Welcome to WebmasterWorld Guest from 18.104.22.168
You can also check your host and see if there were any ftp logins that were not you, and check the dates via FTP on those pages, to see if they are different than they should be.
By a stealware you don't even notice something's wrong.
The code is changed on the fly and your click is credited to someone else.
Pity, but noone except webmasters cares about it.
Advertiser gets a lead, Google gets a click, everybody wins.
Well... almost everybody.
Please DO report them to Adsense, this is clearly a thievery and out of the TOS, as you cannot
(vi) directly or indirectly access, launch and/or activate Ads, ... in, any ... other means other than Your Site(s) ...
Plus, I can't imagine the consequences of having your website linked to a banned website or account by means of their publisher ID
Add the paranoia they have inflicted on you, and the loss of time they caused to you.
I am usually less harsh but in this case they deserve to be punished at full extent.
First, via FTP sort the files on the server by date and anything recently modified will be immediately obvious.
If you're hacked, remove the code and set a trap in the event they come back.
You'll want your ISP to change a few files with "chattr +i *" which sets the immutable bit. Basically this means that nobody can alter the file unless you remove the immutable bit "chattr -i *" and this can't be done via FTP, only via the command shell. If you find new code injected back into your pages then you know they have unrestricted shell access via some vulnerability and it's a complete hack, you're not in control of the box at all.
Another possibility is that you use the same password you use on forums as you do on your ftp or website. There is nothing stopping a person who is running a forum from collecting the passwords people use to sign up for the forums. Lets say you signed up for a forum where you promoted your website and when you signed up you used the same password for the forum as you use for your website account. Same principal could be applied to free email accounts or free website accounts, you get the picture.
I happened to notice a couple -slightly- suspicious files on the root of my IIS server a couple months back, with names like 'hacked.htm', 'el1tegr0up.htm' etc.
Turns out somewhere along the line I had loosened up the site permissions, allowing site 'write' and remote scripts & executables to be run by IUSER. There is a very well known exploit that will let the anon user do basically what they want.. in my case, I was extremely lucky that the default permissions of files created by the IUSER account were set to 'no-read, no-write'.
So, they could manage to upload their hack pages with scripts and all kinds of goodies, but could not access them (permission denied). It's just one more toggle on the security to loosen it to the critical point, and apparently many many people were hit by this one.
Someone with this type of access could very easily pull a covert Adsense highjack.
Do a search for 'IIS 6 Remote Buffer Overflow Exploit'
Your account didn't get hacked. You chose to install an advertising-supported script.
If the author of the script wasn't upfront and didn't clearly state that the script is ad supported, then it's a dishonest practice, but I'm not sure if it violates Google's TOS.
If you choose to copy+paste 3rd party code onto your site, you should at least read through the code to make sure it doesn't have any 'surprise features' like this.
I'm not sure if it violates Google's TOS.
as far as I understand it, you cannot put Adsense on someone else's site:
other means other than Your Site(s)
and yes, the very pertinent question is: did the author say it was an ads-supported script?
morpheus83, could you pleas sticky mail me the URL of the script?