| This 56 message thread spans 2 pages: 56 (  2 ) > > || |
|Cautionary Tale - Someone Else Used My AdSense ID|
So a guy offered to sell me his website.
It seemed like a good deal, so I asked for proof of earnings, but instead of him sending me his Adsense screenshots, etc., he actually took my publisher ID from my site and added it to his pages and said, "now you'll get to see the revenue for yourself."
That seemed extremely suspicious to me, so I told him I wasn't interested in buying the site, and later that day he removed my publisher ID from his site.
Yep, as you can guess, I got an "invalid clicks" email from Adsense, and today when I tried to log into my account, it redirected me to...
That got me thinking...
Since someone's publisher ID is public, what's to keep saboteurs from doing the same thing to anyone? I was only making $2 or $3 a day on that account, so it's not a huge loss, but still... aren't we all at risk from such a thing?
I've sent back 2 emails explaining the situation, but so far I've received only robotic boilerplate emails from the "team".
At this point, it's the principle of the thing, and I'm not going to sit idly by and be called a cheater! Anyone have any suggestions?
This certainly seems possible. We had a site copied (adsense code and all) by some Egyptian outfit that was simply interested in using the content (how to learn about widgets). I suspect they responded to our takedown request by putting the thing behind a login page with robots.txt to keep out the googlebot.
Thing is, we still get clicks on channels which are now unique to those 'lost' pages, which are now not even in the Google cache. This suggests that my publisher id has indeed been hijacked - and quite possibly more than once. Even though the result for us is a couple of extra $ per month, I too would love to have this situation clarified. Even though the result has been mildly benign, there is no way I can check the logs, (or even find the url) where ads are being displayed in my name.
Which is disturbing.
Seems google often isn't concerned about publisher ids showing up on other pages..
I send G a message about views and clicks on a adsense account I havent used for 18 months.
I was sure someone must have copied the pages/code way back then.
But they said 'don't worry'... likely a cached browser page. I could see one page maybe being cached but not 10 pages for 18 months!
They would not tell me from what url the views/clicks were coming - privacy concerns (what crap is that!)
I refuse to believe it is as simple as the O/P put it, if it was that easy, we all would have been out of AdSense business a long time ago.
[disclaimer] I am not saying Google is infallible or cannot make mistakes, I'm saying Google would be stupid if they allowed such a thing to happen[/disclaimer]
As requested hundreds of times already here, why isn't Google allowing publishers to list and restrict ads to their domains?
It is that easy to have your pages with your Google ID hijacked. I see it happening to my pages quite frequently. Google won't tell you the URL of where the hijacked clicks are coming from.
You can take some precautions yourself by using an adsense ad tracking script. Imbed the script's notification script somewhere into your content so it will be copied along with your content by the hijacker. That way you will see what URL any ad views/clicks are originating from.
Hobbs, all I know is:
1. Everything was fine for 2 years.
2. A guy used MY publisher ID on HIS site (which I now suspect as generating invalid clicks, but I don't have any real evidence).
3. A week later, my account is disabled.
4. Despite my protests and explanations, Google responds with boilerplate "invalid clicks" emails.
From a business point of view, I understand Google's rationale. We're talking about small amounts of money here, so any dispute and they're erring on the side of the advertiser. As an Adwords advertiser, I suppose I appreciate that sentiment.
I just don't like being treated like I did something wrong when I didn't, and even if Google is right 99.9% of the time, there's the 0.1% like me who receive summary execution without a trial.
I've had people copy my pages including the adsense. So far it's been some clueless person and I could get them to take it down.
Your case is different. I suspect the person trying to sell his or her website was trying to show you how much the site would make by clicking on your ads to bring the earnings up.
I hope you can get it sorted out.
salvisa, did you send Google email or you filled appeal form?
I just responded to their emails.
I didn't even know there was an appeal form. :-(
Could it be possible that his site was recently banned? Maybe that's why he has no proof of his earnings and was trying to offload the site. My guess: He has a banned site and now your ID appears on the site. The Google Algo puts the two together and says these are the same person, hence the ban.
|I refuse to believe it is as simple as the O/P put it |
Why? It closes no holes to let you restrict clicks to your "own domains". If someone can/will generate the invalid click pattern needed to trigger Google's automated banning algorithms, they can point them at your domain as easily as copying your Pub ID to their domain and doing it there.
|if it was that easy, we all would have been out of AdSense business a long time ago. |
Well, the word about how easy it is to get someone else banned is still transitioning to common knowledge, so watch for a big uptick this year. You still have to have somebody willing to do the invalid clicks and risk getting banned themselves (not much risk if they're a disgruntled and banned former user themselves).
For this particular case, the theory that the guy was selling in the first place because he already got banned sounds plausible to me.
btw, the adsense appeal form is here:
Best luck, salvisa.
Thinking about it now, that would be a case where an email to adsense support would have been a good idea....
And anyway, the "whitelist" feature is badly needed indeed.
|... and said, "now you'll get to see the revenue for yourself." |
When he "said" this, did he say it in writing? If he did, offer Google copies of the correspondence between you. Might also add weight to your case if you took screenshots showing your publisher ID on his site.
Good luck, and here's to the day when publishers have to register/confirm each site their pub ID appears on with Google before ads will appear.
As I said, Google would be stupid if it is that simple to get any publisher banned, if the seller was banned, then his inserting a pub id alone does not constitute a definite relation with that pub id owner (salvisa), the banning algo must have found other criterion as well to establish that there is a relation between them.
I am not saying salvisa did any of this, but other items to check by the banning algo would be salvisa's history / credibility rating, recent clicks recorded from his IP range, other domains he own and their rating as well, the IP's of the clicks on salvisa's sites and their relation to known click bots... If you noticed, it has to be all related to salvisa not the seller to confirm a relation, other wise Google would be dim witted.
salvisa, sorry for that mess, I am not saying you did any of that, just that there is possibly more to the story that what you say or know.
And yes, we need to lobby for that whitelist, what possible reasons could Google have against it?
|if the seller was banned, then his inserting a pub id alone does not constitute a definite relation with that pub id owner |
Google knows lots more about us than we could ever think. It is easy to to establish a relation, because salvisa for sure visited that site before or maybe even same day his/her publisher id was used on that site. Google could also use Google Toolbar info, Orkut info, Google Analytics info, Gmail, etc. etc. to determine if few people are related.
Maybe i'm paranoiac :)
About whitelist, unfortunately no one requested such a feature in the wishlist :( Not sure if that would help though
no, see # 34
34. Ads shown only on sites which really belong to us. Give the option to specify our domain names in our accounts. (as we do in Google Analytics)
+ It has been requested in more threads than I can count.
Actually, it also shows up in #11:
11- Ability/Option to register authorized domains attached to an account to avoid possible problems with hijacked page code.
About a year ago I started receiving hundreds of clicks that my tracking software wasn't showing coming from my websites. At first I was elated that someone had copied one or more of my pages to a high traffic URL. Then, the realization set in that this probably wasn't legit clicks and I emailed Google explaining that I had this huge increase in clicks and my tracking software wasn't indicating it was coming from any of my websites.
Google replied with a bunch of questions including what website URLs I controlled. They wouldn't tell me what domain(s) other than those I controlled that any clicks where coming from. This went on for about 2 weeks and I emailed Google every day I noticed a large number of unaccounted for clicks. Eventually Google must have banned the offending domain. The extra income was also adjusted out of my account. I expressed concern that I could lose my account over this episode and Google reassured me that my account was still "in good standing".
I guess the moral of the story is, if you suspect your ads have been copied and/or there may be invalid clicks, email Google early and often as long as it persists.
WallyWorld, thanks for sharing that. Your experience seems to suggest that Google may not have adequate systems in place for detecting this kind of exploit.
It appears that you detected the exploit before Google did. Google may have detected fraudulent clicks, but they may not have detected the exploit behind it. It makes me wonder if Google has adequate systems in place for detecting ID jacking.
When you think about it, how could Google detect this in a timely manner? Constantly cross-checking whois information with publisher IDs?
If Google is not checking for this kind of exploit, does it mean that their knowledge of the extent this kind of activity is not truly known? And if Google is not truly aware of the extent of these occurrences, how many innocent publishers may have lost their accounts due to this kind of event?
this issue falls under my golden rule with Google. When in doubt of the clicks, report it.
