Welcome to WebmasterWorld Guest from 23.22.46.195

Forum Moderators: incrediBILL & martinibuster

Off topic ads result of a hack?

   
12:57 am on Oct 31, 2006 (gmt 0)

10+ Year Member




System: The following 14 messages were cut out of thread at: http://www.webmasterworld.com/google_adsense/3141247.htm [webmasterworld.com] by jatar_k - 10:02 am on Oct. 31, 2006 (pst -8)


Not sure what is going on, but one of my sites is now displaying pharmacutical ads - definitely not my niche. Only the homepage, and all three Adsense ads are displaying ads for "phentermine"...whatever that is. Looks horrible, and I'm a bit worried if this is an Adsense problem or something on my end.
1:12 am on Oct 31, 2006 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



What is phentermine?

Phentermine is a sympathomimetic amine, which is similar to an amphetamine. It is also known as an "anorectic" or "anorexigenic" drug. Phentermine stimulates the central nervous system (nerves and brain), which increases your heart rate and blood pressure and decreases your appetite.

Phentermine is used as a short-term supplement to diet and exercise in the treatment of obesity.

---------------------------------

Defined in a website I googled... me thinks Google is on Phentermine, lost too much inventory so you're getting crappy ads ;)?

6:37 am on Oct 31, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



andrewshim: offtopic 'phentermine' ads may mean you have been hacked - check your site for unexpected content.
Note that the hacks may only show to bots - even if the site looks clear, check your google cache and your referring keywords for stuff that shouldn't be there!
7:10 am on Oct 31, 2006 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



thanks leadegroot, but it was southernmost who was having the problem with phentermine ads. I was merely giving the definition of phentermine.

anyway, off-topic ads are a common occurance every now and then.

2:31 pm on Oct 31, 2006 (gmt 0)

10+ Year Member



leadegroot: HOLY CR*P! I just check the source code of the Google cache and there is a world of code that I didn't put there...mostly for phentermine.
How did someone do this?
How do I correct this?
2:41 pm on Oct 31, 2006 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



if you're not running your own server, call your webhost PRONTO!
4:38 pm on Oct 31, 2006 (gmt 0)

10+ Year Member



andrewshim: I just spoke with my host and had them change all the passwords: ftp, contol panel, and e-mail.
next I scanned my entire system with Microsoft Windows Defender...nothing came up.
I'll next scan with Norton.
Once I'm sure my computer is clean I'll upload the original files. (my local files aren't changed...just the ones on the host/remote server).
Any other suggestions?
5:04 pm on Oct 31, 2006 (gmt 0)

10+ Year Member



sounds like there is hole somewhere, i'm no expert but i know a few hacks in PHP that can allow entry through badly built apps.

Are you allowing any file uploads on any sites using PHP, or have any outdated open source projects that may have known vulnerabilities on them?

5:27 pm on Oct 31, 2006 (gmt 0)

10+ Year Member



no, the site is straight static html.
still can't find anything viral/malicious on my system.
i called the host again and asked them to check other sites on the same server to see if their server was hacked.
6:06 pm on Oct 31, 2006 (gmt 0)

WebmasterWorld Administrator jatar_k is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I split this out to give you your own thread southernmost
6:26 pm on Oct 31, 2006 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



So they didn't install any sneaky redirects to drive traffic elsewhere?

Just cloaked data to attract specific types of ads?

I wouldn't touch a THING before contacting AdSense support as it's possible one of their AdWords advertisers is in fact a hacking criminal.

This type of thing deserves being escalated as a more serious computer crime, especially if you lost any significant amount of income from AdSense as depending on the amount, it could be yet another felony count.

