homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Google / Google AdWords
Forum Library, Charter, Moderators: buckworks & eWhisper & skibum

Google AdWords Forum

Hackers all over Google
Turkish hackers running rampant

 6:18 pm on Nov 16, 2006 (gmt 0)

For the past year Hackers from the country of Turkey have hijacked Google Ad Words. There have been many posts about this in the past. Google still has not resolved this issue.

If you type in almost any major foreign city + hotels you will see a bunch of ads that have incorrect grammar, capitalization, ads overloaded with commas, ridiculous fake display URL's and a lot of nonsensical ad copy. These are the hackers from Turkey. Type in keywords for dating and you will see similar ads. These too are the hackers from Turkey.

They have gotten a free ride for a year. Google either can't or doesn't care enough to stop them. They use bogus or stolen credit cards and get free clicks and make money from affiliate programs. The consequence of their actions are that its costs honest advertisers money in higher clicks, unfair competition and ad rankings.

I would love to get a response from Google other than they aware of the problem and trying to resolve it. Any suggestions on how to stop this?



 6:26 pm on Nov 16, 2006 (gmt 0)

I tried a dozen cities and didn't see any problem ads. Can you list some specific cities for which you're seeing the problem ads? I already tried London, Paris, Berlin, Madrid, Rome, Cairo, Moscow, Seoul, Tokyo, Bangkok, Singapore, Beijing


 7:39 pm on Nov 16, 2006 (gmt 0)

Sounds like a virus and not a Google problem to me.



 7:49 pm on Nov 16, 2006 (gmt 0)

This has been Acknowledged by Google dozens and dozens of times to me. They remove the ads and then they re-appear within minutes with new accounts. I have NUMEROUS of emails explaining that they are working to stop these hackers. It is 100% Hackers from Turkey - ABSOLUTELY!

I had talked with people in management and they are fully aware of the problem. This has been going on for a YEAR! I have sent well over 100 emails. All I get in response is that they are aware of the frauduent activities and their engineers are working hard to combat the problem.


 9:28 pm on Nov 16, 2006 (gmt 0)

Bizarre :)

WW MemberName

 9:33 pm on Nov 16, 2006 (gmt 0)

They might have blatant problems in Turkey, but at least they rid their network of most of the dreaded affiliate marketers. The world is a safer place, thanks Google.

It's the 'ole 80/20 rule, spend 80% of your time on 20% of the problems that in the big picture, really donít matter...


 10:12 pm on Nov 16, 2006 (gmt 0)

I got similar issues in the past with keywords I bid on.
Someone was bidding lots of money (using a stolen credit card probably) the landing page was nothing to do with the keyword and they kept on top of the Adwords ads for a couple of days, until Google shut them down. But it is 100% hackers from Turkey, they can be from any country.


 10:48 pm on Nov 16, 2006 (gmt 0)

Actually, these ARE affiliate marketers!

Typically, these guys game the system by taking advantage of lax checking of redirects by Google.

It is not immedialy apparent until you actually examine several ads in the categories mentioned. If you do, you will typically find several ads that lead to the same affiliate parent. The display and destination URLs will not match the landing site.

I haven't checked on this lately, but this was the case the last time this came up here, a couple of months ago. It's amazing that Google still hasn't fixed it. It should be easy enough to enforce the rules on redirects.

Of course, then they would still have a problem with stolen credit cards. This is a double-edged sword for them. First, they are going to get charge-backs on the cards. Secondly, using stolen cards, they can bid as high as they want, pushing out legitimate advertisers.

I don't understand why Google can't/won't clean this up.

Don't want to beat-up on Turkey, but, yes, when I looked into this, the offenders were all in Turkey, or at least that was the location given in the domain registrations. Maybe there is some unique legal status that makes it difficult for Google to deal with this. I dunno.

My wildest theory would be that it has something to do with Google's, shall we say, "special" relationship with U.S. government security interests. They may have reasons for wanting these ads to continue to run. Say, because those placing the ads are people that somebody wants to find but hasn't yet, etc., because the ads contain coded messages that interests want disseminated, etc.

Hey, I said it was wild...

