Recently our support team has received questions about a highly controversial topic, a traffic exchange service, because these server owners started to receive incident reports from us about DoS attacks coming from their servers. We decided to write this blog in order to dissolve any possible concerns and doubts about BitNinja’s reaction to this service and its consequences.
HitLeap is a traffic exchange service, which is mainly used by those who would like to boost their own marketing and have their site ranked somewhere at the beginning of Google’s search list. This counter-marketing service is getting more and more popular recently, which can be explained by its underlying business model. The plan is based on the well-known pyramid technique, where each HitLeap member gets a unique link, that other people can use to become a new participant of the network. The pyramid model always furthers the financial advancement of the upper-layers, so is this traffic exchange service. Each member will receive 50% share from the spendings of those, who registered using thier individual link. Sounds promising isn’t it? However, we need to debunk the already-built fake impressions about and elevated hopes towards this network.

Black hat SEO?

Black hat SEO is a practice of rapidly increasing the traffic of a site, in the hope of generating quick financial return to the website. This practice embraces the risk of being banned from search engines. However, most people who execute black hat SEO are well aware of this drawback, but is still worth them, as their only purpose is to gain profit rather than invest in the long-term propagation of their website.
This is a clearly unfair deed, from which companies ,who abide by the unwritten rules of SEO, suffer a lot. The practice takes advantage of the loopholes on the system and tosses the fair-player competitors back on Google’s list.
Before we would get into the instant explanation of the dangers of the service head first, let’s just summerize how it works exactly.
You need to sign up on the website and able to use the free or the pro version for which you need to pay just a banal sum of money. You can download the HitLeap Viewer on your computer where you can monitor and manage the amount of traffic you payed for, and you are able to gain and spend your credit/minutes
You can enter a URL/what you would like to target with the increased traffic. At once, you are able to enter 3 URLs, if you need more, just purchase  empty slots for extra money. With this method you can have at least 10.000 hits on one single day.
One extremely important fact to keep in mind, you can choose the source of your traffic. It can be anonymous/random (which may receive increased attention from Google’s part), or it can come through Facebook, Pinterest, Google, Youtube or Twitter, like normal human connection. This way, Google will not realize your tiny secret of cheating in the marketing powergame. Smart isn’t it? You may have started to think „Hmm.. this is clever, why haven’t I used this service before?” Well, do not worry, you have done the best thing possible, you kept your website, IPs and business out of an easily exploitable botnet network, which may be appropriated within a matter of minutes and turned into a malicious network of zombie computers.

What should you do instead?

We recommend you to perform the usual white hat SEO tactics, we know it is a long process and needs a lot of investment both in time and in money, although, the gratification of success cannot be taken away from you by examining your methods. Thousands of businesses reached the first rank on Google by using the usual techniques of SEO. Champions fight their way up to the ladder of success and let smaller and younger ambitious businesses to follow their company’s glorious footsteps.

Why is it dangerous?

Just observe its Terms of Service:

1. „HitLeap can not be held liable for any damage that might be caused directly or indirectly by utilizing this service.”
2. „The HitLeap Viewer application may transmit information, including personally identifying information, back to HitLeap’s servers.”
3. „HitLeap does not provide any guarantees about results with 3rd party services.”
4. „HitLeap reserves the right to keep all the data related to your account, even after you delete your account.”

First and formemost, it stores all the data you enter, and a lot more if you download the client on your computer. Are you comfortable with this? Because we wouldn’t be at all.. What is more, the collected data will never be erased from their system. What can they collect? Well, literally everything after the installation of the client, starting from sensitive personal information through the specifications of your computer.
Secondly  it does not take responsibility in case of any disturbance with 3rd parties, which is understandable from their part to say, because this service has many-many dangers. And, here is where BitNinja comes into the picture.
Our Dos detection module is designed to block and drop the connections from the IP which generates more than 80 connections simultaneously, meaning that if the connection is directed towards the BitNinja server it will be identified as DoS, and the IP gets instantly greylisted, so the money, considered to be well-spent, will be wasted.
There are two options, how can this happen. The first is, if a BitNinja user uses HitLeap and pays to enhance the traffic of their own website. The traffic will be directed towards the BitNinja user’s website, although as the software denies connections over 80 simultaneously, it will be dropped and the source IP will be greylisted. This will result in the Bitninja captcha appearing over and over again for the server on the greylist.

Secondly, a random HitLeap user can direct this elevated traffic towards a website which is hosted on a server of a BitNinja customer. The result is the same, BitNinja drops the packages and dollars go to the bin.

What happens if you don’t use BitNinja?

The HitLeap service will operate on the given URL undisturbed. In contrast, if someone uses HitLeap and starts the traffic exchange towards a domain which is not theirs and may not be prepared for the reception of such amount of visitors, it can be taken down and may become unavailable.

What can you do as a Bitninja user?

You are able to configure the settings of your DoS detection module. Increase the treshold of allowed connections. Although, please note that the prearranged stricter settings serve the security of your own server, and the software may not defend against a heavy DoS or DDoS, which may result in the collapse of your server/website.
Despite of the number of requests we receive regarding Bitninja greylisting these IPs, unfortunately we are not able to take further steps to resolve the caused harmful consequences of the service. HitLeap does not take the responsibility for inflicting harm or difficulty, directly or indirectly, to 3rd parties.
On the other hand, as the members of HitLeap are paying to be part of this botnet network, which can be easily exploited and carried over to the dark side of the Internet, we will not be able to whitelist IPs, nor remove them from our greylist, neither upon individual request.
Our company does not support the operation of such services in any case, as they may have damaging outcome and is an unfair deed against any other company/person’s marketing strategy.