I feel that the Google team is overloaded with work and just solving the newest click scams, so every bit of help they get, leads to a hint on preventing fraud. so they will gladly take any info you provide. In the worst case you are proven innocent due to a clearly documented paper trail. best case you get invited to a Google lunch.
|When you think about it, how could Google detect this in a timely manner? Constantly cross-checking whois information with publisher IDs? |
It's interesting that they apparently can't right now, and not for lack of publisher input. Though I'm more of a 'submit a site for approval before running Adsense on it' type of guy, the idea of a 'whitelist' has a lot of appeal. The lack of one can go far in explainging some of the 'Iv'e been banned threads', at least a few of which were started by regular WebmasterWorld members.
What I find particularly confusing is Google's lack of feedback whenever publishers raise points that can only improve the program. Either a whitelist or the end of 'run once, run everywhere' would only help to protect the advertisers' dollars and ease publishers' peace of minds.
Guess I'll take a hike over to the Reasons Why AdSense Won't Implement a Whitelist [webmasterworld.com] thread.
I DO have his email saying he was going to put my publisher ID on his site so I've got the proof if Google needs it, but alas I do not have a screenshot of my ID actually there. (I have reason to believe he NEVER put my ID on the site he was selling, but instead put it on some other site to boost the numbers.)
Funny thing is, this guy actually has a large internet presence and sells "how to succeed online" products. God help us all!
|Could it be possible that his site was recently banned? Maybe that's why he has no proof of his earnings and was trying to offload the site. My guess: He has a banned site and now your ID appears on the site. The Google Algo puts the two together and says these are the same person, hence the ban. |
I think you've likely nailed it. Obviously, he wants you to think his site pulls in massive amounts of money. But, if he had to show you any current screenshots - and his account was disabled - well, he couldn't ... because I don't believe you can even log in when your account is banned. So you caught him a bit off-guard with his request.
His response? Put your code on his site so that you could "see for yourself" ... but think about it for a minute. Let's say you've got some site that earns big numbers - like $2,000 per day. Why, on earth, would you want to GIVE SOMEONE YOUR REVENUE FOR A DAY?!? It just doesn't make any sense.
Nope - he was trying to sell you a site that was just itching to be banned again, and charge you a large sum of money for it. If you can get your account back, you've managed to dodge a big financial bullet.
What motivation, other than discrediting you directly and having your AS account disabled) could someone theoretically have?
Question: is it worrying enough to G?
page caching or something can leave things like channel ids around for practically ever. I killed off some channels in the summer, and this month it has finally fallen off to 1 page impression in the month so far, but evidentially even after several months something is grimly hanging on in a cache.
From Adsense TOS:
>>You acknowledge and agree that Ads and/or Links: (i) shall only be displayed in connection with the Site(s), each of which is subject to review and approval by Google in its discretion at any time; and (ii) shall be subject to the placement guidelines set forth herein.
>>You are solely responsible for the Site(s), including all content and materials, maintenance and operation thereof, the proper implementation of Google's specifications, and adherence to the terms of this Agreement, including compliance with the Program Policies
>>Prohibited Uses. You shall not...... other means other than Your Site(s),
Sorry you had to learn a lesson this way, but I have to say that you broke a lot of TOS rules. It's also a story that is very hard to explain because on the surface, it looks like fraud.
For example, if you've got a site that generates $2 per day and this person's site generates $100 - well that allows you to quickly make the $100 monthly threshold. It's also hard to explain what you were going to do with the money... Did you have to pay this person back? And yes, I do understand this issue has more to do with account IDs... but there is a lot going on here.
if you know, or suspect, that your Pub-ID is being used by unauthorized sites, is there any way to request a new Pub-ID without having to cancel or re-create your AS account from scratch?
>>if you know, or suspect, that your Pub-ID is being used by unauthorized sites, is there any way to request a new Pub-ID without having to cancel or re-create your AS account from scratch?>>
THAT would be a good new feature for AS just like the iTunes feature to deauthorize ANY machine even if not in your posession (anymore).
|he actually took my publisher ID from my site and added it to his pages and said, "now you'll get to see the revenue for yourself." |
Yeah, and he probably got carpel tunnel sitting there 24/7 clicking on your adsense ads.
Place the Adsense script off page. This way it won't be copied and can be read protected from anyone but the web pages themselves.
| This 56 message thread spans 2 pages: 56 (  2 ) > > |