But it almost seems more plausible than the notion that Google simply doesn't have the ability to deal with this kind of fraud.


 12:40 am on Nov 17, 2006 (gmt 0)

...The display and destination URLs will not match the landing site.

I assume you mean the display url in the ad and the absolute url displayed at the final landing page don't match. Nothing inherently wrong with that. The rules say the domain name of the display url and target url in the ad need to match. This assures that displayed domain name is not misleading. If the target url is a 3rd level domain or a vanity domain name used for referral tracking, and is redirected to a particular interior landing page of a larger site, that is done all the time.

... It should be easy enough to enforce the rules on redirects.

What rules on redirects? The only rules I am aware of is that the final landing page accurately reflect what the ad offers, which is an editorial rule, probably not easy to determine in some cases. I think that if it is easy to determine with algo, then it enhances QS. If not easy to determine by algo, bye-bye QS.

The only real solution might be to establish manual review requirements for all ads placed from certain IP blocks before new ads and campaigns are allowed to run. But if they do that, you would hear cries of discrimination! from all corners, and the perpetrators would simply setup their ads from somewhere else, like a dial-up AOL account, so it looks like it came from Virginia instead of Turkey.


 12:52 am on Nov 17, 2006 (gmt 0)

The rules say the domain name of the display url and target url in the ad need to match.

Perhaps my response could have been clearer.

The domains names in the display URL and the final landing page do NOT match. The display URLs ARE misleading. And there are multiple ads on the same page that reach the same landing page.

These are gross violations of the policy, which have been permitted to go on now for at least 6 months.


 3:30 am on Nov 17, 2006 (gmt 0)

Yeah its terrible.
Google does not want to do anything towards it. As of this moment, from my side of the pond they have 3 ADS! (one in the blue area) other two top right side, for a major capital city in Europe.
Ppl in the know can easily recognize the ads. One of the landingpages is well known with google, as they use this URL from time to time, the other 2 are towards 1 affiliate program.
Ohh, on a sidenote none of the display URL's in the ads will bring you to the Actual URL.


 4:15 pm on Nov 17, 2006 (gmt 0)

I am not seeing whaat you are seeing. Just legit ads with legit content and useful relevant services and no spammy sites in the ads. Maybe it's a geolocation thing (I'm testing from Germany)?


wired in asia

 3:20 am on Nov 18, 2006 (gmt 0)

It's an ongoing problem. It was first pointed out to google well over a year ago. Same Turkish guy - well we assume he/she is Turkish due to WHOis record - posts ads under top raking keyword combinations (travel related).

I have been pointing out these ads to google on a daily basis. Google then removes the ads within 24 hours.

I think google has a real problem with these ads as the person always uses different/new domains. I guess he/she is also posting from various IP addresses (easy done with anonymizer).

Problem is that he/she drives up the bids. So if not pointed out promptly, bids easily jump US 0.10 overnight!

I believe if google wanted to, they could identify the offender. But I guess legal team advised that there is no chance to legally pursue this, as it is an cross border affair. So for over a year now no pro-active action is taken.


 3:47 am on Nov 18, 2006 (gmt 0)

I did recieve a phone call from Google and they stated that they have numerous upset advertisers in regards to this. Once again they confirmed they are working aggresively on this. It has been a year and even at this moment I see numerous fraudulent ads. I will patiently wait and waste more money for a few more days (even as Google goes home for the weekend). Let's see what happens next week .. this is INSANE!


 5:23 am on Nov 18, 2006 (gmt 0)

I don't know (or care) what the nationality of the advertisers are, but I have seen several ads (#1 position) where the displayed URL is not the same where one is taken when clicking on the ad.

It goes to an other domain with a clear affiliate link.

No redirect.

[edited by: Tapolyai at 5:24 am (utc) on Nov. 18, 2006]


 5:56 pm on Nov 22, 2006 (gmt 0)

This kind of fraud appears to be rampant.

Here's another example I just found. I bought a "pre-publication" revision of a popular tech book as a PDF, and wanted to see how much it would cost to print and bind it at that big printing and copying chain that's now owned by the big express company. It was frustrating finding prices on their site, so I used Google to search for "<company name> online printing prices".

