Welcome to WebmasterWorld Guest from 3.227.233.55

Forum Moderators: martinibuster

Message Too Old, No Replies

Google Ads loading ads from serving-sys.com !?

     
10:11 am on Apr 29, 2017 (gmt 0)

New User

joined:Apr 24, 2017
posts: 20
votes: 0


Hi,

We have a big drop in performance, with 1 Million impressions a day its quite scary. I am trying to search the problem.

Our security team says: "I found many ads on your website loaded actually by google ads. Google Ads was loading ads from serving-sys.com, which is then loading ads from many other ad networks such as adsafeprotected.com, iasds01.com, scorecardresearch.com and others, some traffic info shown below:

So, It looks like the google ads itself is loading so many ads so wondering if you recognize this or not please?

==============================
Host: bs.serving-sys.com"

For me it doesnt sound correct that google should load from serving-sys.com? Could anyone give me input on this please....

thanks so much
Chris
11:27 am on Apr 29, 2017 (gmt 0)

Full Member

Top Contributors Of The Month

joined:Apr 20, 2017
posts:334
votes: 73


Since you have a security team, I think it's up to them to investigate what is normal or not. And to verify if your site has not been compromised.

Are you seeing Google ads when you visit your site yourself? and if you look at the files loaded ?
2:46 pm on Apr 29, 2017 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4466
votes: 332


AdSense serves ads from many third party networks. In your AdSense account you can choose to disable third party networks from your account.
8:23 pm on Apr 29, 2017 (gmt 0)

New User

joined:Apr 24, 2017
posts: 20
votes: 0


"It does seem that the issue is coming directly from Google itself.
On the screenshots you shared you see that the code is inside the container that belongs to the ad, this means that that code is being returned by Google.

Here's a quick example of one of the google ad iframe:
view-source:https://googleads.g.doubleclick.net/pagead/ads?<snipped acct specifics>&format=728x90&output=html&h=90&slotname=4074387263&adk=4047856320&adf=3481317426&w=728&lmt=1493465989&flash=0&url=http%3A%2F%2F<snipped ad specifics>%2F&wgl=1&dt=1493465989475&bpp=11&bdt=1190&fdt=13&idt=29&shv=r20170424&cbv=r20170110&saldr=aa&correlator=1044709054069&frm=20&ga_vid=228145772.1493465868&ga_sid=1493465990&ga_hid=1197489503&ga_fc=0&pv=2&iag=3&icsg=2&nhd=1&dssz=2&mdo=0&mso=0&u_tz=60&u_his=3&u_java=0&u_h=1080&u_w=1920&u_ah=1050&u_aw=1920&u_cd=24&u_nplug=4&u_nmime=6&adx=5&ady=7&biw=497&bih=984&eid=575144605%2C828064251%2C389613000&oid=3&rx=0&eae=0&fc=16&brdim=-1920%2C274%2C-1920%2C274%2C1920%2C274%2C1920%2C1050%2C497%2C984&vis=1&rsz=%7C%7CeE%7C&abl=CS&ppjl=f&pfx=0&fu=1040&bc=1&ifi=1&xpc=JEN183Gp4P&p=<snipped ad specifics>&dtd=50

You may see a different result by the time you check it but sometimes it returns this:
this.tagsrc = '<ins class=\'dcmads\' style=\'display:inline-block;width:728px;height:90px\'\n data-dcm-placement=\'N1068.142389HX/B11029770.149436293\'\n data-dcm-rendering-mode=\'scr'+'ipt\'\n data-dcm-https-only\n data-dcm-resettable-device-id=\'\'\n data-dcm-app-id=\'\'\n data-dcm-click-tracker=\'\'>\n <scr'+'ipt src=\'https://www.googletagservices.com/dcm/dcmads.js\'></scr'+'ipt>\n</ins>';
this.altsrc = '\<scr' + 'ipt src=\"https://secure.adnxs.com/psa?format=js\&size=728x90\"\>\</scr' + 'ipt\>';

The secure.adnxs.com ad network is the probably biggest malware distributor, this is just one example of bad stuff is coming from Google. My recommendation is that you first disable all the ads within adsense and then check your website see if you see the code, and then enable one by one while you continue to check until you find the one causing it and keep it disabled or even report to Google.

