
How a Website Exploited Amazon S3 to Outrank Everyone on Google - poof_he_is_gone
https://blog.usejournal.com/how-one-affiliate-used-amazon-s3-to-outrank-everyone-on-google-9744c8e7322f
======
Rjevski
I am more surprised that this kind of coupon trickery still pays off and the
retailers are burning money on it.

The way I see it, you only search for coupons once you see a product at a
retailer and you want to buy it (or even once you already have a shopping cart
built up, and are on the checkout form where the coupon field is). So the
retailer already acquired you as a customer, and you're ready to checkout.
Most likely you'll end up checking out anyway even if you don't find any valid
coupons (which is what's currently happening, since most coupons don't work
anyway).

So why are retailers still paying out affiliate revenue in this case? They
have the customer already. This shady affiliate doesn't bring them anything
they didn't already have.

They can easily fix this by only paying out affiliate revenue for actual,
legitimate affiliates, those that brought you a brand new customer. If the
user already spent time browsing your website and built up a shopping cart,
don't pay out affiliate revenue even if they do end up clicking on an
affiliate link after.

~~~
justinbaker84
Marketing pro chiming in here - this is done so the marketing departments of
all these companies can claim credit for driving a ton of sales.

The people who are working at these big legacy retailers in 2018 tend to not
be very sophisticated about online marketing. I'm being polite with that
understatement.

So nobody calls out the marketing departments on this because there is so much
political BS going on anyway as everybody is scratching and clawing for their
piece of an ever shrinking pie.

I worked in a similar situation and I wanted to stop working with these coupon
sites for the obvious reasons you pointed out. I got overruled by higher ups
and I later came to learn that my complaints about this practice were a career
limiting move.

They just want to be able to take credit for driving a ton of sales even
though everybody with half a brain realizes they are not generating new sales.
They are simply cannibalizing the business because the vast majority of the
time these people would buy at full price anyway if their Google search never
turned up a coupon.

~~~
ttcbj
Isn't this a useful form of price discrimination, though? The coupons allow
you to sell your products at full price to those who are price insensitive,
while also allowing you to sell at a discount to price-sensitive buyers. Only
the latter are willing to go to the hassle of looking up the coupon codes.

My wife installed a plug-in on our family computer that looks up coupon codes
for you at checkout time. But often they don't work, so I don't even bother
with them. To me, that suggests that even if its 'easy' to find the coupon
codes, the coupons still work as a form of price discrimination.

~~~
manfredo
Favoring those who are price sensitive isn't necessarily benefitting those who
are less wealthy (this wasn't explicitly stated, but it's often implied in
praises of price discrimination, please let me know of this isn't what you
meant with this comment). Wealthier people often have time to find better
prices, or have others find better prices for them. Also, people with better
information skills are often better at identifying the best price (and people
with such skills tend to be better off in general). A poor person balancing
several jobs may not have much time to research prices.

On priniciple I'm usually okay with rewarding diligence and thoughtfulness,
but penalising those who lack the ability to perform this diligence and
thoughtfulness may not be the best thing in this case.

~~~
ttcbj
The comment I was responding to was implying that coupons were an outdated
marketing strategy. I was saying that I think it can help companies achieve
higher margins by selling at higher prices to wealthier customers, while still
achieving sales at lower (but still profitable) prices with less wealthy
customers.

I wasn't making any comment on the social good of price discrimination. I
agree with you that some pricing strategies (buying in bulk, buying without
loans/interest, rewards cards, etc) may tend to reward the wealthy. But that
wasn't related to the point I was trying to make. I was trying to say that
coupons seem like they could still be a useful marketing strategy for
improving companies average margins per sale.

------
bhartzer
This is just pointing out a site that's ranking--the title of the post doesn't
go with the content of the post. The "how" isn't revealed.

Regardless, most likely there are links involved, and there actually be
canonical tags involved, as well. If there are links involved they're most
likely hiding them from link crawlers like ahrefs and Majestic.com.

~~~
dazc
The amazon domain is the 'how'.

~~~
bhartzer
That's what we would like to believe, but the concept of domain authority
doesn't exist. (Just because a page is on a certain domain name it should
rank... is false).

I'd put my bet on links (that are hidden), link ghosting, or cross-domain
canonical tags.

