There are two ways to fight cheating: automatic and manual.

Automatic means the script disables the trader on its own. The main part of this is AntiCheat Settings: deactivation by proxy %, quick clicks, and similar signals.

Manual means the script shows suspicious parameters and you decide what to do. Everything else on this page falls into that category.

SmartCJ also checks traders against public fraud databases and, if it finds a match, marks them with color in Trade (yellow by default). Domains are checked against:

• CJWebmasters.com - a shared database for all SmartCJ scripts. If you check “add to global database” when deleting a trader, that trader domain is added to the database and marked for other SmartCJ users as well.
• Malware Domain List via CJWebmasters - MDL contains IPs with spyware and similar issues. If a trader domain is on the same IP, it appears in the CJWebmasters listing.
• Google Safe Browsing.
• Trader page HTML for words from Settings - Config files - banned words.txt.
• Trader WHOIS for words from Settings - Config files - banned words.txt.

NOTE! All of the checks above only mark traders with color. They do not disable the trade. Disabling is done only by AntiCheat Settings.

These are suspicious clicks.

This includes:

• Clicks made less than 3 seconds after the page request.
• Clicks with an incomplete cookie set.

System works - whether the system is enabled at all.

Incoming: dont count every IP that appears more than X times during last Y minutes - for example, if within 10 minutes a certain IP appears in incoming hits more than 20 times, we block it. Block means it is not counted, but the surfer still sees the page.

Outgoing: dont count every IP that appears more than X times during last Y minutes - the same logic, but for outgoing clicks.

Proxy % (switch trade off if >) - disable the trade if the proxy % is higher than the configured threshold, for example 50%.

Productivity off (many hits in, but few clicks) - disable the trade if productivity is too low, for example 10%.

Cheat Signs % off - disable the trade if there are too many cheat signs, for example more than 15%.

Unique IPs - for example, 100 hits arrived but there are only 10 unique IPs, which is abnormal. Disable the trade if the unique IP % is too low, for example below 10%.

Unique hits - the same idea for outgoing clicks.

Traffic quality - disable the trade if traffic quality is too low (quality is configured in Quality Settings).

Uservar Key - parameter for User Vars.

Hidden Links - see hidden_links.

Your own surfers are the best assistants for detecting exploits and other bad things on trader pages. When any link is clicked through `out.php`, the script remembers which URL the surfer was sent to.

Place a link like this next to each link in the subtemplate, for example:

<a href="/scj/tube/?action=report&gallery_id=<!--GALLERY_ID-->">Report Bad Site</a>

You can view the results in Cheat Lookup → Reports.

The `report` template is in Rotation - CMS.

This shows the ratio between hits from a country by IP and hits for that country by browser language. For example, if a trader has 90% `en-us` browser language but only 10% USA traffic by IP, that is suspicious.

For example, `Hits with lng en: 100, IPs from this countries with this lng: 10` means there were 10 hits identified by `mod_geo` as US, CA, or GB, but 100 browsers with language set to `en`.

Some difference is normal. For example, a person in China may use an English Windows install, or a person from the US may be in China with their own laptop.

This shows how smooth trader traffic is by hour. For example, if in one hour a trader sends 10 times more traffic than their hourly average, that is suspicious.

Here the script analyzes traders by several parameters at once:

• Refs/Browsers - analyzes the trader stats to detect an abnormal concentration of identical referrers or browsers. In a normal situation, a trader should have different referrers, not just the domain root. If referrers are 99% `http://trader.com/`, that is suspicious. The same applies to pop-up traffic with no referrer but with an ID, or cases where 90% of browsers are IE.
• Uni IPs - if the number of unique IPs is too low. For example, a trader has 100 hits but only 5 unique IPs. That is another reason to take a closer look.
• Other - some traders register from the same IP but under different nicknames. This can help detect fraud networks.

This method is based on the `link` parameter. Add a normal `&link=` parameter to each site link, and the script will show statistics such as one link getting 35% of clicks and another getting 20%. If one trader has a click distribution that is very different from the site average, that is suspicious.

The `Discrepancy` parameter defines by what % a trader's stats must differ from the site average before the trader is shown in the list.

This is an additional variable that lets you track any traffic parameter that is not shown by the script by default.

Simple options:

This can help you determine, for example, the % of surfers who load images or the % of surfers who have both JavaScript and images enabled.

You need to do the following:

1. Insert `<img src='/scj/cgi/user.php' width=0 height=0>` into the page.
2. In the admin panel, enable `CJSettings → Layouts → UserVars count (hourly)` and `UserVars count (daily)`.

That is all. In the corresponding column you will see the % of users with images enabled.

How it works: if images are enabled, the browser will try to load `/scj/cgi/user.php`. The script then compares the number of page hits with the number of `/scj/cgi/user.php` downloads and gets the % of users with images enabled. Note that if you place this code at the end of the page, the surfer may stop loading the page before the browser reaches that image.

You need to do the following:

1. Insert `<script src='/scj/cgi/user.php'></script>` into the page.
2. In the admin panel, enable `CJSettings → Layouts → UserVars count (hourly)` and `UserVars count (daily)`.

That is all. In the corresponding column you will see the % of users with JS enabled.

You need to do the following:

1. Insert `<script>document.write('<img src=/scj/cgi/user.php width=0 height=0>');</script>` into the page.
2. In the admin panel, enable `CJSettings → Layouts → UserVars count (hourly)` and `UserVars count (daily)`.

That is all. In the corresponding column you will see the % of surfers for whom JS worked and the image was loaded.

Potentially this is a very strong anti-cheat system. It is based on the idea that a cheater has to emulate the browser completely to bypass it.

To use it, place the following code on the page:

<script language="javascript">
  var i,j,key;
  i = 0;
  j = 1;
  for(i=0;i < 20;i++) {
    key = j + i + 20;
    j = key - 10;
  }
  document.write("<img src=/scj/cgi/user.php?code="+key+" width=0 height=0>");
</script>

The point of this code is that it inserts an invisible image which requests `/scj/cgi/user.php` with a code calculated by JS.

In the admin panel, the script shows the % of downloads of this image relative to all traffic (`Cnt`), as well as the % of downloads with the wrong code (`Dis`).

So the cheater must not only load the correct image, but also execute JS to find out which code should be used.

In this example the script produces the number `401`, which is the default value in settings. If `user.php` is loaded and `code` is not equal to `401`, then the `Dis` % will increase. If you change the script and the number changes, it should also be changed in the admin panel. Likewise, if you only change the number in the admin panel but not in the script, you will get 100% `Dis`.

You can change the JS code or the `user_in.php` logic in a way that makes automatic calculation as difficult as possible.

You need to do the following:

1. Paste the code below into the page.
2. In the admin panel, enable `CJSettings → Layouts → UserVars count (hourly)` and `UserVars count (daily)`.

<script src='/scj/includes/js/jquery.js'></script>
<script>
var checked = false;
    $(window).scroll(function () {
      if (!checked ) {
      document.write("<img src=/scj/cgi/user.php?code=401 width=0 height=0>");
      checked = true;
      }
    });
</script>

When `user.php` is requested, the user gets a `user_var` cookie. This can be used to redirect users who did not load images, for example. To do this, in settings set `Settings - CJSettings - other : Traffic Check - Cheat Hit if cookie doesnt exists = user_var`, and in system trades set personal skimming or URL for the trader `cheat_clicks`.

Hidden links help calculate bot traffic from traders. Example:

<div style="position:absolute; left:0px; top:0px; width:50px; height:20px; z-index:1; visibility: hidden">
<a href="/out.php?link=bla-bla">Enter</A></div>

Such a link is not visible to a normal surfer and therefore cannot be clicked by them. But for a bot that does not understand link visibility, it looks the same as all the others. This method is based on clicks on hidden links.

Add hidden-link values separated by commas to AutoAnticheat, for example `hidlink1,hidlink2`. Enable the Hidden Links column in `Settings → Layouts`. A new column will appear on the Trade screen showing clicks on hidden links for each trader.

Technically, a few such clicks do not directly prove cheating, but this trader is worth a closer look.