I will continue to investigate nonetheless in the meantime."


[edited by: not2easy at 9:06 pm (utc) on Apr 29, 2017]
[edit reason] <snipped acct & ad specifics> [/edit]

9:48 pm on Apr 29, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:2091
votes: 370


Adnxs (AppNexus): What is it and what does it do? [theguardian.com]

It's not really fair to call it a "malware distributor", and "disable all the ads" seems like poor advice if you depend on that income. Why are you looking at the ads for this "big drop in performance"? How are you measuring performance? Are you sure the ads are the problem? not2easy answered your question about Google "serving" ads from other domains; a fact that doesn't need any investigating and is not really a problem (or a security issue) for most publishers and shouldn't affect your site's performance much if the ads are loaded asynchronously.
3:54 am on Apr 30, 2017 (gmt 0)

New User

joined:Apr 24, 2017
posts: 20
votes: 0


Hi,

basically because we found a hybrid ads script. The scrips is wrapping itself around our ads and stealing the ad revenue.

On our end the clicks get counted as click spam by google so we have twice the problem - stolen revenue + we look like spammers. Its very hard to find the script though in the code
4:57 am on Apr 30, 2017 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4466
votes: 332


Have you tried taking a look at the live headers as the page loads? That will usually show you where and what is loading the script. In FF browser you can use the Live HTTP Headers Extension and examine all requests and server responses. Handy for pinpointing problems.
5:06 am on Apr 30, 2017 (gmt 0)

New User

joined:Apr 24, 2017
posts: 20
votes: 0


In this screenshot <removed site specifics> , the original Google iframe is modified in at least 2 places:

1. This code to define the HybridAds [justpaste.it...]
2. This code to wrap over the original Google Ads banner in the HybridAds <removed site specifics>

Clicking on the google banner will open the Ads just fine, though Google reports that it's considered as spam traffic.

[edited by: not2easy at 6:46 am (utc) on Apr 30, 2017]
[edit reason] See Tos and Charter [/edit]

6:58 am on Apr 30, 2017 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4466
votes: 332


If you have found a script in your source code, you can edit it out and replace it with your own AdSense code. If you cannot see the script in your page source code, then it is being added during the page loads. If it is being added during the page loads, you can view the live headers to see what and where it is being added.

If the additional code is contained within the ads that AdSense is serving on your site, you can click the small i in the circle or the x in the corner next to that to give feedback about the ad.
7:47 am on Apr 30, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:2091
votes: 370


Isn't that simply this script? [googleadservices.com...] (conversion tracking for AdWords)

Google reports that it's considered as spam traffic

How does Google report this to you?
3:40 pm on Apr 30, 2017 (gmt 0)

New User

joined:Apr 24, 2017
posts: 20
votes: 0


Hi,

Im in touch with google and they confirmed its modified script that can actually get me banned ." Thanks for your patience while I spoke with our Tech Specialists. They have confirmed that the ad code is definitely modified.
The modification of the ad code is against our policies and may lead to action taken. "

They showed me their internal reports and I have up to 60% click spam. Which we never had before at same ad design..

Thanks
4:44 pm on Apr 30, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:2091
votes: 370


Okay, so you need to figure out how the ad code is being manipulated (if it's an external source and not an error in your own code). Usually the CMS is compromised somehow (in case of WordPress it's usually a plug-in) and additional Javascript is added to the page.

What I don't understand is how Google can be registering clicks as "spam" for your account when you say the "scrip[t] is wrapping itself around [your] ads and stealing the ad revenue". I don't think you can steal revenue without the clicks.
6:05 pm on Apr 30, 2017 (gmt 0)

New User

joined:Apr 24, 2017
posts: 20
votes: 0


Hi,

Yes, were on it trying to find the source, its very well hidden.

Thats just a working theory. Basically the visitor clicks my ads, the landing page is called but they get redirected to other non google networks. Do you know what I mean?

Thanks Chris
7:26 pm on Apr 30, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:2091
votes: 370


Not really, but let us know how it works out :-)
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members