The first ad shown, in the blue box, appeared to be from the company itself and I figured maybe they were smart enough to lead me right to prices, since I searched for prices. The display URL was the company's domain. (The express company.)

Of course, I was even more angry at <express company> when this just got me their home page. Darn it, I asked for prices!

Then I noticed something funny - the domain in the browser was was NOT <express company>. It was "mysmallwidgetcenter.com". Oh, I checked the registration - it's registered to a company in Canada.

I thought at first they were framing <express company> but what they have done is much more blatent - they have copied vast amounts of material from <express company's> site and put it on their own site. The HTML mixes references to their own files and <express company> - for example, they are hosting all of the images.

This is yet another clear fraud that Google not only allows to occur, but it runs in the blue box at #1.

The dead giveaway, though, is the URL in the browser bar, that does not match <express company>. WHY doesn't Google check and enforce this?

P.S. Upon further investigation, it appears this COULD be legitimate. I checked the company the site is registered to, and it's a company that "creates valuable relationships for market leaders", "working with global organizations to initiate, broden, and deepen customer relationships".

I've going to leave my post, because it provides a valuable lesson for Adwords users. Notice that I abandoned my search. I stopped and said "what is going on here?" I decided the site was probably not to be trusted. That is what people are going to do if you bring your trust into question by displaying a URL that doesn't match the website! Even if you think you have some legitimate reason for doing this, DON'T!

The problem for Google, as well, is that if they allow the policy to be violated in some legitimate cases, it weakens the trust factor in the URL.


 6:18 pm on Nov 22, 2006 (gmt 0)

Someone hacked into my personal AdWords account several months ago and spent ~$20 driving traffic to a blog disparaging a guy named David Lamond (random). It's not outside the realm of possibility that unscrupulous people are able to get into large numbers of AdWords accounts and spend others' money for their own ends.

In the PPC world, *that* is the definition of a virus.


wired in asia

 7:39 am on Nov 24, 2006 (gmt 0)


i think there is really no way for google to monitor this. one could argue that newspapers cannot be held liable for advertiser content, however newspapers are not PPC.

this is just one of many issues where googles position is quite weak. I figure as all this is pretty new, google gets away with it. However once PPC matures this will need to be addressed.

the before mentioned case ('turkish'spammer) is easy to spot by google. domain names are wicked.. widgets.home.more.dot.biz

he also vilates the rule on forwarding. again google does not enforce this.


 9:09 am on Nov 24, 2006 (gmt 0)

Yes - seeing lots of this too - most of the sites are from Turkey or Korea as far as I can see.

Pretty easy to spot - use numerous websites that all seem to "appear" simultaneously. Usually very high bids and then directing people to a landing page that just pushes the visitor on to other sites (often Overture, Google and Miva listings).

Absolutely no content contained on the sites other than a list of ads.

Presume Google are happy to see them stay put initially because the bids are so high...although I assume this scam must involve payment via stolen credit cards (can't see how else the bids could remain so high), so presume that the big G doesn't receive any money when it tries to bill.


 5:27 pm on Nov 24, 2006 (gmt 0)

i think there is really no way for google to monitor this.

It would be incredibly easy for Google to monitor and prevent. Simply add an automated check to enforce their policy. What's the domain name in the display URL? What's the domain name in the ultimate destination (after following any redirects)? Do they match? It's almost trivial. They already crawl the destination for "quality score", what's the big deal with checking the URL?

I assume this scam must involve payment via stolen credit cards (can't see how else the bids could remain so high), so presume that the big G doesn't receive any money when it tries to bill.

Don't bet on Google not getting the money.

Scamsters are smart. Take pfished eBay accounts. Once they are harvested, the accounts are cherry-picked. The best accounts are those with good feedback but are inactive. That way, they can take over the account and operate for an extended period before the account is shut down.

I'd assume the same thing happens with credit cards. I'd imagine the best credit cards are those with high limits and owner known to be out of the country, corporate card, known to have an automatic payment set-up, etc.

Many of the charges are probably never challenged.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Google / Google AdWords
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved