This page has been robot translated, sorry for typos if any. Original content here.

Masking External Links

  • Link Cloaking Script
  • Cloaking of corrupt links

  • Link Cloaking Script

    Link Cloaking Script

    This article is about one of the most common methods of masking external links (in English - link cloaking).

    The link cloaking works as follows. While viewing the page, the visitor sees the usual internal link. But, after moving on it - gets to another site.

    To date, there are several ways to create such links. But we will consider one of the most successful (from my point of view) that does not require support from the browser.

    The idea is to use a redirect and is implemented in two stages:

    • 1) in the root of the site (the folder pointed to by DOCUMENT_ROOT) create a folder named pages.
    • 2) in this folder we place three files:
      • linkslist.php - it will have an array with external links;
      • redirect.php - analyzes the link on which the transition was made and sends the visitor to an external resource;
      • .htaccess - passes all requests to the redirect.php script.

    Principle of operation

    On the pages of the site you place links like: http: // site_name / pages / get / second_part_address , where the second_word_address can be anything, for example, mypage.html or page1 , etc. It all depends on your imagination.

    The address conversion is as follows. Any transition through a link like http: // site_name / pages / get / ......... to it rules from. Htaccess will be applied.

    Note. The server must have apache mod_rewrite installed and running.

    Using the rules in this file, we replace in the address get on redirect.php . Those. get: http: //site_name/pages/redirect.php/second_part of the address

    The script redirect.php on the second part of the address selects an external link and sends the browser redirect.

    The described order of address translation is shown in the diagram.

    address translation order

    The Script itself

    $linksList = array(
    'page1.html' => '',
    'page2.html' => ''

    A common array is declared here. The key of the element is the second part of the address of the internal reference, and the value is the address of the external resource .

    $request = $_SERVER['REQUEST_URI'];
    $dest = explode('/', $request);
    $newUrlKey = end($dest);
    if (array_key_exists($newUrlKey, $linksList)) {
    else {

    Here we connect a file with an array of links (line 2). After that, select the second part (lines 5, 6) from the address and form the header with a redirect (lines 8-13).

    <IfModule mod_rewrite.c>
    Options +FollowSymlinks
    RewriteEngine On
    RewriteRule ^get/(.+) /pages/redirect.php/$1 [L]

    In this file, we created a rule that changes the get to redirect.php in the address.


    To date, there are several ready-made solutions that perform the same functions (for example, plugins for WordPress like Hidden Affiliate Links ).

    Most importantly, before using the method described in this article, you should clearly understand what the disguise of links will give you.

    After all, by and large, the account of the disguise of links is very much like cheating a visitor and a search engine. Or do you have a different opinion? Therefore, I suggest first to optimize the site from a large number of external links.

    How to protect your site from detecting in it corrupt links such as

    It's not just about countering this detector of corrupt links, but also for any other. Working as a separate resource, or built into the search engine algorithm :) Never mind.

    Let's for example not let you define sales links on sites built on the popular LastoBlog engine, and at the same time on the LastoSplog spy engine, too.

    The script itself:

    As you know, the standard code of Sapa clings to the settings in this way:

    global $mysape;
    define ('_SAPE_USER',"usersiteidentificator");
    require_once ("./data/sape/sape.php");
    $sape=new SAPE_client();

    It is assumed that the folder is stuffed inside the file structure of the engine, and not lying defenseless in its root, hence the path to the file with the client code, pay attention to this aspect.

    As well as the fact that the folder is renamed to sape

    Now let's add a couple of operators, highlighted in red:

    global $mysape;
    define ('_SAPE_USER',"usersiteidentificator");
    require_once ("./data/sape/sape.php");
    require_once ("./data/sape/sape_venality_name.php");
    $sape=new SAPE_client( $sape_venality_name );

    Well, of course, in the daddy sapa we will also put this code

    The file name, as you understand, sape_venality_name.php )



    # Документы, работающие с глобалом GET:

    # Разрешённые переменные в УРле иных документов:

    if (isset($tm[1]) and $tm[0]==str_replace($allowed_pages,"",$tm[0])) {
    for ($i=0; $i < $k; $i++) {
    if ($am[2][$i]=="" or !in_array($am[1][$i],$allowed_var))continue;
    $_SERVER['REQUEST_URI']=($tm[1]=="") ? $tm[0]: implode("?",$tm);


    After using this code (calling it before launching the Sapa class), our blog or the rest stop responding to the testing of the resource by any Sales Force Detectors for the presence of these.

    Also, if the client code of other exchanges for the sale of links, triggered after the client code of the sap, are hooked up to the resource, then all links sold through such exchanges also cease to be detected by the detector (in most cases, not 100%, of course).

    Tuning the Sapa code :)

    With external control over the operation of the Sapa client code, it is sometimes necessary to set up the encoding, or a number of other points. It is standard in this case to form an array with any name, create the keys in the array, and assign them the necessary values, and then give the array to the class. But, as it appears from the printout of the code with red lines, we are already feeding the class some array. And where do I put the encoding?

    Let's analyze for example the situation when your site is on UTF .

    In this case, in the interval between the launch of the rescue code and the return of the results of its work to the class, it is necessary to insert the necessary key into the born array, in full accordance with the recommendations:

    global $mysape; define ('_SAPE_USER',"usersiteidentificator"); require_once ("./data/sape/sape.php"); require_once ("./data/sape/sape_venality_name.php"); $sape_venality_name['charset']='UTF-8'; $sape=new SAPE_client( $sape_venality_name ); $mysape=$sape->return_links();

    Need other keys? Incorporate by analogy.

    When the sales links are not from Sapa:

    Hardly vouch for all the brokers of corrupt links, because the client code they have is very different, but theoretically here is such a design (in the complete absence of sap on the site) should help:

    require_once ("./data/sape/sape_venality_name.php");

    Naturally, in this document we consider only the camouflage of corrupt links to the engines indicated at the beginning of the document, and also very similar to them. Otherwise, reading this document should be supported by knowledge of php