Jack Yan
Global  |  Leadership  |  Experience  |  Media  |  Videos
Blog  |  Contact
 
  You can’t beat Wellington. Subscribe to my Facebook page Join my page on Facebook Follow me on Twitter Follow me on Drivetribe Follow me on Tumblr Follow me on Linkedin Follow me on Weibo Check out my Instagram account Follow me on Pinterest Subscribe to my blog’s RSS feed  

 

Share this page




Quick links


Surf to the online edition of Lucire





Add feeds



Get this blog via email
Enter your Email


Powered by FeedBlitz

Enter your email address:


Delivered by FeedBurner



 

The Persuader

My personal blog, started in 2006.



« | »

06.04.2013

Google clears our ad server of any malicious code, but continues to block our sites

All of the sites that carry advertising from our ad server (ads.jyanet.com) were blacklisted by Google yesterday, including this one. In fact, Google still blacklists them, despite Google and Stop Badware clearing the server of any problems.
   Here’s the kicker: the code that was injected by hackers appears to be Google Adsense code. If true, this means that Google provides hackers with code, hackers use the code, Google blacklists the sites. Have a look below to see if that’s the case.
   I remember that any schmuck can get a Google Adsense account, so they aren’t choosy. (I applied for one many years ago, which I had for six months. Believe me, it was really easy.)
   If it is Google Adsense, it wouldn’t be the first time their own code was dodgy. There had been instances where McAfee, on my computer, blocked ads on one of our sites and, when investigated, those ads turned out to be Doubleclick ones, i.e. they were from Google’s own ad network. Very big sites get targeted—unfortunately, very big sites appear to get all-clears from big companies like Google rapidly (because they affect their bottom line more?).
   Whatever the source, the hackers used their code and decided to piggyback off legitimate ad-serving websites, including ours. We fixed the vulnerability that led to this within hours of learning about it, but, as usual, we’re disappointed that Google and Stop Badware haven’t caught up after over 24 hours that things are sorted.
   I’ve pasted the warning from Google below, a shot of our OpenX installation describing the code (it looks like Google Adsense to me—is it? Or is it just based on parameters of their code so the hackers’ Adsense account profits from the activity?) and a screen shot of where the dodgy stuff Google believes it came from, namely a domain owned by one William Oster in New York. (These are from my Tumblog.) [Note: Mr Oster might not even know about this and that his OpenX installation was the victim of the same hack. The hackers could well have placed the malware on his server and spread things from there.]

   I’d like the solution to be tougher guidelines on everyday users getting Adsense accounts. Let’s hope things are harder today than they were in the 2000s. There are a lot of honest people using Adsense, so it’s fine to argue that it’s unfair to affect everyone because of a few bad eggs. Every ad network needs to be more stringent on who can advertise, too.
   Most of the larger, legitimate ad networks that I know of make things stricter, and your site has to have proven traffic and a decent track record before they’ll let their ads be shown on them.
   My guess is that Google isn’t about to change its policies because it does very well from casting its net far and wide. The last I looked, the ad business was worth US$3,600 million to them.

Related posts

Filed under: business, internet, marketing, publishing, technology, USA—Jack Yan @ 23.46

4 Responses to ‘Google clears our ad server of any malicious code, but continues to block our sites’

  1. […] Google clears our ad server of any malicious code, but continues to block our sites […]

  2. […] Here’s more about Google Adsense delivering malware and malicious code « Jack Yan: the Persuader Blog on Google clears our ad server of any malicious code, but continues to block our sites […]

  3. […] actually mirrored what happened at ZDNet, except they got cleared within hours (even though we fixed our problem within hours). The little guy, the honest business person, the legitimate blogger, the independent online […]

  4. […]  I’ve noted here that we were hacked back in April, and we fixed everything within hours. But good luck getting off Google’s blacklists. They claim six to seven hours, whereas our […]

Leave a reply