7:16 pm on Oct 31, 2006 (gmt 0)

WebmasterWorld Senior Member jomaxx is a WebmasterWorld Top Contributor of All Time 10+ Year Member



leadegroot, I guess you were right, but what prompted you to suggest that? I would have put being hacked quite low on the list of reasons for off-topic ads.
8:00 pm on Oct 31, 2006 (gmt 0)

10+ Year Member



mod: thanks for breaking this out to it's own thread. took me a while to figure where it was.
yes, the site was hacked.
I would post a copy of the injected lines of code (over 1000 lines...all were links to phentermine, mortgage calculators, wedding rings, and a few other mega-spammy items.
my host seems clueless.
at one point, they said it was due to a product of theirs "that was included with my site" that increases search rankings! AHHHHHH!
The off topic ads were displaying because the lines of code outweighed the rest of the page, and so phentermine and morgage ads.
I've changed my username & password on the ftp, and uploaded the correct files.
But without knowing why this happened (it didn't happen on my local files, and my system was scanned three ways and came up clean) I'm worried about what to do.
Probably I should change hosts. Ya think?!

[edited by: jatar_k at 10:47 pm (utc) on Oct. 31, 2006]
[edit reason] no specific hosts thanks [/edit]

8:58 pm on Oct 31, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



jomaxx: because it happened to me!
I saw a PPC-related search engine query in my logs and knew there was nothing like that on that site.
It was the first thing that occurred to me when I read the OP!
Still no idea how my site was hacked (low quality, cheap hosting for a site thats not an earner. I think theres an obvious explanation there.... ;))

southernmost: glad I could help! Odds are you won't know how they got in, first step is to clean it all up :)

incrediBILL: how on earth would an adsense ad introduce a hack onto the site? Its run in javascript on the end client, not the back end? I'm thinking a normal everyday site hack, myself.

10:49 pm on Oct 31, 2006 (gmt 0)

WebmasterWorld Administrator jatar_k is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I don't know if changing hosts will change much. I would try to figure out how the code was injected first, otherwise you may have the same hole exploited again.

are they db generated pages?
are there any scripts in use on your site?
did you keep a copy of the pages before you changed them back as this may offer a clue?

11:44 pm on Oct 31, 2006 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



IncrediBILL: how on earth would an adsense ad introduce a hack onto the site? Its run in javascript on the end client, not the back end? I'm thinking a normal everyday site hack, myself.

Um, did I imply otherwise?

I think it's a normal hack too, but how are they making profit was my point.

You either redirect traffic to a site, or you must be trying to get ads from the bandit to appear to gain money, what other options are there?

Therefore, if no traffic redirect is present, I'm assuming someone using AdWords was responsible for the hack to get more click-thrus to their ads.

12:24 am on Nov 1, 2006 (gmt 0)

10+ Year Member



the pages are not generated with a database or any other dynamic method.
They are simple html.
the only script is the adsense code, and it began to show phentermine ads because the malicious code was mostly phentermine links.
As for who could make money with this?
Maybe the black-hatter is looking for backlinks?
Not sure what to think.
12:30 am on Nov 1, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



incrediBILL: oh, fair enough - i misunderstood :)
Its quite possible it was a simple page rank hijack - they increase the page rank of their junky ppc sites by physically putting links to it on other sites.
Probably works, at least for a while.
I wonder if there would be a point reporting the linked pages to Google? Probably not - in theory it could be a competitor of the linked page looking for exactly that. Remember - there is *almost* nothing a competitor can do hurt you... ;)
12:45 am on Nov 1, 2006 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



because it happened to me!

Good thing we all learn from experience. I would assume that the first thing a webmaster does when he sees off-topic ads persistently re-appearing would be to check the code. I know I do. Anything wrong - check the code first.

Anyway, a cheap host ISN'T going to tell you that the problem was on their end. They'll fix it, but they will NEVER admit fault. So maybe, if it happens again, it may be prudent to switch.

1:28 pm on Nov 1, 2006 (gmt 0)

10+ Year Member



it wasn't a cheap host.
i'll keep an eye on things like a hawk now.
i'll probably move the site away from their hosting anyway.

[edited by: jatar_k at 5:56 pm (utc) on Nov. 1, 2006]
[edit reason] no specifics thanks [/edit]

 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month