Affiliates Plugin: Potential Bug that can be Abused.

I just thought of this issue..

Within the "Affiliate Advanced Settings -> Your URL" section of the Affiliates Admin Dashboard you can set a URL to make referrals from.

If you were to setup an account(s) you could set URL's from Facebook, Google, Ad Networks, etc.

I understand some of these websites use methods like "adserver.website.com" to send traffic, but it's not hard to figure out what these URL's are. If I was to use a program (for example: Google Adwords, Facebook Ads) to advertise my website, an affiliate could set a URL that that program uses.

Example: I set my referral URL to "facebook.com" and now any share/like on facebook that results in someone finding the website will automatically refer me.

The only simple solutions I can think of is requiring URL's to be approved by admin or have a black list (that can be modified by you, and perhaps pre-populated with popular networking site).

A more complex solution, require users to upload an HTML file to their website to verify ownership OR wait for manual verification.