Welcome to WebmasterWorld Guest from 54.147.44.93

Forum Moderators: incrediBILL & martinibuster

Message Too Old, No Replies

Adsense by a hacker?

     

morpheus83

9:11 am on Jul 20, 2005 (gmt 0)

10+ Year Member



Was browsing through my site and noticed a 300 x 250 adsense box at the bottom of the page Which I had not inserted. The publisher code was not mine. When I refreshed the page the ad was gone. This has happened thrice now it seems someone has managed to hack my site and inserted the code or can it be spyware? What action can I take? Report the publisher id to google.

ann

10:48 am on Jul 21, 2005 (gmt 0)

WebmasterWorld Senior Member ann is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I use this script also but I got it several years ago and it does not have any of that in it....must have new and/or greedy owners.

Ann

Freedom

11:44 am on Jul 21, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



For ZoneMR

Google Program Policies:

A site or third party cannot display our ads, search box, or search results as a result of the actions of any software application such as a toolbar.

Very similar in the case of the Refer a Friend script.

You should also read Jenstar's recent thread breaking down the new policy changes on July 15:

In addition, You agree that while You may display more than one (1) Ad Unit on each Site Web page, You shall not display any Ad Unit on a page that contains Ads associated with another Google AdSense customer (e.g., Your Web hosting company), unless authorized to do so by Googleor such other AdSense customer, if authorized.

Jenstar Summary: This helps clarify the section of the terms that has been confusing, and gives AdSense the ultimate control over where ads by more than one publisher appear on the same page during a single page view. Previously, as long as you had permission of the other publisher whose ad unit(s) also appeared on the same page at the same time, you were permitted to do it. This change now means that you must seek Google's approval before two publisher's ad units can be placed on the same page together during the same page view

[webmasterworld.com...]

EVOrange

1:20 pm on Jul 21, 2005 (gmt 0)

10+ Year Member



morpheus, just to clarify.

You used a script on your site for some function that you got from another website and in the code, they are able to insert their AdSense ads on your site?
Is that correct?

EVO

frox

2:54 pm on Jul 21, 2005 (gmt 0)

10+ Year Member



EVO, the interestng bit is the following.

<script src="http://xyz.com/s/?ID=3123&SL=http://www.xyz.com/images/announce.gif">

That is, it looked like a normal image but, being loaded in a <SCRIPT> tag, it could also contain a script.

Usualliy (as in adsense) this line looks like this:
<script ... src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

That is, you immediately see that you are loading a javascript.

The .gif extension, in this case, was misleading, as one would assume to be loading just a gif.

I guess that what was happening was the following:
1) you load a file called "announce.gif"
2) regardless of its name the file is not a GIF, it's a javascript
3) this javascript displays an image, then proceed to do something else (such as displaying ads)

the result is that the user sees the filename announce.gif, sees an image in the browser and very easily does not really realize that a script is being executed within its page.

This is a form of "cross site scripting" and is generally VERY dangerous, you should never allow javascript from someone else to be run into your page, as it gets in the security environment of your page.

Just for an example, if your site www.good site.com stores the password in a cookie, usually this cookie is not visible to other sites.

But, if in your page you do <script src="www.bad site.com/script.js"> then you load the "script.js" in your site. This script can now see the cookie of www.good site.com and if needed send it to the bad guys at www.bad site.com

So, importing a script from a site you don't have control is always a way of lowering your defenses.

This includes the scripts you load from Adsense, of cource, but in this case there is all another degree of reliability..

morpheus83

4:16 pm on Jul 21, 2005 (gmt 0)

10+ Year Member



morpheus, just to clarify.
You used a script on your site for some function that you got from another website and in the code, they are able to insert their AdSense ads on your site?
Is that correct?

EVO

------------------¦¦-----------------
Yes the script was a Email to friend script. It was working fine when I added it to my site. However a couple of weeks later I got an email to add the new code. But I did not do it. So the link disappeared and there was nothing displayed. A week back this adsense fiasco started.

incrediBILL

7:07 pm on Jul 21, 2005 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



BTW, just in case you've not noticed a bunch of GIF/JPG image ads these days are actually crafted to LOOK like an AdSense ad, but it's just an image that has text on it.

Maybe this is what you saw?

frox

8:25 pm on Jul 21, 2005 (gmt 0)

10+ Year Member




Maybe this is what you saw?

