Ann

Google Program Policies:

A site or third party cannot display our ads, search box, or search results as a result of the actions of any software application such as a toolbar.

Very similar in the case of the Refer a Friend script.

You should also read Jenstar's recent thread breaking down the new policy changes on July 15:

In addition, You agree that while You may display more than one (1) Ad Unit on each Site Web page, You shall not display any Ad Unit on a page that contains Ads associated with another Google AdSense customer (e.g., Your Web hosting company), unless authorized to do so by Googleor such other AdSense customer, if authorized.

Jenstar Summary: This helps clarify the section of the terms that has been confusing, and gives AdSense the ultimate control over where ads by more than one publisher appear on the same page during a single page view. Previously, as long as you had permission of the other publisher whose ad unit(s) also appeared on the same page at the same time, you were permitted to do it. This change now means that you must seek Google's approval before two publisher's ad units can be placed on the same page together during the same page view

[webmasterworld.com...]

You used a script on your site for some function that you got from another website and in the code, they are able to insert their AdSense ads on your site?
Is that correct?

EVO

<script src="http://xyz.com/s/?ID=3123&SL=http://www.xyz.com/images/announce.gif">

That is, it looked like a normal image but, being loaded in a <SCRIPT> tag, it could also contain a script.

Usualliy (as in adsense) this line looks like this:
<script ... src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

That is, you immediately see that you are loading a javascript.

The .gif extension, in this case, was misleading, as one would assume to be loading just a gif.

I guess that what was happening was the following:
1) you load a file called "announce.gif"
2) regardless of its name the file is not a GIF, it's a javascript
3) this javascript displays an image, then proceed to do something else (such as displaying ads)

the result is that the user sees the filename announce.gif, sees an image in the browser and very easily does not really realize that a script is being executed within its page.

This is a form of "cross site scripting" and is generally VERY dangerous, you should never allow javascript from someone else to be run into your page, as it gets in the security environment of your page.

Just for an example, if your site www.good site.com stores the password in a cookie, usually this cookie is not visible to other sites.

But, if in your page you do <script src="www.bad site.com/script.js"> then you load the "script.js" in your site. This script can now see the cookie of www.good site.com and if needed send it to the bad guys at www.bad site.com

So, importing a script from a site you don't have control is always a way of lowering your defenses.

This includes the scripts you load from Adsense, of cource, but in this case there is all another degree of reliability..

EVO

------------------¦¦-----------------
Yes the script was a Email to friend script. It was working fine when I added it to my site. However a couple of weeks later I got an email to add the new code. But I did not do it. So the link disappeared and there was nothing displayed. A week back this adsense fiasco started.

Maybe this is what you saw?

Maybe this is what you saw?

He was speaking of the publisher code inside the javascript...

It was set to only show the ad once every two days, so it could have been easily missed by webmasters, especially since these kind of scripts are often placed below the fold.

AdSense is aware of the situation.

And technically, any third party javascript you place on your site could do this.

Thanks for the information posted on this thread. We've worked to resolve the issue, and you should no longer see Google ads from this network appearing on your sites. Apologies for any confusion or inconvenience and thanks again for helping us identify the problem.

-ASA

I think I have all of the holes plugged now, and I did send the publisher ID on to Google so hopefully something good will come of this.

Is there any way to use the publisher ID to search for other sites that show this person's ads? I would really like to know more about my hacker.

The other day I came across what I think is the exact same thing happening on another site. I assumed it was this same network, but Google ads are still showing as of now. They are actually superimposed over the website's content. I will sticky you the details and you can handle it as you see fit.

We found that you're displaying Google ads on pages ("Stupid Porn Name.com") that include profanity in the site URL or content of an adult or mature nature. AdSense publishers are not permitted to place AdSense ads on pages with such content. As a result, we have disabled ad serving to these pages.

I have absolutley nothing to do with the site and know nothing about it.

I then receive an email from my hosting company saying that my server has been Hacked. I have a dedicated server with one of the biggest companies.

I presume this is something similar to this post. But the hackers must be using my publisher ID for Google to associate it to my account.

What's up? How do I stop this?

Thanks

Maybe it's a competitor trying to get you kicked out from adense. Made or picked up for peanuts a 3rd rate porn site and stuck your adsense all over it, waited a couple of days and reported it as adsense abuse.

Luckily for you Google only trimmed those pages, but I should definately email them to let them know that it wasn't you who place the ads there. Next time it happens it will be a pattern and you mightn't be so lucky.