This isn't common. I'd first check with the webhost or datacenter. If they're shady, they might have been doing this since they have physical access to your machine. Do you see any FTP access logs other than you connecting to your server?

By the way, don't forget to report the PUB-ID in the new code you discovered to Google.

35 SITES, and still checking 277 SITES?

SITES or PAGES?

Probably your server got hacked.

Or, like Alioc said, maybe someone from your webhost/datacenter did this.

I hope Lana meant 277 more "pages" and not "sites"!

But yes... it sounds like a hack job.

I have 277 adsense sites (many are subdomains) that I'm manually checking. I have a dedicated server. Trying to figure out how to check the ftp access log.

Lana

[edited by: martinibuster at 12:36 am (utc) on Mar. 19, 2006]
[edit reason] Removed specifics. [/edit]

Can someone explain in simple english how I check the ftp access log? <snip> keeps sending me tech stuff that I don't understand.

Lana

[edited by: martinibuster at 12:37 am (utc) on Mar. 19, 2006]
[edit reason] Removed Specifics. [/edit]

How could anyone expect to get away with this? Don't they think the hackee will notice when the stats all drop to zero? Plus it takes 1-2 months for Google to cut a check for money earned, and of course the hacker's account is easily traced.

Ironically, I received one of those stupid "remove my website from your scraped results" emails. In the process of trying to find this jerk's link, I noticed that my adsense code was changed on that domain. Then I started thinking about the drop in my adsense income which started during the last three weeks. I went back to my adsense tracking and index tracking software. I noticed that I had not been deindexed, I had traffic, I had clicks, but when I checked my Google account, there was no credit for my domains with the highest traffic. I just started purchasing a buttload of prebuilt adsense sites, so I was in the process of building blogs to get the sites indexed and hadn't paid much attention to the drop in income.

1.Check your logs in /var/log/messages for any interesting messages which might
have been logged by a ftp server if one was present

When I asked what did this mean I received the second reply:

You can do it using following command on shell as a root user.
#cat /var/log/message ¦ grep <username/domain.com>

When I asked what is a shell and how specifically do I do this, I received the third reply:

A shell is the command line for linux, similar to the DOS Prompt of windows. You use a program such as PuTTY (free software) to connect to it. This allows you to fully control your server.

?

Lana

[edited by: martinibuster at 12:38 am (utc) on Mar. 19, 2006]
[edit reason] Removed specifics. [/edit]

"Ironically, I received one of those stupid "remove my website from your scraped results" emails. In the process of trying to find this jerk's link..."

This guy is a jerk? Now I understand how you have 277 "sites".

If your website is in google's search engine results, does anyone complain? I use a private search engine to build some, not all of my websites. Still no excuse for someone to steal my income.

Lana

I don't have a forum on any of these domains.

Lana

You said: "If your website is in google's search engine results, does anyone complain? I use a private search engine to build some, not all of my websites. Still no excuse for someone to steal my income."

Pardon me, but I'm a bit confused --

1.) Are you saying that at least some of what you call 'your websites' began or exist as others' sites and that you 'built' them elsewhere?

2.) Is what you're calling "my income" generated from ads you've placed on your (re)built, online versions of those other sites?

3.) When you refer to domains, do you mean you own 200-plus domains, or do you mean you have multiple 'domains' listed off a main site? (Like, oh, www.example.com/www.example2.com)

you probably need to read up on whatever os your dedicated server is running.
Seems kinda asking for trouble when you dont know how to check ftp logs and you expect to run a server.

What hapens when there is a security alert and you need to recompile a patch into apache webserver or somthing?

Unless its a managed server in that case just tell whoever manages it that you have been rooted and it needs to be fixed.

Changing the adsense code back to yours is just the start of it, you need to find out what comprimised it in the first place or you will have a loosing battle replaceing adsense code on multiple files is a trivial task done with a one liner in the shell, if you are doing a manual fix its gonna take you 2 days what the hacker did in under a minute.

Check what the costs of a managed server is to avoid this happening again while you learn what you need to know to manage it yourself

Welcome to WebmasterWorld, Lana.

It looks like some of us may have forgot our manners.

WBF

A couple of miscellaneous points...

1. Don't use FTP or Telnet if you can possibly help it as they are not secure (i.e. encrypted). This is a security risk in itself. Use Putty as mentioned by your host, and a file transfer client based on that such as WinSCP.

2. Most webmasters here don't care for scraper sites such as you are describing, so suffice it to say you will probably get a rough ride on that subject.

Anyway good luck tracking down the source of the problem. If it does turn out that your server was hacked into, you might have no choice but to wipe the HD and start over. Anyway take your web host's advice on the matter.

Thanks for the feedback :)

Lana