He was speaking of the publisher code inside the javascript...

morpheus83

2:37 am on Jul 22, 2005 (gmt 0)

10+ Year Member



It was not an image made to look like adsense ad. It was an adsense ad as in the script <script src="http://xyz.com/s/?ID=3123&SL=http://www.xyz.com/images/announce.gif"> the announce.gif was pointed to my website it was an email to friend image. [wwWebmasterWorldebsite.com...]

Jenstar

2:46 am on Jul 22, 2005 (gmt 0)

WebmasterWorld Senior Member jenstar is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I investigated it too, and it was definitely a third party using a javascript to insert AdSense into webpages they did not own without permission. The site that offered the script apparently changed hands recently, and it was switched to running this rogue AdSense on others sites who had left the script online.

It was set to only show the ad once every two days, so it could have been easily missed by webmasters, especially since these kind of scripts are often placed below the fold.

AdSense is aware of the situation.

And technically, any third party javascript you place on your site could do this.

billhunter

8:44 pm on Jul 22, 2005 (gmt 0)

10+ Year Member



It might be the problem of your ISP's DNS.

AdSenseAdvisor

9:14 pm on Jul 22, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hi all -

Thanks for the information posted on this thread. We've worked to resolve the issue, and you should no longer see Google ads from this network appearing on your sites. Apologies for any confusion or inconvenience and thanks again for helping us identify the problem.

-ASA

too much information

8:56 pm on Jul 26, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Sorry to bring this one up again, but I had my site hacked this weekend. They used a security flaw in my Drupal setup and created their own index.html file with their adsense code on it.

I think I have all of the holes plugged now, and I did send the publisher ID on to Google so hopefully something good will come of this.

Is there any way to use the publisher ID to search for other sites that show this person's ads? I would really like to know more about my hacker.

jomaxx

9:53 pm on Jul 26, 2005 (gmt 0)

WebmasterWorld Senior Member jomaxx is a WebmasterWorld Top Contributor of All Time 10+ Year Member



ASA, since you're speaking in the past tense I assume the ads are now gone.

The other day I came across what I think is the exact same thing happening on another site. I assumed it was this same network, but Google ads are still showing as of now. They are actually superimposed over the website's content. I will sticky you the details and you can handle it as you see fit.

morpheus83

8:21 am on Aug 3, 2005 (gmt 0)

10+ Year Member



The publisher is banned. :-)

Freedom

8:58 am on Aug 3, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



How do you know this morpheus?

morpheus83

9:36 am on Aug 3, 2005 (gmt 0)

10+ Year Member



Jenstar has posted on her blog.

Freedom

9:42 am on Aug 3, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Really, I need to start reading her blog.

invisible

10:33 am on Aug 3, 2005 (gmt 0)

10+ Year Member



I just received an email from Adsense support saying that -

We found that you're displaying Google ads on pages ("Stupid Porn Name.com") that include profanity in the site URL or content of an adult or mature nature. AdSense publishers are not permitted to place AdSense ads on pages with such content. As a result, we have disabled ad serving to these pages.

I have absolutley nothing to do with the site and know nothing about it.

I then receive an email from my hosting company saying that my server has been Hacked. I have a dedicated server with one of the biggest companies.

I presume this is something similar to this post. But the hackers must be using my publisher ID for Google to associate it to my account.

What's up? How do I stop this?

Thanks

vincevincevince

10:38 am on Aug 3, 2005 (gmt 0)

WebmasterWorld Senior Member vincevincevince is a WebmasterWorld Top Contributor of All Time 10+ Year Member



It's not necessary to hack your server to get your publisher ID - they can just view your page source!

Maybe it's a competitor trying to get you kicked out from adense. Made or picked up for peanuts a 3rd rate porn site and stuck your adsense all over it, waited a couple of days and reported it as adsense abuse.

Luckily for you Google only trimmed those pages, but I should definately email them to let them know that it wasn't you who place the ads there. Next time it happens it will be a pattern and you mightn't be so lucky.

morpheus83

10:57 am on Aug 3, 2005 (gmt 0)

10+ Year Member



Search on whois for that site and email to adsense saying the site does not belong to you. I am sure this must have been done by a competitor.
This 50 message thread spans 2 pages: 50
 

Featured Threads

Hot Threads This Week

Hot Threads This Month