I wasn’t too far off the mark with my last post. It’s not unlikely that what was placed into our site by hacking during the small hours of Saturday morning was Google Adsense code: here’s an article entitled, ‘Google AdSense Potential Source of Malware’ at Resources for Life.
While ours was more serious, because it involved hacking, Google’s openness and the lack of quality control by its partners (and by itself?) for its Adsense system is still problematic.
It’s the age-old problem: you want to be more open, but with that comes a flood of less than scrupulous folks who take advantage of it.
What jumped out at the Resources page was this:
Well, not everyone’s making money. The publisher’s site gets blacklisted and it takes days for that to be lifted, so the earnings go down. Who gains? The hackers and Google.
There’s something to be said sometimes about closing things off, especially if they are subject to abuse. The cited article dates from 2012, and a linked forum has posts going back to 2011, so these issues have gone on for some time. The latter makes for sobering reading, with quotations such as:
I recently was getting a daily notice where users were randomly getting malware warnings popping up on their browser when on my site. I shut off all Google Adsense and this immediately stopped.
I was too having a similar problem. Just the difference was that, the suspected cause was malicious Analytics Code. As soon as I removed, the entire problem was solved. Google must look into this as soon as possible.
I’ve reported this to them and posted in their help forums but they have been non responsive. It is definitely being delivered through Adsense and I suspect their ‘trusted 3rd party’ network.
The other ad networks we deal with have done a better job with screening. Of the main ones we dealt with, I can only think of an incident back in 2007, with some fake Careerbuilder ads. Maybe we should turn the clock back—or the ad networks should insist that we not deal with certain parties.