funandgames, that is not possible...
Anything javascript is visible to anyone

It would surely not be hard for the adsense id used on a page to be encrypted using the domain name, so your actual adsense Id was always private and ads could not be taken offsite.

Would be a nice simple feature for google to add I think.

Another great example of fun with AdSense IDs... Anyone read the Autumn 2006 issue of 2600, with its article on snooping via ID?

Google should set up the publisher ID in a similar fashion to the Google Maps API Key - tied to your domain.

We should be able to list our domains in the Adsense account and the Publisher ID should only work for those domains listed in your account.

I think a lot of you have mentioned a great idea. We should be required to list our domains in our Google account to make them active. Otherwise, without using a good adsense tracking script we may find our ads hijacked resulting in click fraud that could get us banned.

If you must opt-in for each site, as opposed to the current system, that would hold google more accountable/aware of all sites within its network. At least this way, they place the faith on the publisher to insure that their sites are compliant and would only be obligated to do something if evidence came to surface stating otherwise.

A good way to hide your Adsense ID is to use an ad delivery system, such as PHPAdsNew. Instead of displaying the adsense code it will display the ad delivery code while your Adsense code is safe behind the ad delivery code.

This is one of the best options I have seen for protecting your Adsense ID's. Just for future reference, because I know it is too late for you now.

Correct me if I'm wrong, but as far as I know about http and browser requests, any page picking the adsense-graphic sends a referrer-information to google. So google supposedly knows, where the request came from, and whether the browser actually visited your site or a fake. It is quite likely that google checks this referrer information. I also recall to have read, that there are means to fake that request, but this is far from easy and would explain why such fakes and bans don't happen more often.

On the other hand I recall that google encouraged me to use the ID on other than my primary website as well. Is this what you mean with whitelist?

> Google should set up the publisher ID

I'm quite new to adsense, so I don't really know. When I sat up my sitemap-account I had to copy a dummy-page to my webspace, showing google that I truely am the owner of that domain, because the name and code for that page was only sent to me. I always thought this would apply for adsense as well, and that verification of domain, IP, and this code is regularly undertaken?

Maybe I'm too cynical or maybe I read too many posts here but when I see

I was only making $2 or $3 a day on that account, so it's not a huge loss

I just want to ask how much are you making on your other accounts.

Instead of displaying the adsense code it will display the ad delivery code while your Adsense code is safe behind the ad delivery code.

Which still doesn't protect against stealware/parasites rewriting the code on users' pc's.

Correct me if I'm wrong, but as far as I know about http and browser requests, any page picking the adsense-graphic sends a referrer-information to google. So google supposedly knows, where the request came from, and whether the browser actually visited your site or a fake.

Yes, assuming the referrer has not been modified or hidden.

It is quite likely that google checks this referrer information. I also recall to have read, that there are means to fake that request, but this is far from easy and would explain why such fakes and bans don't happen more often.

Actually, it is easy to fake, e.g. in transit or as created by the browser itself.

Google would be stupid if it is that simple to get any publisher banned,

Counter argument: Google would be stupid to not automatically ban publishers who repeatedly receive invalid clicks -- therefore, Google would be stupid if it were not that simple to get most any publisher banned.

Although publishers like to think that they are making Google money, Google is pretty acutely aware that a) the actual flow of cash into the system comes from advertisers and b) Google has an extremely large and willing pool of publishers, with more coming in every day.

So yeah, it makes perfect sense that at this stage of the game it is really quite simple to get another publisher auto-banned (we already know from court documents that fully automatic bannings are on the increase).

Or looking at this argument another way: we know for a fact that Google has machines that, based on some pattern of activity, automatically ban publishers. Therefore, it follows quite plainly that if anyone can produce that pattern of activity on another publisher, that publisher will get auto-banned.

Is it reasonable to think that pattern of activity is terribly complex and difficult to reproduce? No, that's not reasonable at all -- Google leaves the hard cases for human investigators, and the machine is supposed to pick the low-hanging fruit. Nope, getting publisher A banned cannot be any more complicated than wardriving in the city Publisher A lives in with a wireless notebook while banging away on Publisher A's ads.

The result is fraud. It increases Publisher A's income. It's way too common a pattern to devote human investigator resources to. It's identical to a pattern used by real fraudulent publishers who aren't too smart. And it's impossible to prove that it was not Publisher A himself doing it -- you can't prove a negative. Easy auto-banning 101.

So far, this mechanism is not widely known among the teenagers/misfits/whatnots who enjoy activities like defacing web sites and being script kiddies. So, Google can for the moment just ignore the collateral damage of banning innocent publishers.

But, the human nature being what it is, eventually this will be well-known among bored bad folk, and the collateral damage will get too big for Google to ignore.

What can they do? The most obvious next step for Google to escalate this war on the fundamental PPC business model is to more aggressively drop clicks. That shifts the collateral damage more towards Googles revenues, since they either have to allow more fraud (loose control) or lose revenue by incorrectly identifying some clicks as fraud (tight control).

People are following the same patterns with click fraud that they did with spam some years ago. We're now at the stage where lots of folks are trying to believe there's a technological solution to a fundamentally human problem that has no purely technological solution. In both cases, there is an opportunity for bad guys to make money, even if they have to flood the system and degrade it for everyone else. We're just at a much earlier stage in the progression of click fraud for profit and vengeance.

