homepage Welcome to WebmasterWorld Guest from 54.196.159.11
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Google / Google AdSense
Forum Library, Charter, Moderators: incrediBILL & jatar k & martinibuster

Google AdSense Forum

    
Off topic ads result of a hack?
southernmost




msg:3140467
 12:57 am on Oct 31, 2006 (gmt 0)


System: The following 14 messages were cut out of thread at: http://www.webmasterworld.com/google_adsense/3141247.htm [webmasterworld.com] by jatar_k - 10:02 am on Oct. 31, 2006 (pst -8)


Not sure what is going on, but one of my sites is now displaying pharmacutical ads - definitely not my niche. Only the homepage, and all three Adsense ads are displaying ads for "phentermine"...whatever that is. Looks horrible, and I'm a bit worried if this is an Adsense problem or something on my end.

 

andrewshim




msg:3140488
 1:12 am on Oct 31, 2006 (gmt 0)

What is phentermine?

Phentermine is a sympathomimetic amine, which is similar to an amphetamine. It is also known as an "anorectic" or "anorexigenic" drug. Phentermine stimulates the central nervous system (nerves and brain), which increases your heart rate and blood pressure and decreases your appetite.

Phentermine is used as a short-term supplement to diet and exercise in the treatment of obesity.

---------------------------------

Defined in a website I googled... me thinks Google is on Phentermine, lost too much inventory so you're getting crappy ads ;)?

leadegroot




msg:3140701
 6:37 am on Oct 31, 2006 (gmt 0)

andrewshim: offtopic 'phentermine' ads may mean you have been hacked - check your site for unexpected content.
Note that the hacks may only show to bots - even if the site looks clear, check your google cache and your referring keywords for stuff that shouldn't be there!

andrewshim




msg:3140715
 7:10 am on Oct 31, 2006 (gmt 0)

thanks leadegroot, but it was southernmost who was having the problem with phentermine ads. I was merely giving the definition of phentermine.

anyway, off-topic ads are a common occurance every now and then.

southernmost




msg:3140980
 2:31 pm on Oct 31, 2006 (gmt 0)

leadegroot: HOLY CR*P! I just check the source code of the Google cache and there is a world of code that I didn't put there...mostly for phentermine.
How did someone do this?
How do I correct this?

andrewshim




msg:3140992
 2:41 pm on Oct 31, 2006 (gmt 0)

if you're not running your own server, call your webhost PRONTO!

southernmost




msg:3141123
 4:38 pm on Oct 31, 2006 (gmt 0)

andrewshim: I just spoke with my host and had them change all the passwords: ftp, contol panel, and e-mail.
next I scanned my entire system with Microsoft Windows Defender...nothing came up.
I'll next scan with Norton.
Once I'm sure my computer is clean I'll upload the original files. (my local files aren't changed...just the ones on the host/remote server).
Any other suggestions?

hughie




msg:3141176
 5:04 pm on Oct 31, 2006 (gmt 0)

sounds like there is hole somewhere, i'm no expert but i know a few hacks in PHP that can allow entry through badly built apps.

Are you allowing any file uploads on any sites using PHP, or have any outdated open source projects that may have known vulnerabilities on them?

southernmost




msg:3141208
 5:27 pm on Oct 31, 2006 (gmt 0)

no, the site is straight static html.
still can't find anything viral/malicious on my system.
i called the host again and asked them to check other sites on the same server to see if their server was hacked.

jatar_k




msg:3141302
 6:06 pm on Oct 31, 2006 (gmt 0)

I split this out to give you your own thread southernmost

incrediBILL




msg:3141332
 6:26 pm on Oct 31, 2006 (gmt 0)

So they didn't install any sneaky redirects to drive traffic elsewhere?

Just cloaked data to attract specific types of ads?

I wouldn't touch a THING before contacting AdSense support as it's possible one of their AdWords advertisers is in fact a hacking criminal.

