Every once in a while we ship a feature whose job is to make sure you never notice it. Enter Campaign ID randomization - a small change that makes it harder for crawlers to find your campaign.
Over the past few months, we've noticed an increase in automated crawlers attempting to discover campaign pages that hadn't been "published" yet. We saw these crawlers run through the sequence of campaign IDs to identify which ones returned a page rather than a 404 - because campaign IDs used to be sequential.
So we've made a change to how we identify campaigns:
What changed
Newly created campaigns now include three randomized digits at the end of their campaign ID. The important part is that IDs are no longer predictable, which makes it significantly harder for automated tools to guess valid campaign URLs.
Most partners won't notice anything different. Campaign creation, publishing and sharing links all work the same as before.
We also added crawler detection
In addition to randomizing Campaign IDs, we've added an additional security layer.
If a single IP address requests five campaign IDs that don't exist within a 24-hour window, the platform will assume it's a crawler and temporarily returns a 404 response for any further campaign requests from that IP.
In other words: if something repeatedly tries to find campaigns that don't exist, the system stops responding (not permanently, but for a rolling 24 hours)
What counts as a failed request?
Only campaign IDs that don't exist in our database count toward the limit. Things that do not trigger this protection include:
So for legitimate usage, nothing changes.
If you have questions or notice anything unusual in your campaign testing workflow, reach out to support@tradablebits.com and we're happy to take a look.
