Jump to content

Google Ads


xplanes

Recommended Posts

Wow, this just happened to me, too. Yesterday (according to the date-modified) a file was changed in my Wordpress folder adding a google ad to the front page. I just deleted it, but I have no idea how to keep it from happening again. Any ideas, TCH staff?

 

Was added to the sidebar.php file in my currently-active theme folder.

 

Ad variables:

google_ad_client = "pub-0319448003450856";

google_ad_slot = "0064722809";

google_ad_width = 160;

google_ad_height = 600;

 

Permissions on that file were set to 644 (read/write owner, read others).

 

I've just changed my user password on wordpress and my main account password on totalchoice.

 

Weird. If it happens again, I will update.

Link to comment
Share on other sites

I have a wordpress blog that we started and never used. I had removed the link from our website but left it installed in case I wanted to mess with it again. It would appear someone has found a way to setup an admin account without any notifications going out. I removed the wordpress install with fantastico and changed our password. So far no more issues.

Link to comment
Share on other sites

Welcome to the forum, BrandonOK. :)

 

Having a strong password for everything needing a password, making files and folders as protected as possible (permissions), keeping scripts etc up to date (and secure) and removing things not needed are the most basic things we all need to do to keep the bad guys out.

 

And also, if you suspect that your account have been compromised, submit a ticket with the help desk and the techs will investigate it.

Link to comment
Share on other sites

Welcome to the forum BrandonOK :)

 

May I ask what plugins you have installed and what theme you are using? That question is for both users.

 

Also what version of Wordpress was/is it?

 

It's Wordpress 2.8.4. The attack (it was actually pretty minor to call an "attack") probably came after I updated from 2.8.1, must've been a week or two ago. I had the default "hello dolly" and "akismet" plugins, both inactive, but deleted yesterday when I was changing passwords. Still got & using:

Defensio Anti-Spam 2.03

Simple Tags 1.6.6

Wordpress Database Backup 2.2.2

 

The theme is called Almost Spring, which I've modified a bit (a color here, a margin width there).

 

Installed here: http://deeperintomovies.net/journal/

The only admin user is/was myself.

 

I've never properly understood file permissions. If a file is everybody-writeable (666 or 777), who can write to it? Everybody with FTP access to totalchoice? Everybody with FTP access to my specific account? Or everybody on the entire internet? Maybe I need to scour my install for permissions problems... I'll bet there are a few. Weird that the changed file was 664 at the time, though.

 

And thanks for the welcome - I've actually been on the forums before but my account must've expired. 4-ish-year totalchoice member and still loving it here.

Edited by BrandonOK
Link to comment
Share on other sites

I´ve never heard of that theme before so I googled a bit and it seems that the theme is already prepared to show google ads, which would make it easy for either a bad guy to enable or for anyone to forget to disable if enabled by default.

Why I say the latter part is because I once accidently installed a theme that had ads with customer id and the whole thing already in place. My ad blocker did it´s job to not let me see it and I therefor did not know until someone asked me about it.

Link to comment
Share on other sites

Silly question, but why would someone go through the trouble to put Google ads on someone Else's website? The ads I saw were local businesses doing similar types of work.

 

 

BTW, I made our website. No themes. I used Fantastico to install a photo album, classifieds, and the wordpress blog. They went in and edited my includes files so i will be looking at the permissions there.

 

http://kitplanesnorthwest.com

Edited by xplanes
Link to comment
Share on other sites

The google_ad_client is the unique AdSense publisher ID of the person who will be paid for clicks on those ads, so it's a major clue.

 

Check for security advisories about all the programs you use (photo album, classifieds, and the wordpress blog), and their plug-ins, at Secunia. Here is the one for Noah's Classifieds, in case that's what you're using: http://secunia.com/advisories/product/5705/?task=advisories

 

If a file is everybody-writeable (666 or 777), it means that any PHP script running on any site on your shared server can potentially access it without having to supply a userID or password. I suspect it also means that it's accessible by FTP, and telnet/SSH (if I'm using those terms correctly), but in those cases they would first need the userID/password.

 

If the changed file was 664, it was probably modified by a PHP script running on your site. While technically possible that the script was running on some other site on your server, it is rare.

 

(it was actually pretty minor to call an "attack")

It's still serious, though. If they can modify one file, they can modify, or delete, the entire site.

 

WordPress at Secunia. Yet another vulnerability in the past few days:

http://secunia.com/advisories/search/?search=wordpress

Link to comment
Share on other sites

  • 2 years later...
  • 1 year later...
  • 1 month later...

I've heard of this happening with folks who do any sort of Google transaction/signup thing. My blog on blogspot suddenly had google ads the day after I signed up for Google Shopping thru Bonanza. I've not cancelled it yet, since I made several sales directly thru that before I had to put my booth on vacation for personal reasons. I may just leave it there if sales continue once I activate the booth again later this month. LOL :)

 

Marge

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...