« Talking about suspended AdSense accounts on Click This! | Main | Google AdSense triggers intrusion attempt alert in Norton Internet Security »

September 28, 2006

Low AdSense impressions? Maybe your publisher ID has been changed by a hacker

Usually when a publisher logs into his or her AdSense account and notices impressions have dropped significantly, there is a list of potential problems you look at for the reason. These include things like checking if there is a PSA issue as a result of the stop word filter or robots.txt issue, a significant drop in traffic, a problem with the server being down or a database problem. But pretty far down on the list - if it makes the list at all - is checking to see if the publisher ID on the site has been changed. But unfortunately, this should be one of the first things publishers check for, as this problem is becoming rampant, especially in the last month or so.

In various webmaster forums, more and more publishers are reporting that they have seen their publisher IDs changed on their AdSense accounts, and a couple cases of it happening to Yahoo Publisher Network accounts.

If your site was hacked and that person changed the publisher ID on a single high-earning page, such as the index page, or a high ranking sub-directory index page, would you notice? Most publishers probably would not, because it would be a drop in earnings and impressions, but probably not enough of a drop to prompt looking into the on-site publisher IDs, but rather just enough of a drop that could be written off to traffic or EPC fluctuations. And unfortunately, some hackers are using exploits on scripts or programs running on websites to only change one or two pages, which is far harder to notice, than if they had changed the publisher ID on every AdSense code on an entire site.

And even more unfortunate, AdSense does not offer publishers any tools whatsoever that would alert them to any problem with there being an AdSense publisher ID switcheroo.

What are some ways that AdSense could help publishers with this problem? There are several ways.

One could be to use the Google Sitemaps verification process. If I verify my SiteA.com through sitemaps using the same Google ID that I use for Google AdSense, they could then offer a "Only use this AdSense publisher ID on this site" where I could then submit my publisher ID. So if another publisher ID showed up on a page on that site that was not the one I submitted, it could either override it or could raise an alert either in the AdSense control panel or the Sitemaps control panel that another publisher ID was placed on that site. And while a hacker hacking into a website could change the publisher ID appearing on the site, the hacker would still not have access to login using the Google account ID used by that publisher.

Another way could simply be through the Google AdSense account alone, although it could potentially be less secure than going the site verification way, because AdSense would not be able to verify site ownership. In this case, you could submit the URLs associated with your AdSense account and ask to be alerted if any other publisher IDs appear on those sites. But, not all publishers would likely do this, and it could result in the hackers adding those URLs into their own accounts, and use it to be alerted to when the original publisher discovers the swapped publisher IDs. This would be an option that the Yahoo Publisher Network could implement as well.

And along those same lines, a "white list" of URLs would be useful as well, where publishers submit the only URLs where their AdSense code should be appearing. That way, publishers who are worried about someone putting their AdSense code on a site they do not control would be alerted when their publisher ID suddenly starts appearing on SuperSpammySite.com. This has been a feature I have been requesting for about two years now, especially as publishers are becoming more and more paranoid of being suspended for someone doing something completely out of their control.

What is happening to publishers who are hacking into sites to change publisher IDs? It is not really known, but i can only assume they are being suspended for doing it.

What can you do to protect yourself? Ensure that any scripts or programs you have running on your website are up-to-date with the latest versions and patches. Likewise, if you run your own server, ensure that your patches are all up-to-date. This will prevent hackers from taking advantage of any exploits that would enable them to gain access into your server and change your publisher ID.

Likewise, use secure passwords that cannot be easily guessed, and do not save your passwords (including your AdSense and/or Google accounts password in plain text on your server.

Know and trust anyone who has access to your server, whether it is employees or someone installing a script. If you give your login to someone installing a script, immediately change your password after and check to see if any pages were updated in the process.

Posted by Jenstar at September 28, 2006 11:08 AM

Comments

Will publishers who have had their site altered in this way be banned from AdSense?

Posted by: Paul Wells at September 29, 2006 10:55 AM

Excellent post! To protect yourself I would add:
- Don't use server-side software that requires your AdSense account such as click trackers.
- Avoid using apps to check earnings because many times the passwords goes unencrypted and can be sniffed, specially if you use public Wi-Fi Spots.

Posted by: Mariano at September 29, 2006 11:14 AM

This is scary stuff. It is very hard to detect. Makes me worry. How was this discovered?

Posted by: Mortgage Expert at September 29, 2006 03:05 PM

Thank you for pointing this out. I think a few simple grep and unix command can catch that. But who would've thought that could happen.

Posted by: SF at September 29, 2006 06:30 PM

Scary stuff, and an easy way to verify your user IDs are all yours on all your pages from a Linux command line prompt is:

grep "google_ad_client" *.html

Guess I'm wondering why Paul advises to "Avoid using apps to check earnings" as the AdSense login uses SSL which is encrypted and I thought Google forced everyone to use the SSL login about a year ago.

Posted by: IncrediBILL at September 30, 2006 11:37 AM

This is definitely some eye opening stuff, but, what about those sites who have a revenue sharing model.

I know quite a few bloggers and blog networks share AdSense by incorporating the various IDs within individual blog entries. (Which has been OK'd by Google.)

The solutions would make something like this quite difficult without a lot of work. On the other hand, I do believe we could all do with some better AdSense Pub ID protection.

Posted by: Teli Adlam at October 2, 2006 05:55 AM