homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Advertising / Pay Per Click Engines
Forum Library, Charter, Moderator: open

Pay Per Click Engines Forum

This 31 message thread spans 2 pages: < < 31 ( 1 [2]     
PPC Hijacking
Is your hard earned and paid traffic being redirected?

WebmasterWorld Senior Member pageoneresults us a WebmasterWorld Top Contributor of All Time 10+ Year Member

Msg#: 1313 posted 3:57 pm on Apr 12, 2006 (gmt 0)

PPC Hijacking

First let me preface this topic with the fact that I am not an expert in DNS but am learning something new every day in regards to DNS. Some of what I'm going to say may not jive and I would like for those who know for sure that what I'm saying is wrong, to step up to the plate and tell me that I'm wrong, please!

Okay, so what led me to this topic?

First posted on 2006-02-18. Made Front Page on 2006-04-09.
Links hijacked in search engines

First posted and on Front Page 2006-03-13
DNS Recursion - Open DNS Servers

First posted and on Front Page 2006-04-10
DNS Cache Poisoning

In that last topic on DNS Cache Poisoning, I referenced a document from the LURHQ Security Systems site titled PPC Hijacking. It can be found here...

Pay-Per-Click Hijacking

The above document is dated 2005-04-01, just over a year ago. If you've been following the above topics at WebmasterWorld on DNS Recursion and DNS Cache Poisoning, you'll see that the warnings have been around for years.

Much of the above document may be totally incomprehensible to some. It was a bit overwhelming for me until I printed it and then carefully studied each and every step they took to perform their tests. WOW! It was an eye opener. As I am somewhat familiar with server header status codes and such, it was pretty amazing to see everything that was taking place in this particular instance of PPC Hijacking.

  • Are you experiencing a large spend with a less than satisfactory ROI?

  • Are you in an industry where this type of technical foul play is possible and probable?

  • Is your Internet presence at risk because someone is slyly stealing your traffic and poisoning your brand?

  • Is it possible that the server your websites are hosted on allows for DNS Recursion (for non-authoritative DNS queries) and you are now open for the DNS Cache Poisoning exploit?

  • Is it possible that someone has been stealing your traffic and you don't know it?

  • Have you ever been turned down or removed from an advertising program only to be told that there is a virus (malware/spyware/adware associated with your domain?

Those are all questions I've been asking myself while researching these very important issues.

What should you do?

This is a tough call because many of us typically don't have to deal with this, it is best left to our server administrators. The problem is, our server administrators may have a different perspective on this than we do. We've reached a point in our industry where the technical aspects of what we do now outweigh the "what you see" aspects. The advanced marketer is going to be informed and know of issues such as this and address them promptly. The uninformed marketer may be falling prey to these types of exploits and never know it.

First things first. Run a DNS Report.


If you fail for Open DNS Servers (it will be flagged in red), you may be at risk for the above exploits. Please note that I've emphasized may. There are no publicly available tests to determine if you're a victim of DNS Cache Poisoning. The only way you would know is if you click on a link somewhere that was supposed to go to your site but didn't. Or, you've carefully disseminated your raw server logs and have detected a pattern that could be a DNS Cache Poisoning exploit.

The choice is now up to you on what to do.

The only way you would know is if you click on a link somewhere that was supposed to go to your site but didn't.

Be careful in this instance. The site may look exactly like yours byte for byte.



WebmasterWorld Senior Member 10+ Year Member

Msg#: 1313 posted 11:02 pm on May 2, 2006 (gmt 0)

danimal: See the link in my 05/02 reply in this thread:


It's not only possible to hijack your site without compromising your DNS directly, it's more likely.

It is during the hunt for the true authoritative DNS that the visitor may get sidetracked along the way by a compromised DNS.

This 31 message thread spans 2 pages: < < 31 ( 1 [2]
Global Options:
 top home search open messages active posts  

Home / Forums Index / Advertising / Pay Per Click Engines
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved