Welcome to WebmasterWorld Guest from 54.167.86.132

Forum Moderators: incrediBILL & martinibuster

Message Too Old, No Replies

Off topic ads result of a hack?

     
12:57 am on Oct 31, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 3, 2004
posts: 88
votes: 0



System: The following 14 messages were cut out of thread at: http://www.webmasterworld.com/google_adsense/3141247.htm [webmasterworld.com] by jatar_k - 10:02 am on Oct. 31, 2006 (pst -8)


Not sure what is going on, but one of my sites is now displaying pharmacutical ads - definitely not my niche. Only the homepage, and all three Adsense ads are displaying ads for "phentermine"...whatever that is. Looks horrible, and I'm a bit worried if this is an Adsense problem or something on my end.
1:12 am on Oct 31, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 25, 2006
posts:1344
votes: 0


What is phentermine?

Phentermine is a sympathomimetic amine, which is similar to an amphetamine. It is also known as an "anorectic" or "anorexigenic" drug. Phentermine stimulates the central nervous system (nerves and brain), which increases your heart rate and blood pressure and decreases your appetite.

Phentermine is used as a short-term supplement to diet and exercise in the treatment of obesity.

---------------------------------

Defined in a website I googled... me thinks Google is on Phentermine, lost too much inventory so you're getting crappy ads ;)?

6:37 am on Oct 31, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 27, 2003
posts:1642
votes: 0


andrewshim: offtopic 'phentermine' ads may mean you have been hacked - check your site for unexpected content.
Note that the hacks may only show to bots - even if the site looks clear, check your google cache and your referring keywords for stuff that shouldn't be there!
7:10 am on Oct 31, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 25, 2006
posts:1344
votes: 0


thanks leadegroot, but it was southernmost who was having the problem with phentermine ads. I was merely giving the definition of phentermine.

anyway, off-topic ads are a common occurance every now and then.

2:31 pm on Oct 31, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 3, 2004
posts: 88
votes: 0


leadegroot: HOLY CR*P! I just check the source code of the Google cache and there is a world of code that I didn't put there...mostly for phentermine.
How did someone do this?
How do I correct this?
2:41 pm on Oct 31, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 25, 2006
posts:1344
votes: 0


if you're not running your own server, call your webhost PRONTO!
4:38 pm on Oct 31, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 3, 2004
posts: 88
votes: 0


andrewshim: I just spoke with my host and had them change all the passwords: ftp, contol panel, and e-mail.
next I scanned my entire system with Microsoft Windows Defender...nothing came up.
I'll next scan with Norton.
Once I'm sure my computer is clean I'll upload the original files. (my local files aren't changed...just the ones on the host/remote server).
Any other suggestions?
5:04 pm on Oct 31, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:May 12, 2004
posts:533
votes: 0


sounds like there is hole somewhere, i'm no expert but i know a few hacks in PHP that can allow entry through badly built apps.

Are you allowing any file uploads on any sites using PHP, or have any outdated open source projects that may have known vulnerabilities on them?

5:27 pm on Oct 31, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 3, 2004
posts:88
votes: 0


no, the site is straight static html.
still can't find anything viral/malicious on my system.
i called the host again and asked them to check other sites on the same server to see if their server was hacked.
6:06 pm on Oct 31, 2006 (gmt 0)

Administrator

WebmasterWorld Administrator jatar_k is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 24, 2001
posts:15755
votes: 0


I split this out to give you your own thread southernmost
6:26 pm on Oct 31, 2006 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14643
votes: 93


So they didn't install any sneaky redirects to drive traffic elsewhere?

Just cloaked data to attract specific types of ads?

I wouldn't touch a THING before contacting AdSense support as it's possible one of their AdWords advertisers is in fact a hacking criminal.

This type of thing deserves being escalated as a more serious computer crime, especially if you lost any significant amount of income from AdSense as depending on the amount, it could be yet another felony count.