This type of thing deserves being escalated as a more serious computer crime, especially if you lost any significant amount of income from AdSense as depending on the amount, it could be yet another felony count.

jomaxx




msg:3141402
 7:16 pm on Oct 31, 2006 (gmt 0)

leadegroot, I guess you were right, but what prompted you to suggest that? I would have put being hacked quite low on the list of reasons for off-topic ads.

southernmost




msg:3141451
 8:00 pm on Oct 31, 2006 (gmt 0)

mod: thanks for breaking this out to it's own thread. took me a while to figure where it was.
yes, the site was hacked.
I would post a copy of the injected lines of code (over 1000 lines...all were links to phentermine, mortgage calculators, wedding rings, and a few other mega-spammy items.
my host seems clueless.
at one point, they said it was due to a product of theirs "that was included with my site" that increases search rankings! AHHHHHH!
The off topic ads were displaying because the lines of code outweighed the rest of the page, and so phentermine and morgage ads.
I've changed my username & password on the ftp, and uploaded the correct files.
But without knowing why this happened (it didn't happen on my local files, and my system was scanned three ways and came up clean) I'm worried about what to do.
Probably I should change hosts. Ya think?!

[edited by: jatar_k at 10:47 pm (utc) on Oct. 31, 2006]
[edit reason] no specific hosts thanks [/edit]

leadegroot




msg:3141511
 8:58 pm on Oct 31, 2006 (gmt 0)

jomaxx: because it happened to me!
I saw a PPC-related search engine query in my logs and knew there was nothing like that on that site.
It was the first thing that occurred to me when I read the OP!
Still no idea how my site was hacked (low quality, cheap hosting for a site thats not an earner. I think theres an obvious explanation there.... ;))

southernmost: glad I could help! Odds are you won't know how they got in, first step is to clean it all up :)

incrediBILL: how on earth would an adsense ad introduce a hack onto the site? Its run in javascript on the end client, not the back end? I'm thinking a normal everyday site hack, myself.

jatar_k




msg:3141619
 10:49 pm on Oct 31, 2006 (gmt 0)

I don't know if changing hosts will change much. I would try to figure out how the code was injected first, otherwise you may have the same hole exploited again.

are they db generated pages?
are there any scripts in use on your site?
did you keep a copy of the pages before you changed them back as this may offer a clue?

incrediBILL




msg:3141661
 11:44 pm on Oct 31, 2006 (gmt 0)

IncrediBILL: how on earth would an adsense ad introduce a hack onto the site? Its run in javascript on the end client, not the back end? I'm thinking a normal everyday site hack, myself.

Um, did I imply otherwise?

I think it's a normal hack too, but how are they making profit was my point.

You either redirect traffic to a site, or you must be trying to get ads from the bandit to appear to gain money, what other options are there?

Therefore, if no traffic redirect is present, I'm assuming someone using AdWords was responsible for the hack to get more click-thrus to their ads.

southernmost




msg:3141679
 12:24 am on Nov 1, 2006 (gmt 0)

the pages are not generated with a database or any other dynamic method.
They are simple html.
the only script is the adsense code, and it began to show phentermine ads because the malicious code was mostly phentermine links.
As for who could make money with this?
Maybe the black-hatter is looking for backlinks?
Not sure what to think.

leadegroot




msg:3141687
 12:30 am on Nov 1, 2006 (gmt 0)

incrediBILL: oh, fair enough - i misunderstood :)
Its quite possible it was a simple page rank hijack - they increase the page rank of their junky ppc sites by physically putting links to it on other sites.
Probably works, at least for a while.
I wonder if there would be a point reporting the linked pages to Google? Probably not - in theory it could be a competitor of the linked page looking for exactly that. Remember - there is *almost* nothing a competitor can do hurt you... ;)

andrewshim




msg:3141697
 12:45 am on Nov 1, 2006 (gmt 0)

because it happened to me!

Good thing we all learn from experience. I would assume that the first thing a webmaster does when he sees off-topic ads persistently re-appearing would be to check the code. I know I do. Anything wrong - check the code first.

Anyway, a cheap host ISN'T going to tell you that the problem was on their end. They'll fix it, but they will NEVER admit fault. So maybe, if it happens again, it may be prudent to switch.

southernmost




msg:3142153
 1:28 pm on Nov 1, 2006 (gmt 0)

it wasn't a cheap host.
i'll keep an eye on things like a hawk now.
i'll probably move the site away from their hosting anyway.

[edited by: jatar_k at 5:56 pm (utc) on Nov. 1, 2006]
[edit reason] no specifics thanks [/edit]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google AdSense
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved