| 1:50 pm on Nov 17, 2009 (gmt 0)|
Interesting, never seen this before... Maybe you were hacked?
| 3:04 pm on Nov 17, 2009 (gmt 0)|
hmmm, Tamper Data is a Firefox Plugin [addons.mozilla.org], do you have this installed?
| 3:32 pm on Nov 17, 2009 (gmt 0)|
No. i didn't install that plugin. and i never knew about the plug in.
What can i do for my adsense account?
| 3:40 pm on Nov 17, 2009 (gmt 0)|
Can you still log into your account (directly not through any links on the email)?
If you can log in it is probably a phishing email. Can't imagine adsense going into any detail in their emails.
| 3:46 pm on Nov 17, 2009 (gmt 0)|
No. I can't login into my account.
actually i was viewed the adsense report in my account. side by side just i checked my adsense ad posted website, that shows no ads. then i checked my mail i got this mail from google.
and then i logout and re-login, it says disabled. its very sad.
| 10:54 pm on Nov 17, 2009 (gmt 0)|
Do you live in the country that was indicated on your account ?
| 7:09 am on Nov 19, 2009 (gmt 0)|
Check this :
| 10:40 am on Nov 20, 2009 (gmt 0)|
I am guessing that Google (somewhere) fill in your current country using IP geolocation or previous indication and then stupidly place it in a hidden field or cookie, trusting that it remains unchanged later.
Men, women and fellow developers: anything stored client side is changeable... don't do it!
As for your account being disabled, it sounds like there was a mixup. I suggest you contact Google about this ASAP.
The scenario Google is fighting is probably something like an edit address form which doesn't allow you to change the country, but may happily accept a new country if you modify the POST data yourself. Poor code on Google's part, as in all cases of 'tamper data' being able to achieve something the browser cannot.
| 10:51 am on Nov 20, 2009 (gmt 0)|
Did you change location recently? Maybe your current ip does not match your country anymore.
I heard some people somehow changed their AdSense country to have an EFT option to be able to transfer money from AdSense to Payoneer debit card.
| 12:02 pm on Nov 20, 2009 (gmt 0)|
They actualy gave you a REASON for closing your account. Wow !
Now all you have to do is convince them in your appeal that you were not at fault. You will need all the luck, but first atleast understand what caused this ban. Looking at your posts, it seems you are unaware of this new reason.. same as many of us here, I am sure, including me.
| 6:35 am on Nov 21, 2009 (gmt 0)|
It finally struck me.. they have given a reason which No One Understands ..
Finally they start to communicate, but then we can't understand what the heck happened?
Maybe ASA can clarify this new development.
| 12:10 pm on Nov 21, 2009 (gmt 0)|
This incident made me worry a bit. I just moved to another country but didn't change my adsense address because I have access to my bank account where eft lands.
| 8:32 pm on Nov 21, 2009 (gmt 0)|
Well, Im overseas, and my account is "on USA". I had no problems whatsoever.
| 6:11 pm on Nov 22, 2009 (gmt 0)|
These tools have been there since long. Even if these addons are stopped by firefox, many like paros, burp, etc. would continue to live. Only way out of this is to write good "server-side" code and not rely entirely upon client side data, yes this may increase processing but would help in the long run. Some tips for anyone interested:
-> Always check for all form fields for minimum/maximum lengths, referrer information and server side session data if required.
-> Try avoiding storing important information in client side cookies. Client side cookies are only important for not-so-important data.
-> Always escape quotes in your sql queries, also add a semi-colon (;) when creating queries.
-> Always escape data that will be presented as-is on different pages, for instance a news data item or an article posted by your user might consist of certain tags like iframes, <script> tags, etc. So its always good to escape them before retrieving the code from database and showing as-is.
Hope that helps! Be secure.
| 6:35 pm on Nov 22, 2009 (gmt 0)|
Agreed rash. I've always accepted it was easy to change hidden fields in forms. Didn't know quite how easy until I looked up this Tamper addon. All external data needs validating server side.
I would have thought that if Adsense isn't following your recommendations then it's entirely their own problem. Seems an odd reason for a ban, and more a reason for saying "thanks for pointing out the great big hole in our security".
We all program failure modes into our server side validation. Mine are intended to catch errors and confuse hackers. I have a lot of fun with them.
It seems Adsense might be going for the normal Google approach of guilty until proven innocent (without actually having any real options for proving innocence).
Odd if I can have fun, but Google needs to get all paranoid.
| 6:45 pm on Nov 22, 2009 (gmt 0)|
Hackers often used proxies that are programmed to do some of these things in order not to have the slow reaction that tamper data gives.
But we dont know if the OP's account indicated where the OP lives correctly.
If Google discover that's off they might well dig deeper and start to dislike you very fast.
| 4:38 am on Nov 23, 2009 (gmt 0)|
|We all program failure modes into our server side validation. Mine are intended to catch errors and confuse hackers. I have a lot of fun with them. |
Yes, indeed many of us do that and its really fun to imagine them scratching their head at logic they can't really expect beyond basic ciphers like MD5s or captchas as also advanced ones like DES.
|Hackers often used proxies that are programmed to do some of these things in order not to have the slow reaction that tamper data gives. |
Yes, proxies is the best weapon they can have. Even more dangerous is chain proxies. However many networks like Google is capable of detecting open proxies. So many of the wanna-be hackers get caught into it. If any of the hackers are rolling their eyes at this thread, be warned that if you get caught the repercussions are severe. Instead focus yourself on securing people ;)
dthamu - Please send a email to Google adsense support and hope that they "manually" check your account and reinstate it if you haven't done anything wrong. However, I suppose the adsense support is way too slow.
| 1:30 am on Nov 26, 2009 (gmt 0)|
Apparently some people are trying to use AdSense on their site even if they're based in countries where AdSense is not currently permitted.
Google are apparently accusing dthamu of using Tamper Data to modify his actual location to match the country that he declared when signing up to AdSense, to get around the fact that AdSense is not permitted in his locale. Though surely their email should say "falsify" and not "modify" if that's the case?
| 5:14 am on Nov 26, 2009 (gmt 0)|
Yes UserFriendly, I suppose you are right, Google might be overloaded but it ain't stupid to ban people just like that, since the message from G says - "tamper data was used to modify the country on your account". This can only happen if he was logged on (authenticated), suspicious huh dthamu!
| 8:36 pm on Dec 5, 2009 (gmt 0)|
It really sounds more like a phishing email, and if you clicked through and entered your login details, then your passwords etc would have been changed pretty fast so it will then look like your a/c was disabled, even if someone else had just accessed it and blocked you out.
I can not believe that Google cancel accounts due to ip location changing, people move around, use proxies etc, it would cause havok if they did that.
| 12:38 pm on Dec 6, 2009 (gmt 0)|
Chandrika, I suppose the email is in relation to "logged in (authenticated) user settings" and not just seeing your website with proxies or from different locations.