Frustrated with ongoing Google’s false accusations over our websites, I joined the Stop Badware community today (Badware Busters), and got some sensible advice from a Dr Anirban Banerjee of www.stopthehacker.com.
He had checked what Google was on about, and noted that it was still making the same accusations it did on Saturdayāwhen we know that we had already removed the hack that day.
I told him this, and he replied:
One policy that a customer followed since Google was just not letting them off the blacklist inspite of cleaning the server, DB, etc.. was to āsuspend/removeā all ad code pointing to the mother pipe (your main server in your case) ā get the request for reviews pushed in asap, get the sites off the blacklist (since Google did not see any openx ads, nothing to analyze, hence the sites were let off within 5 hours) ā then put the ads back again. They used a simple grep command to strip out the ad code, and then restored the pages and code from a relatively fresh backup once the blockages were lifted. I know this is kind of hack-ish ā but sometimes inspite of all the meticulous cleaning that people do ā automated system will flag sites.
In other words, Google can cock up. This time, it did. So you basically need to fool Google, get your site off the blacklist, and put things back to normal afterwards.
Or: there may be a drunk driver swerving left and right at the wheel of the Google truck, so it’s your job to make sure that you build a nice road in front for them, rather than insist that they clean up their act and stay on the road.
Mind you, the last time Google claimed to analyse something in two days, it took six monthsāhere’s hoping we’re back online before then. It’s getting embarrassing telling clients what had happened, especially as most drink the Google Kool-Aid and believe the firm can do no wrong. Peel back only one layer, and you can see plenty that goes wrong.
It’s not fair, but what can you do against the Google juggernaut when so many people rely on it, especially Chrome users who are getting the false red flags more than anyone else?
Google continues to throw up big red flags to anyone visiting Lucireās website today, although its own Webmaster Tools page reveals that it has not found any problems since Saturday:
Given that we had sewn up the server on Saturday, and deleted every instance of the hack, then Webmaster Tools’ inability to find dodgy pages is no surprise.
However, Google’s continued insistence that something is wrong is damaging to our reputation, and it’s now affecting the sites of some of the team who linked to us. Those using its Chrome browser are getting the biggest warnings of all, if our feedback is accurate.
It’s not the first time we’ve had to battle Google over things like this: as those of you who remember the battle with Blogger know, Google people can be very stubborn. That last time, we gave a link proving the Google support guy was wrong and his solution was just to refuse to look at it.
But even this time, the code that Google identifies as being problematic is not: it’s straight OpenX code, which they have had no trouble with in the past. I’ve gone and replaced some of it with regenerated OpenX code that differs only with the random number being generated, which in theory should make no difference. You never know, and it’s better than sitting around and doing nothing.
And since Google has cleared the ad server where the hack took place, it’s crazy that it continues to block sites that simply have links to a clean server.
With Autocade, it now just says we have problems but refuses to identify just what they are.
The greatest irony is that our ad code often links to a Google Doubleclick ad, although, as revealed yesterday, Google’s not too fussed if third-party advertisers using Doubleclick host malware. They make money, the third party makes money, and the only people who lose are the honest folks like us.
It’ll be Monday 9 a.m. on the US west coast soon, so let’s hope things get back to normal.
PS.: I got two pop-ups today (December 21) of the same nature, this time while using Facebook. I think we can rule out Speed Dial as the reason.āJY
For the Firefox boffins out there, I began using Super Start, after having trialled Speed Dial and Fast Dial over the past year or so.
These replicate what Opera users are used to with their Speed Dial, and what Google Toolbar users have with their menus. Your most accessed websites are shown to you in thumbnail format when you open a new tab.
Super Start is probably the best of them all so far. It’s compact, doesn’t seem to drain the resources, and you can program more than the eight that it comes with (I presently have 12).
I only began seeking an alternative to Speed Dial because OpenX ad pop-ups began appearing. I don’t know what was causing them, but since I work with only a small handful of sites, it seemed odd that these were appearing each time I opened a new tab, usually to begin searching with Duck Duck Go. I was reasonably sure they were not coming with the search engine, Facebook or our own company sites. They were quite hard to get rid of, with a script that had a new window open up if you closed the first.
I have no proof that these were connected to Speed Dial, and they could have come from any website that I visited. Maybe there was a delay from another website (not uncommon). However, it’s equally odd that they have ceased to appear after I deleted Speed Dial and replaced it with Super Start. To my knowledge, Speed Dial sent me no notification of a recent update that might have brought with it these pop-ups. At best, Speed Dial was the victim of unfortunate timing.
Again, I’m blogging this in case other computer users have had the same issue creep up recently. Maybe we can narrow down the cause of these sudden pop-ups.
Today, I am eating Google humble pie, because it was right about malware on Autocade. Therefore: thank you, Google. (Iām not so petty as to not thank them for when they get things right.)
Since Google had cried wolf over this blog, which has never had malware issues, I had to question it. Nevertheless, Iām sure most people would agree that itās better to be safe than sorry.
We originally suspected it was one ad network. This is also based on past behaviour, when one of our networks got suckered in to hosting an ad twice in 2007 that turned out to be a trojan. So we began limiting the creatives that could be shown on our sites.
When that didnāt work, we had to keep looking.