It's not "just because it's on the Amazon domain". If domain authority
existed, we'd see sites on Google sites, Business.site rank--and they don't.

~~~
DougN7
Can’t Google do manual penalties for some sites? How hard would it be for them
to do manual bonuses for the top 100 sites in the world. That would be pretty
much equivalent to domain authority, and I expect Google is doing just that.

~~~
dazc
Google penalizing an amazon domain would likely trigger some kind of legal
action?

~~~
DougN7
Probably, but I’m suggesting they are doing the opposite, and that therefore
domain authority does indeed exist.

------
lapnitnelav
While cookie stuffing is nothing new in the wonderful world of Affiliate
marketing, leveraging Amazon's force de frappe in this way is actually
brilliant.

Not that I condone it but the sheer ingenuity can be appreciated.

~~~
chayesfss
Yea I can imagine the dev who found this by accident like, holy shit did that
just work!

------
techaddict009
This concept is called the leeching and ranking. In this, mostly Google Sites
& AWS S3 is preferred as a source by the leechers. Mostly used by coupon and
movie download sites.

Finally, someone has openly spoken about it, instead of exploiting it a bit
more!

~~~
slig
I'm surprised Google didn't kill Google Sites yet.

~~~
techaddict009
Google has tried to but hasnt killed it completely. Like it has reduced
features on it.

~~~
crazygringo
What are you talking about? They launched a totally new version a little less
than two years ago, and new features keep coming so they seem to be continuing
investment in it...

[https://www.blog.google/products/g-suite/totally-rebuilt-
sit...](https://www.blog.google/products/g-suite/totally-rebuilt-sites-
customer-tested/)

~~~
wolco
Two years ago? That's old in google land. It will be shutdown soon.

~~~
dang
Could you please stop posting unsubstantive comments to Hacker News?

------
matthewaveryusa
I'm trying to understand how this works:

the s3 page has all links go to promocode.org
[https://s3.amazonaws.com/walgreens-photo-
coupon/walgreens/in...](https://s3.amazonaws.com/walgreens-photo-
coupon/walgreens/index.html)

When you click on that you get redirected to promocode.org where you get re-
prompted to click on the promo code and that's where the cookie promo gets
tacked on the walgreens website.

I understand that amazonaws.com is a highly-ranked domain. What part of this
process makes this particular s3 webpage rank up in search algorithms though?
At the end of the day don't you need lots of _direct_ inbound clicks and links
to this specific s3 page for it to rank higher?

The only way I see this working is if _indirect_ clicks of the entire domain
count towards the ranking of this specific page -- that doesn't seem right
though.

edit: looks like the paragraph above describes the concept of "domain
authority" so that's probably the answer

~~~
bhartzer
The concept of domain authority has been proven, time and time again, that
domain authority just doesn't exist. Here's a recent explanation:
[https://www.searchenginejournal.com/domain-
authority/246515/](https://www.searchenginejournal.com/domain-
authority/246515/)

~~~
sireat
From your article: "John Mueller’s(Google rep) response deflected a straight
answer"

It really depends on how you define site authority.

As the article you cited states:

“I am just labeling that unknown multiplier effect as a trust factor, that’s
all.

That’s a realistic definition of Site Authority, as a catch-all for all the
quality signals that Google uses in it’s core algorithm.”

At least in the early 2000s having a page on a high authority(however you
define it) domain automatically guaranteed higher rankings.

So even today, it is pretty much impossible to outrank wikipedia on some
mundane(non SEO worthy) topic even when wikipedia article is more basic, has
less inbound links and even cites the more substantial article which is based
on some random "low quality" domain. Obviously citation needed here...

~~~
bhartzer
>> At least in the early 2000s having a page on a high authority(however you
define it) domain automatically guaranteed higher rankings.

I totally agree. And in all of those cases, the page that is on that "high
authority domain" has INTERNAL LINKS from other pages of that site. The site
has high authority because other high authoritative links point to that site.
And that site links internally to that page. That's why that page ranks.

That's completely different than having an orphan page or an "orphan site" (a
set of orphan pages) that are on a highly authoritative domain. Just because
those orphan page(s) exist on an "authoritative domain" doesn't mean that it
will rank. Even 10,20 years ago that was the case.

In the case of this AWS site, the Amazon S3 page(s) that rank, they're orphan
pages. I may be wrong, but if you go to the home page of that amazon domain,
you can't click through to the page or pages that are mentioned in this
original post.

Just because the orphan pages(s) or orphaned "site" is on an amazon domain,
doesn't give it ranking power--because "domain authority doesn't exist.

------
sdk959
A bit off topic, but if you wanted to get better savings (aside from coupons),
try adding your products to a cart and leaving it alone for 2-3 days. Often,
online places will offer you a significant discount by having items in the
cart and not checking out. It's their way of getting you back in even if it
means selling at break even prices.

------
kaycebasques
I came into this post with a hunch that it would detail some weird social
engineering stuff and it did not disappoint. What a weird, interesting world
we live in.

~~~
jiveturkey
how is this social engineering? genuine question.

~~~
kaycebasques
I’m referring to the explanation of what seems to be called cookie stuffing
(based off other comments in this thread). Most of you probably already know
about this, but it was news to me and very satisfying to learn why those
shitty coupon sites exist.

The main idea of the post doesn’t seem to be related to social engineering,
though. Sorry for the confusion, I should have clarified.

~~~
ryandrake
It seems less social engineering and more taking advantage of search engine
stupidity (Domain Authority) to do run or the mill black hat SEO. I mean
seriously, I would have thought a multi-billion dollar search engine would be
more sophisticated than “durr, the domain has amazonaws in it, therefore it
must be legit!”

~~~
kaycebasques
I'm just going off of this Wikipedia definition of social engineering:

> Social engineering, in the context of information security, refers to
> psychological manipulation of people into performing actions or divulging
> confidential information.

The psychological manipulation in this case is getting people to click a
button because they think that it will show them a coupon (and therefore save
money), when in reality it does no such thing and instead puts a cookie in
their browser.

~~~
scrollaway
By your version of the definition, asking your friend to pass the butter is
social engineering.

The definition you copied is vague but includes the key phrase "in the context
of information security". The coupon code sites are just scamming people by
wasting their time (and primarily, scamming the retailers). It's essentially
just fraud.

If this were in an infosec context (clicking something that pretends to be
legitimate in order to gain some benefit), it'd be closer to phishing.

~~~
kaycebasques
I don't understand the comparison to "asking your friend to pass the butter"
but it doesn't seem like a fair comparison. I explained pretty clearly how I
thought the cookie stuffing idea mapped to the Wikipedia definition and it
seems like a reasonable mistake to make. But I'll take your word for it that
the definition I used only applies to infosec.

------
hex64
Let's decompose what is going on when you click on one of these pages : For
instance : [https://s3.amazonaws.com/walgreens-photo-
coupon/walgreens/in...](https://s3.amazonaws.com/walgreens-photo-
coupon/walgreens/index.html) It's a page with fake coupons links

When you click the "show coupon" boutton, two things happen

1\. A javascript "click" event is triggered (in coupon.js) and executes :
window.open([https://www.promocodefor.org/promo/walgreens/walgreens-
photo...](https://www.promocodefor.org/promo/walgreens/walgreens-photo-
coupon/c833699cf9ddea03/enjoy-50-off-enlargements-and-posters/?expanded=1))
This opens a new tab at this url, this page shows the fake coupon code.

2.Since the button is a <a> tag with
href="[https://www.promocodefor.org/go/pcfc833699cf9ddea03"](https://www.promocodefor.org/go/pcfc833699cf9ddea03"),
the current tag navigates to this url

Then you follow 7 redirect redirects (code 302) to pages owned by
[https://skimlinks.com](https://skimlinks.com) who redirects to pages owned by
[https://www.conversantmedia.com](https://www.conversantmedia.com) who finally
redirect to
[https://photo.walgreens.com/store/prints?tab=photo_Promo1](https://photo.walgreens.com/store/prints?tab=photo_Promo1)

It's basically an affliate link to walgreens.

The question is how did [https://s3.amazonaws.com/walgreens-photo-
coupon/walgreens/in...](https://s3.amazonaws.com/walgreens-photo-
coupon/walgreens/index.html) rank so high in google ? Just because it's hosted
on amazon doesn't make sense. There is a trick that we don't know.

