xplanes Posted August 21, 2009 Posted August 21, 2009 Hello, How and why were google adds added to our website? Is there some kind of opt-out, or billing issue that would have someone do that without our knowledge or permission? Thanks, Lou Quote
TCH-Bruce Posted August 21, 2009 Posted August 21, 2009 What do yo mean? TCH does nothing with your websites. You are in total control of the content of your web space so if ads started showing up without your adding them I would be investigating what software you have installed. Quote
BrandonOK Posted August 27, 2009 Posted August 27, 2009 Wow, this just happened to me, too. Yesterday (according to the date-modified) a file was changed in my Wordpress folder adding a google ad to the front page. I just deleted it, but I have no idea how to keep it from happening again. Any ideas, TCH staff? Was added to the sidebar.php file in my currently-active theme folder. Ad variables: google_ad_client = "pub-0319448003450856"; google_ad_slot = "0064722809"; google_ad_width = 160; google_ad_height = 600; Permissions on that file were set to 644 (read/write owner, read others). I've just changed my user password on wordpress and my main account password on totalchoice. Weird. If it happens again, I will update. Quote
xplanes Posted August 27, 2009 Author Posted August 27, 2009 I have a wordpress blog that we started and never used. I had removed the link from our website but left it installed in case I wanted to mess with it again. It would appear someone has found a way to setup an admin account without any notifications going out. I removed the wordpress install with fantastico and changed our password. So far no more issues. Quote
TCH-Thomas Posted August 27, 2009 Posted August 27, 2009 Welcome to the forum, BrandonOK. Having a strong password for everything needing a password, making files and folders as protected as possible (permissions), keeping scripts etc up to date (and secure) and removing things not needed are the most basic things we all need to do to keep the bad guys out. And also, if you suspect that your account have been compromised, submit a ticket with the help desk and the techs will investigate it. Quote
TCH-Bruce Posted August 27, 2009 Posted August 27, 2009 Welcome to the forum BrandonOK May I ask what plugins you have installed and what theme you are using? That question is for both users. Also what version of Wordpress was/is it? Quote
BrandonOK Posted August 27, 2009 Posted August 27, 2009 (edited) Welcome to the forum BrandonOK May I ask what plugins you have installed and what theme you are using? That question is for both users. Also what version of Wordpress was/is it? It's Wordpress 2.8.4. The attack (it was actually pretty minor to call an "attack") probably came after I updated from 2.8.1, must've been a week or two ago. I had the default "hello dolly" and "akismet" plugins, both inactive, but deleted yesterday when I was changing passwords. Still got & using: Defensio Anti-Spam 2.03 Simple Tags 1.6.6 Wordpress Database Backup 2.2.2 The theme is called Almost Spring, which I've modified a bit (a color here, a margin width there). Installed here: http://deeperintomovies.net/journal/ The only admin user is/was myself. I've never properly understood file permissions. If a file is everybody-writeable (666 or 777), who can write to it? Everybody with FTP access to totalchoice? Everybody with FTP access to my specific account? Or everybody on the entire internet? Maybe I need to scour my install for permissions problems... I'll bet there are a few. Weird that the changed file was 664 at the time, though. And thanks for the welcome - I've actually been on the forums before but my account must've expired. 4-ish-year totalchoice member and still loving it here. Edited August 27, 2009 by BrandonOK Quote
TCH-Thomas Posted August 27, 2009 Posted August 27, 2009 I´ve never heard of that theme before so I googled a bit and it seems that the theme is already prepared to show google ads, which would make it easy for either a bad guy to enable or for anyone to forget to disable if enabled by default. Why I say the latter part is because I once accidently installed a theme that had ads with customer id and the whole thing already in place. My ad blocker did it´s job to not let me see it and I therefor did not know until someone asked me about it. Quote
TCH-Dick Posted August 27, 2009 Posted August 27, 2009 You can always report unauthorized code to Google at https://www.google.com/adsense/support/bin/request.py?contact_type=unauthorized_code Quote
xplanes Posted August 27, 2009 Author Posted August 27, 2009 (edited) Silly question, but why would someone go through the trouble to put Google ads on someone Else's website? The ads I saw were local businesses doing similar types of work. BTW, I made our website. No themes. I used Fantastico to install a photo album, classifieds, and the wordpress blog. They went in and edited my includes files so i will be looking at the permissions there. http://kitplanesnorthwest.com Edited August 27, 2009 by xplanes Quote
TCH-Bruce Posted August 28, 2009 Posted August 28, 2009 The ads make people money. If you didn't put them there then I would be opening a ticket with the help desk and have the techs take a look. I would also have them check the logs to see where logins to your site are coming from. Quote
xplanes Posted August 28, 2009 Author Posted August 28, 2009 I did open a ticket the same time I started this topic. They saved a log for me but it only contained my logins to fix the website. Quote
BrandonOK Posted August 28, 2009 Posted August 28, 2009 You can always report unauthorized code to Google at https://www.google.com/adsense/support/bin/request.py?contact_type=unauthorized_code Ah, I will do that. Checking the login logs is also a good idea. Thanks you guys - disasters hopefully averted for now. Quote
SteveW Posted August 28, 2009 Posted August 28, 2009 The google_ad_client is the unique AdSense publisher ID of the person who will be paid for clicks on those ads, so it's a major clue. Check for security advisories about all the programs you use (photo album, classifieds, and the wordpress blog), and their plug-ins, at Secunia. Here is the one for Noah's Classifieds, in case that's what you're using: http://secunia.com/advisories/product/5705/?task=advisories If a file is everybody-writeable (666 or 777), it means that any PHP script running on any site on your shared server can potentially access it without having to supply a userID or password. I suspect it also means that it's accessible by FTP, and telnet/SSH (if I'm using those terms correctly), but in those cases they would first need the userID/password. If the changed file was 664, it was probably modified by a PHP script running on your site. While technically possible that the script was running on some other site on your server, it is rare. (it was actually pretty minor to call an "attack") It's still serious, though. If they can modify one file, they can modify, or delete, the entire site. WordPress at Secunia. Yet another vulnerability in the past few days: http://secunia.com/advisories/search/?search=wordpress Quote
zdrayson Posted October 6, 2011 Posted October 6, 2011 It could be apart of the theme that you purchased. Many themes now come with a space for Google Ads. There is usually apart in the dashboard panel for you to add your own google ads code or to turn them off. Quote
mkdesigner Posted March 4, 2013 Posted March 4, 2013 I've heard of this happening with folks who do any sort of Google transaction/signup thing. My blog on blogspot suddenly had google ads the day after I signed up for Google Shopping thru Bonanza. I've not cancelled it yet, since I made several sales directly thru that before I had to put my booth on vacation for personal reasons. I may just leave it there if sales continue once I activate the booth again later this month. LOL Marge Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.