We traced the malware from Autocade back to OpenX, which weāve now removed from our server. There is an upgraded version which weāll look at, as we need this program, but for now, Iād rather lose a few dollars than subject innocent users to malware.
Itās a shame there does not seem to be much action over at OpenX. Itās a really good program but the forums donāt seem to have too many staff present there. However, I know we were not alone.
For once, Iām glad Autocade is not a hugely popular site, but itās still disturbing that this happenedāand, as I understand it, Gawker and Gizmodo were affected, too.
The site acting as the malware intermediary is clickme199.ipq.co, which has been allowed to remain online. Whois gives ipq.coās location in the UK.
Luckily, our other sites were unaffected, in that no malware was sent down the line. But as a precaution, we removed all OpenX code from our sites.
Itās been a big weekend for computer problems, with one machine down due to a trojan and our ad-serving program sending malware. Plesk (the server administrator) also reported that we sent out 61 Tbyte of data this monthāand weāre only paying for 100 Gbyte. That was also scary, till I was told by Rackspace that thatās down to a bug. So weāve had to upgrade Plesk as wellāprobably not a bad thing.
Not exactly the catch-up weekend that I envisaged, but at least we made some progress. The damaged computer is almost back to normal, too.
Between a few of us here and my friend Pete in the UK, weāve spent nearly two weeks trying to get OpenX to work. Weāre finally getting ad-serving technology put in in-house, after years of relying on the US ad networks we primarily work with. Itās also walking the talk: since I have advocated that Wellington moves to open source if I am elected mayor, then it makes sense that our Linux servers are running ads off an open-source ad-management program.
The first problem might have been caused by me personally: OpenX wouldnāt install. Pete re-uploaded the files, we chmoded the directories, and away we went. Autocade has been the first domain to host the ads that we are sending along, and itās been so far, so good.
However, today we decided to give the home page of the Lucire web edition a go, and encountered a problem.
All was well for the first few hours, but then I noticed something strange: two different computers at this office were behaving differently with the geo-targeting.
We had fed in banners from two of our US networks. Letās call them network A and network B. They were set, for New Zealand, to display at these percentages (roughly):
Network A: 98 per cent
Network B: 2 per cent
On computer one running Windows XP, the above was working.
On computer two running Windows Vista:
Network A: 0 per cent
Network B: 100 per cent
Iāve a fair idea of how geo-targeting works and two computers on the same network going through the same router with the same (outward) IP address do not, in theory, behave differently.
But, as Homer Simpson once retorted, āIn theory, communism works.ā
I hope the boffins can explain this one, because usually I have gone against expert advice to get computer hardware working. (The network was hooked up many years ago by yours truly, doing the exact opposite of what the instructions saidāafter, I might add, the instructions failed. My personal laptop and its Bluetooth connection were hooked up by finding the most illogical method possible.)
Surfing to the OpenX forums (Pete had been on the chat earlier, but no one was around), I tried to log in. Unfortunately, this proved impossible and errors followed:
No one was there at all, presumably due to the database error shown at the bottom of the page:
So, if any OpenX experts are out there and can answer our geo-targeting question, please give us a shout in the comments.
Despite fiddling around with all these online ads, thereās one company I know I will never deal with. And itās not as though the online ad industry has come to us with clean hands, either, so this sullies them further.
After surfing on July 10, I found I could no longer get on to Facebook. Every time I typed www.facebook.com, I got the screen below (excerpted):
Which led me to here:
Somewhere along the line, I must have got to a web page that hijacked my web browser. It didnāt alter the hostsā file, and I was eventually able to correct this by deleting all cookies and clearing the browser cache, but it left me with one clear message: I will never deal with Mediaplex.
Based on the above, this conduct is highly unethical and is nearly as bad as planting a trojan or a virus on to a userās computer. And Googling the incident, I found that many others had encountered the same, sometimes when typing in other sites.
I was saddened to find out that Mediaplex is part of Valueclick, a company I dealt with for years. We eventually ended our contract with Valueclick. I donāt recall the reason exactly, but I suspect it was down to the low advertising rates the company delivered. There were no concerns over its behaviour.
When I was on the Mediaplex site, I noticed that Commission Junction was part of the same group. We have been asked to join CJ many times during the 1990s and 2000s but always read the terms and conditions. It had something similar to this clause (which is in its current agreement):
Dormant Accounts. If Publisher’s Account has not been credited with a valid, compensable Transaction that has not been Charged-back during any rolling, six consecutive calendar month period (āDormant Accountā), a dormant account fee at CJās then-current rate shall be applied to Publisherās Account each calendar month that Publisherās Account remains an open yet Dormant Account or until Your Account balance reaches a zero balance, at which time the Account shall become deactivated. Transactions will not be counted if the Transaction subsequently becomes a Charge-back.
In English: if you donāt make a sale over six months, they have the right to charge you. When you pay it all back, they kill off your account.
Thereās nothing illegal about that, but considering every other affiliate programme we have seen does not do that, then I bet a few people who were less careful about reading their agreements would have been taken by surprise. I found it questionable, and refused to deal with the company. (It seems, if you believe some of the links on Google, that we got off lucky.)
This latest stunt tarnishes the entire group: Commission Junction, Mediaplex and Valueclick. Caveat proponor.