Click fraud is a war that has many analogies to the spam war (and eventually will involve many of the same combatants, as spammers begin to see that click fraud is easier money). About the best thing a publisher can do is realize what stage of the war we're in now, and where we're headed.

Google would be stupid to not automatically ban publishers who repeatedly receive invalid clicks

I agree, any other position would have them being a part of stealing money from advertisers.

Does anyone know of a search engine that shows results for embedded Javascript? For example, if one was concerned that one's publisher id had been hijacked, one could just search for something like:

google_ad_client AND pub-1234567901234567

(where pub-1234567901234567 is your publisher id)

Last time I tried this with Google, no luck. (no surprise, either.)

can't google simply provide in one of the adsense reports an option where they automatically display all the urls used to display the publisher's id

While its true that advertisers fund the system, adsense provides google with a much, much larger inventory that they can sell. They have hundreds of thousands of advertisers and adsense insures that many of the advertisers' budgets are fully spent. If it weren't for adsense, there's no doubt that they would see a significant loss in revenue.

Therefore, there's no doubt that they value publishers. Nevertheless, they ban publishers because its in their long term interest to try to mimic the quality/ROI that comes from google search throughout their entire network.

I can see them trying to increasingly placing more editorial weight/rules (like forbidding adsense ads close to images etc.,) to insure that in the long run advertisers are getting their money's worth. As they get a greater command on click-fraud, I think we'll see less cases like the OP and more rule changes trying to improve the quality of content etc.,

Why can't google simply tie a pub id to a website? Many of the other cpc companies do it, in fact some of them also let you ban clicks from certain IP's e.g. Quigo/Adsonar. You would think that if these companies can do it the brilliant minds at adsesne can

Also, for those who are so CERTAIN that this can't happen. Anyone willing to try an experiment and publish their google pub ID here or even their website address so that we can copy the code and place it on our website. No didn't think so. Not so sure now?

Why can't google simply tie a pub id to a website

Because publisher is free to implement ads on any website wich conforms with TOS (not just one website).

Thanks ronburk - yet another in a long line of excellent posts! :-)

You're absolutely right: "fundamentally human problem that has no purely technological solution."

Criminals do not play by the rules (that's why they're criminals).

People have been asking for domain whitelisting functionality for a long time.

It is a shame that they haven't put something like this up yet - where you can specify which domains are permitted to display your ads.

Checking billions of ads against a whitelist may be more computer overhead than they think is reasonable. Especially if it would impart a delay in serving ads.

While its true that advertisers fund the system, adsense provides google with a much, much larger inventory that they can sell. They have hundreds of thousands of advertisers and adsense insures that many of the advertisers' budgets are fully spent. If it weren't for adsense, there's no doubt that they would see a significant loss in revenue.

I would argue that there are a growing number of advertisers who are seeing their budgets spent a bit too quickly, and their revenues are not increasing with their spend.

Just to address the OP's post ... wouldn't surprise me if the OP was not in the wrong here. Strikes me that this might be a scam similar to salting a fake gold claim with real gold ...

1. Scammy website seller without many brains posts the OP's adsense code on his site.
2. Scammy Website seller clicks OP's ads on his site a bunch of times to drive the appearance of revenue up, in the hopes that the OP goes, "Hey! I want that site! It made $10 in a day!" (or $20 or $50 -- the limit would only be the amount of times the seller could click) -- and very quickly buys it.
3. Google goes, "Wait a minute. Fradulent clicks. We don't know the story, we don't care ... ban ban ban!"

Unfortunately, the OP could very well be the victim here. He might mention this to google and suggest that they watch for similar happenings with this guy's site. If he pulls it again on someone else unrelated to the OP, maybe Google will reinstate him. Or not ... depends on Google's whim.

I think it might be prudent to inquire about sites for sale anonymously, without advising the seller of your other sites. Because this is a fairly low-brow but obvious scam ... if it occurs to me, I'd think it'd occur to the (more idiotic) bad guys out there.

I wish publishers are allowed to specify the URLs where ads will be displayed.

Solution for those who has php enabled:
1. Put adsense code into lets say ads.php
2. Include it like <script src="yoursite.com/ads.php"></script>
3. In ads.php, verify referrer (or maybe also something else), and output ad code only when passed validation (otherwise blank page).

So your pages would only include <script src="yoursite.com/ads.php"></script> instead of real adsense code, and you'll have some control over your ads on other sites. At least you'll see which sites are running your ads.

Solution for those who has php enabled:
1. Put adsense code into lets say ads.php
2. Include it like <script src="yoursite.com/ads.php"></script>
3. In ads.php, verify referrer (or maybe also something else), and output ad code only when passed validation (otherwise blank page).
So your pages would only include <script src="yoursite.com/ads.php"></script> instead of real adsense code, and you'll have some control over your ads on other sites. At least you'll see which sites are running your ads.

This will work against those who simply pinch your content wholesale with no editing.

This will not work against those who merely take your publisher id and use it in ads on their own site (which is how this topic got started I believe)