Posts tagged ‘hacking’


Google can’t find any more problematic pages, yet continues blacklisting

08.04.2013

Google continues to throw up big red flags to anyone visiting Lucire’s website today, although its own Webmaster Tools page reveals that it has not found any problems since Saturday:

   Given that we had sewn up the server on Saturday, and deleted every instance of the hack, then Webmaster Tools’ inability to find dodgy pages is no surprise.
   However, Google’s continued insistence that something is wrong is damaging to our reputation, and it’s now affecting the sites of some of the team who linked to us. Those using its Chrome browser are getting the biggest warnings of all, if our feedback is accurate.
   It’s not the first time we’ve had to battle Google over things like this: as those of you who remember the battle with Blogger know, Google people can be very stubborn. That last time, we gave a link proving the Google support guy was wrong and his solution was just to refuse to look at it.
   But even this time, the code that Google identifies as being problematic is not: it’s straight OpenX code, which they have had no trouble with in the past. I’ve gone and replaced some of it with regenerated OpenX code that differs only with the random number being generated, which in theory should make no difference. You never know, and it’s better than sitting around and doing nothing.
   And since Google has cleared the ad server where the hack took place, it’s crazy that it continues to block sites that simply have links to a clean server.
   With Autocade, it now just says we have problems but refuses to identify just what they are.
   The greatest irony is that our ad code often links to a Google Doubleclick ad, although, as revealed yesterday, Google’s not too fussed if third-party advertisers using Doubleclick host malware. They make money, the third party makes money, and the only people who lose are the honest folks like us.
   It’ll be Monday 9 a.m. on the US west coast soon, so let’s hope things get back to normal.

Tags: , , , , , , , , , ,
Posted in business, internet, marketing, publishing, USA | 2 Comments »


Here’s more about Google Adsense delivering malware and malicious code

07.04.2013

I wasn’t too far off the mark with my last post. It’s not unlikely that what was placed into our site by hacking during the small hours of Saturday morning was Google Adsense code: here’s an article entitled, ‘Google AdSense Potential Source of Malware’ at Resources for Life.
   While ours was more serious, because it involved hacking, Google’s openness and the lack of quality control by its partners (and by itself?) for its Adsense system is still problematic.
   It’s the age-old problem: you want to be more open, but with that comes a flood of less than scrupulous folks who take advantage of it.
   What jumped out at the Resources page was this:

How it Happens. Hackers write malicious program code into the ads. Maybe they submit legitimate code initially then change it for malicious code. Either way, those ads eventually get served up on your site. Either the ad javascript itself, or the places it takes your site visitors, or fake messages making your site visitor think their computer is infected. These ads violate the Federal Trade Commission laws on false advertising, but since everyone’s making money of[f] it, nobody complains.

   Well, not everyone’s making money. The publisher’s site gets blacklisted and it takes days for that to be lifted, so the earnings go down. Who gains? The hackers and Google.
   There’s something to be said sometimes about closing things off, especially if they are subject to abuse. The cited article dates from 2012, and a linked forum has posts going back to 2011, so these issues have gone on for some time. The latter makes for sobering reading, with quotations such as:

I recently was getting a daily notice where users were randomly getting malware warnings popping up on their browser when on my site. I shut off all Google Adsense and this immediately stopped.

I was too having a similar problem. Just the difference was that, the suspected cause was malicious Analytics Code. As soon as I removed, the entire problem was solved. Google must look into this as soon as possible.

I’ve reported this to them and posted in their help forums but they have been non responsive. It is definitely being delivered through Adsense and I suspect their ‘trusted 3rd party’ network.

   The other ad networks we deal with have done a better job with screening. Of the main ones we dealt with, I can only think of an incident back in 2007, with some fake Careerbuilder ads. Maybe we should turn the clock back—or the ad networks should insist that we not deal with certain parties.

Tags: , , , , , , ,
Posted in business, internet, marketing, media, publishing, technology, USA | 2 Comments »


Eating Google humble pie

25.10.2010

Today, I am eating Google humble pie, because it was right about malware on Autocade. Therefore: thank you, Google. (I’m not so petty as to not thank them for when they get things right.)
   Since Google had cried wolf over this blog, which has never had malware issues, I had to question it. Nevertheless, I’m sure most people would agree that it’s better to be safe than sorry.
   We originally suspected it was one ad network. This is also based on past behaviour, when one of our networks got suckered in to hosting an ad twice in 2007 that turned out to be a trojan. So we began limiting the creatives that could be shown on our sites.
   When that didn’t work, we had to keep looking.
   We traced the malware from Autocade back to OpenX, which we’ve now removed from our server. There is an upgraded version which we’ll look at, as we need this program, but for now, I’d rather lose a few dollars than subject innocent users to malware.
   It’s a shame there does not seem to be much action over at OpenX. It’s a really good program but the forums don’t seem to have too many staff present there. However, I know we were not alone.
   For once, I’m glad Autocade is not a hugely popular site, but it’s still disturbing that this happened—and, as I understand it, Gawker and Gizmodo were affected, too.
   The site acting as the malware intermediary is clickme199.ipq.co, which has been allowed to remain online. Whois gives ipq.co’s location in the UK.
   Luckily, our other sites were unaffected, in that no malware was sent down the line. But as a precaution, we removed all OpenX code from our sites.
   It’s been a big weekend for computer problems, with one machine down due to a trojan and our ad-serving program sending malware. Plesk (the server administrator) also reported that we sent out 61 Tbyte of data this month—and we’re only paying for 100 Gbyte. That was also scary, till I was told by Rackspace that that’s down to a bug. So we’ve had to upgrade Plesk as well—probably not a bad thing.
   Not exactly the catch-up weekend that I envisaged, but at least we made some progress. The damaged computer is almost back to normal, too.

Tags: , , , , , , , , , ,
Posted in internet, marketing, New Zealand, publishing, technology, UK, USA | No Comments »