I think it's hosted on Amazon S3 juste because it's very cheap hosting, since
the site is a single .html file

------
lifeisstillgood
The coupon thing seems crazy - Walmart must be spending real money to reward
sites that actually did not provide a coupon.

i mean i know it's all about consumer surplus, but all walmart knows is that
someone on the internet wanted to get a discount, did not get it, and now
walmart pays random SEO cash. They lose margin, the buyer is frustrated cos
they paid full price, and walmart knows nothing about surplus because the
client paid full price - no differentiation no price signal.

how is walmart winning here?

~~~
fabricexpert
Walmart only pays if they make a sale, so long as the commission isn't greater
than their margin it's just a customer acquisition / marketing cost that
drives sales if they have it and takes them away if they don't.

This is like saying "Most people who watched the TV ad didn't buy anything,
how is Walmart winning?"

The age old saying is that you know half of your marketing budget is wasted,
you just don't know which half. It still applies now even if you can track
users.

~~~
lifeisstillgood
But it's not a channel.

if i turn up at the till with coupon clipped from the tv guide, then putting
coupons in the tv guide is a viable channel to reach me

if i turn up with a cookie from whichever SEO happened this week to be on top
for "gardening gloves", but there is no legal coupon just a cookie, then what
has walmart learned? that google is a channel ? it's too big to be useful

------
qwerty456127
> Since most of the coupons you find on these pages don’t work, you may have
> wondered why do these coupon sites even exist? Their primary goal has been
> and will always remain to attach a browser cookie to your web browser

I really wonder why deleting all the cookies for a given website as soon as
you close it isn't the default behavior and not even a built-in option in web
browsers. I use Vanilla Cookie Manager in Chrome to make it work this way.

~~~
donald123
It's called incognito mode.

~~~
qwerty456127
AFAIK incognito mode doesn't let you whitelist certain websites you actually
want to save cookies.

------
iagovar
Fuck, im done :/

~~~
techaddict009
So in which niche you were cashing the cow in? :P

~~~
iagovar
ISPs (not the US)

~~~
techaddict009
Can you share more how exactly these pages rank? Just making static page
doesn't rank. (I shared this post with SEO community and few people commented
there so) Along with making static page any other things need to be done? Like
Spam Links, Social Signals, PBN Links, Guest Posts, Forum Links, etc.

~~~
iagovar
Just normal linkbuilding.

This guy didnt catch any link with ahrefs but I was unable to rank properly
without them. When I say links, I mean more than just links for getting it
crawled.

So you still have to spend money/effort in it, sorry.

Also since it's been published here, any edge that you could get is over. It's
going to be badly abused.

------
jiveturkey
not the top link in any of the demo'd searches, so clearly the title is false.
technically. still it's fascinating.

> Seth Kravitz is the CEO of PHLEARN, the world’s #1 Photoshop & Lightroom
> training company online

wow. i guess CEOs of any online company have to have deep deep understanding
of SEO these days. and what better SEO than blogging about things unrelated to
your company! as we just saw a few days ago from 3byte.

~~~
sdk959
Should have given himself the title of "Your Majesty".

------
Belphemur
Using another company (amazon in this case) to do your SEO for you.

This is so phishy. Doing a landing page on Amazon S3 and having all the link
redirecting to your real website.

I'm starting to wonder if shady SEO marketing companies aren't already doing
this to promote their "clients".

I hope the Google SPAM team we'll do something about it.

~~~
phreack
It's been going on for ages, they call it 'parasiting' and it's awful but it's
worked for years

------
CodeSheikh
Search for a coupon in one browser and buy the product in another to keep
these "marketers" at the bay.

------
tootahe45
Wouldn't it just be that [https://s3.amazonaws.com](https://s3.amazonaws.com)
is linked on tens/hundreds of thousands of websites and they're capitalizing
on this for SEO value, rather than 'Domain authority'?

------
quickthrower2
I feel an experiment coming on...

------
codezero
I assume they got indexed by using Google's webmaster tools to trigger a
crawl.

~~~
giarc
It's not the indexing that's the trick. That means nothing in this context.
The interesting part is how a site with no backlinks etc can outrank a ton of
other sites. The running hypothesis is that google treats all aws links as
being owned/operated by Amazon.

------
z3t4
This works because Google rank based on domains, not URL's. All link power
counts towards the domain, also boosting other pages on that domain.

------
QuantumGood
A modern version of the old parasiting .edu hack.

------
vuln
Am I the only one that thinks this is 'paid prioritization'?

------
A7med
that's clever

------
gammateam
lollll that's hilarious

now everyone's going to try that and it stops working

but then people are going to start naming their s3 buckets amazon- _

