point, it sounds a little bit like a modified version of Pay-Per-Click advertising (PPC).  With PPC, which most people are familiar with because of the right-hand side of your Google search results, advertisers bid to have their ad show up on certain sites and then only pay when someone “clicks” on their ad.

Ad Surf Daily seems to provide a cost-effective way to do this… at first glance.

But what you quickly learn is that the vast majority of people who join (and later “purchase ad packages”) don’t actually have anything to advertise. So… the question becomes, “Why are they signing up?”

It turns out that if you “purchase ad packages,” (which the US Attorney’s Office has now labeled “investing”) you have the opportunity to “earn rebates” by faithfully viewing advertisements every day.  I won’t get into the mathematics of it, but let’s just say that this appears to be highly profitable because you can earn more in rebates than you “purchased.”

There are numerous incentives and rewards built into the program that are designed to get you to purchase more ad packages. Also, as a member of the program, you are incentivized to leave your earnings in the program because the higher your “cash balance,” the more rebates you’ll be able to earn.  You can even increase your rate of earnings by paying for a monthly membership at several different levels.  There are even big rallies where you can obtain much larger bonuses by “purchasing” ad packages on the spot…

And… of course, there are commissions.  This is where some of the biggest incentives are.  This is the part where you convince your friends and family (or even random acquaintances, like some of the people who have spammed my inbox about this) to sign up under you.

I Smell A Rat…

If you’re around the participants for very long, you hear amazing stories of large cash payouts. You hear about credit card debt being wiped out, even millionaires being created.  All of this occurs in short periods of time.  You hear about the explosive growth.  You hear about the founder, Andy Bowdoin, and his impressive award that was given to him by the President of the United States.  You hear about his many successful businesses over the years.  You also watch videos online which focus repeatedly on “we’re good guys” without providing any substantive information about why you should expect this program to continue.

But I have a fundamental question:

If the bulk of the customers have no need for the item they are purchasing, where is the value that this company is actually bringing to the marketplace?

In other words, they claim their goal is to be the biggest seller of online advertising in the world. They even claim to be threatening Google’s position as market leader.  But one thing I’ve noticed… the people/companies buying ads from Google (and other PPC establishments) have one thing in common: they all have something to advertise.

One friend of mine has a local contracting business.  My question for him was, “What are you advertising in the ASD system that people might be interested in purchasing?”  The answer: his local contracting business.  My next thought is, “What the heck does someone in Bolivia do when they see an ad for a contracting business in Florida?”

As a marketer, my next thought after that is… that’s a little bit like buying a billboard on a California freeway for your McDonald’s in Memphis.

Poor use of advertising dollars.

Not so poor, perhaps, for those who have a digital product with universal appeal, or perhaps those selling something that can be purchased and then shipped anywhere in the world.  Again, however, the key would be that it has universal appeal.

Like… toothbrushes.  We all need those, right?

Anyway…

Is It Sustainable?

Back to my fundamental question.  How long can this program carry on — even if they’re careful not to promise to pay out too much money in “rebates” — when their basic product is not needed by the people who are purchasing it today?

Can it be that the only reason they are buying advertising is so that they can earn a rebate?

The answer is: absolutely, 100%, unequivocally, “yes!”

And that, my friends, creates a problem: as soon as the market figures out that:

a. there are better ways to buy advertising, and

b. this is only sustainable as long as there are more people willing to buy something they don’t need,

the whole thing comes tumbling down…

…not unlike a Ponzi scheme.

Precisely, by the way, what the US Attorney in Washington D.C., otherwise known as the Attorney General, concluded.

Is anyone guilty of a crime here? Well… that remains to be seen.  In the meantime, no one is surfing the “ads.” No one is “purchasing ads,” and nobody is spending the $53M in cash that was seized while the investigation and the lawsuits proceed.

Bad news for those who used their life savings to buy something they didn’t need.

Snoop Dog Hack – SQL Injection

If you’ve been following my blog for a little while, you know about the recent “Snoop Dog Hack.” I’ve spent countless hours recovering from this nasty attack on my content, which replaced real content with ghetto slang, but only when viewed in certain Microsoft browsers.

Hopefully, it will never happen to your website. If it has, however, allow me to save you the trouble of doing all of the research to resolve this.

-John

First, a little background…

SQL Injection

SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.

When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you’ve entered against the relevant table in the database. If your input matches table/row data, you’re granted access (in the case of a login screen). If not, you’re knocked back out.

One of the most popular SQL Injection scripts of the past decade is known as the “Snoop Dog SQL Injection Hack.” Often created to be unique to Internet Explorer 7, this hack makes it especially tricky for web development teams to spot and fix.

The Snoop Dog SQL Injection Hack

In its simplest form, this is how the Injection works. It’s impossible to explain this without reverting to code for just a moment. Don’t worry, it will all be over soon.

Suppose we enter the following string in a Username field:

' OR 1=1

The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:

SELECT * FROM users WHERE username = ‘USRTEXT '
AND password = ‘PASSTEXT'

…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.

So entering `OR 1=1 -- as your username, could result in the following actually being run:

SELECT * FROM users WHERE username = ‘' OR 1=1 -- ‘AND password = ‘'

Two things you need to know about this:
[‘] closes the [username] text field.

‘--' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:

SELECT * FROM users WHERE username = " OR 1=1

1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreak havoc.

Already Been Hacked? Here’s How to Fix It and Avoid Future Attacks…

  • If you utilize a web content management system, subscribe to the development blog. Update to new versions soon as possible.
  • Copy and paste the following code into every page with forms on your website…


<?php echo "HAPPY APRIL FOOL'S DAY PAUL AND KEVIN ?>

<?php echo "FROM JEREMY" ?>