7:16 pm on Oct 31, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member jomaxx is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 6, 2002
posts:4768
votes: 0


leadegroot, I guess you were right, but what prompted you to suggest that? I would have put being hacked quite low on the list of reasons for off-topic ads.
8:00 pm on Oct 31, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 3, 2004
posts:88
votes: 0


mod: thanks for breaking this out to it's own thread. took me a while to figure where it was.
yes, the site was hacked.
I would post a copy of the injected lines of code (over 1000 lines...all were links to phentermine, mortgage calculators, wedding rings, and a few other mega-spammy items.
my host seems clueless.
at one point, they said it was due to a product of theirs "that was included with my site" that increases search rankings! AHHHHHH!
The off topic ads were displaying because the lines of code outweighed the rest of the page, and so phentermine and morgage ads.
I've changed my username & password on the ftp, and uploaded the correct files.
But without knowing why this happened (it didn't happen on my local files, and my system was scanned three ways and came up clean) I'm worried about what to do.
Probably I should change hosts. Ya think?!

[edited by: jatar_k at 10:47 pm (utc) on Oct. 31, 2006]
[edit reason] no specific hosts thanks [/edit]

8:58 pm on Oct 31, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 27, 2003
posts: 1642
votes: 0


jomaxx: because it happened to me!
I saw a PPC-related search engine query in my logs and knew there was nothing like that on that site.
It was the first thing that occurred to me when I read the OP!
Still no idea how my site was hacked (low quality, cheap hosting for a site thats not an earner. I think theres an obvious explanation there.... ;))

southernmost: glad I could help! Odds are you won't know how they got in, first step is to clean it all up :)

incrediBILL: how on earth would an adsense ad introduce a hack onto the site? Its run in javascript on the end client, not the back end? I'm thinking a normal everyday site hack, myself.

10:49 pm on Oct 31, 2006 (gmt 0)

Administrator

WebmasterWorld Administrator jatar_k is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 24, 2001
posts:15755
votes: 0


I don't know if changing hosts will change much. I would try to figure out how the code was injected first, otherwise you may have the same hole exploited again.

are they db generated pages?
are there any scripts in use on your site?
did you keep a copy of the pages before you changed them back as this may offer a clue?

11:44 pm on Oct 31, 2006 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14643
votes: 93


IncrediBILL: how on earth would an adsense ad introduce a hack onto the site? Its run in javascript on the end client, not the back end? I'm thinking a normal everyday site hack, myself.

Um, did I imply otherwise?

I think it's a normal hack too, but how are they making profit was my point.

You either redirect traffic to a site, or you must be trying to get ads from the bandit to appear to gain money, what other options are there?

Therefore, if no traffic redirect is present, I'm assuming someone using AdWords was responsible for the hack to get more click-thrus to their ads.

12:24 am on Nov 1, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 3, 2004
posts:88
votes: 0


the pages are not generated with a database or any other dynamic method.
They are simple html.
the only script is the adsense code, and it began to show phentermine ads because the malicious code was mostly phentermine links.
As for who could make money with this?
Maybe the black-hatter is looking for backlinks?
Not sure what to think.
12:30 am on Nov 1, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 27, 2003
posts: 1642
votes: 0


incrediBILL: oh, fair enough - i misunderstood :)
Its quite possible it was a simple page rank hijack - they increase the page rank of their junky ppc sites by physically putting links to it on other sites.
Probably works, at least for a while.
I wonder if there would be a point reporting the linked pages to Google? Probably not - in theory it could be a competitor of the linked page looking for exactly that. Remember - there is *almost* nothing a competitor can do hurt you... ;)
12:45 am on Nov 1, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 25, 2006
posts:1344
votes: 0


because it happened to me!

Good thing we all learn from experience. I would assume that the first thing a webmaster does when he sees off-topic ads persistently re-appearing would be to check the code. I know I do. Anything wrong - check the code first.

Anyway, a cheap host ISN'T going to tell you that the problem was on their end. They'll fix it, but they will NEVER admit fault. So maybe, if it happens again, it may be prudent to switch.

1:28 pm on Nov 1, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 3, 2004
posts:88
votes: 0


it wasn't a cheap host.
i'll keep an eye on things like a hawk now.
i'll probably move the site away from their hosting anyway.

[edited by: jatar_k at 5:56 pm (utc) on Nov. 1, 2006]
[edit reason] no specifics thanks [/edit]

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members