OK, when on the main froum page, at the bottom in the ads by google area, there’s not an ad, but an envelope and a comment that says I have New Email…

Can someone explain this to me??

Andy Clarke said:

OK, when on the main froum page, at the bottom in the ads by google area, there’s not an ad, but an envelope and a comment that says I have New Email…

Can someone explain this to me??

Thats probably a bad ad. Take a screenshot of the page and send it to me. Also, right click on the ad, copy the URL, and mail that to me.

Then, in the upper right corner of the ad there’s an X. Click that and select “stop seeing this ad”.

http://pagead2.googlesyndication.com/simgad/7708484361141191943

Andy Clarke said:

OK, when on the main froum page, at the bottom in the ads by google area, there’s not an ad, but an envelope and a comment that says I have New Email…

Can someone explain this to me??

Open it up and tell us who it’s from dad!

Bob, the rooster has it right… His entry shows exactly what I see at the bottom of the page…

I hit properties, and get a full screen of an URL… But, it won’t let me copy it by any way that I know of… The HTTP line that shows under properties is about 14 & 1/2 lines long… Not the HTTP line that’s in rooster’s…

Halfway thru, there’s another HTTP line for get inboxnow.com/splash.html and 7 lines of characters.

You still didn’t tell us who the email is from dad?

It is probably an add. I clicked on one of those “you have mail” adds once and it took me to a “dating” website, where I supposedly had like 14 emails from “members” of that site who wanted to date me. Since I was not a member of that site, I said “BS” and closed the window.

David Russell said:

You still didn’t tell us who the email is from dad?

Son, I don’t open any mail, unless I know from whom it is…

Now you know why I never open any of your emails…

“It is probably an add.”

It is DEFINITELY an Advert. They started on MLS last year - surprised they are now showing up on LSC this late.

Bob and all of you-all: I had the same thiing and then noted that I had not signed in to the site! When I signed in it went away, thank you very much.

Paul

Anyone else having problems with the ads tonight? With AdBlocker disabled on LSC every time it tries to display an ad I get redirected to http://domainfwding.com/?dn=doubleclick.net&fp=0CXGoYlYd4HXOSpKF3AlWgh5omWGdDZYKWoHeLXR3IivCAi%2BNo%2F659Qlraa%2BKFc1zuUtZl1VqoMMRMh0NXdUsQ%3D%3D&prvtof=BgT4XL5g%2Fn4ZnVhwaCacukw1sfMvG8wl8KJtJnrgnE5XuBHP92MZ6w6ygulBmK3Y0pTOUYLsCIDMUuyKwSeQXz6oo%2By8GHhjEt31ga5u6es%3D&poru=XUgffJhcWENYgCO5qWCzqK%2FR2KnGN0QexCAm4ALc7Sg4a3oaPrjBglO%2Babd4nfDBcnALCoTYjPJ%2FqjNEoo93LVrsrzTubtzUOULygyGtsZ0%3D&cifr=1

Which is a page that displays an error message “Error. Page cannot be displayed. Please contact your service provider for more details. (2)”

I have temporarily enabled Ad Blocker on LSC and the problem went away. Don’t know if this is a browser hijack, or if LSC ads have a problem.

Fixed my problem. It was a lame attempt of a virus, but not detected by any anti-virus / ant-malware scanners. A malicious program installer modified the HOSTS file that caused widows to go elsewhere when Google Adsense ads were displayed. Finally found this through Google by searching “Google Adsense Hijack”. I cleared the crap out of my Hosts file and all is now well.

That’s quite interesting, Jon.
Hijacking the ads. I’ll have to remember that should I ever have the issue come up.

Apparently this is a a pretty common problem and an easy hack that really screws Google and moves their revenue into someone else’s pocket. I would have never noticed it had one of the redirected ads not been broken sending me to an error page. For at least a day I was seeing ads that didn’t look right, but didn’t really care. Most of them were HostGator.Com ads.

This is what they did to my HOSTS file starting with the comment line “#Windows32 Host services,Please no clear”…

Copyright © 1993-1999 Microsoft Corp.

This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

This file contains the mappings of IP addresses to host names. Each

entry should be kept on an individual line. The IP address should

be placed in the first column followed by the corresponding host name.

The IP address and the host name should be separated by at least one

space.

Additionally, comments (such as these) may be inserted on individual

lines or following the machine name denoted by a ‘#’ symbol.

For example:

102.54.94.97 rhino.acme.com # source server

38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
Southview Color Laser

#Windows32 Host services,Please no clear
192.254.249.59 googleads.g.doubleclick.net
192.254.249.59 ad.doubleclick.net
192.254.249.59 s.m2pub.com
192.254.249.59 ad.propellerads.com
192.254.249.59 google-analytics.com
192.254.249.59 www.google-analytics.com
192.254.249.59 ssl.google-analytics.com
192.254.249.59 pubads.g.doubleclick.net
192.254.249.59 ads.adpv.com
192.254.249.59 us.adserver.yahoo.com
#sebas

The crappiest part is that none of the anti-virus, anti-malware or ad cleaners that I tried found anything. If I hadn’t googled “Google Adsense Hijack” I would have never figured it out. It seems that Google really wants to keep this vulnerability quiet.

this is a windows vulnerability, nothing to do with Google, except that most of the redirects are aimed at google.

Blame microsoft…

Greg

It does cause problems for ads on sites, since its redirecting people from actual ads, to a different site. Since the way Google determines how effective an ad is (and how sites get paid) is when people click through them, redirecting that click to somewhere else is taking money from site owners.

Bob McCown said:

It does cause problems for ads on sites, since its redirecting people from actual ads, to a different site. Since the way Google determines how effective an ad is (and how sites get paid) is when people click through them, redirecting that click to somewhere else is taking money from site owners.

That was my point. This simple exploit of a pretty much un-needed Windows function as implemented in this case steals money away from the ad host, Google and the other advertising networks targeted and takes traffic away from sites who use these networks for advertising.

I’m just glad that I was able to did mention of it on the web. I probably never would have looked at the HOSTS file.

To be fair my Symantec AV software warned me about a Generic Trojan in the file I was about to execute, but the author claimed it was a false positive and I foolishly let him convince me. Good thing he wasn’t a bit more sophisticated.

Ummm… the hosts file performs a function in windows as well as all the Linux and Unix and Mac systems worldwide.

It’s not un-needed… and this is an example of a very simple exploit that has been used for years.

Greg

I just noticed that some keywords are now hyperlinked to ads. Is this a new feature with the site upgrade? I’m assuming that these has something to do with the google ads?
See this thread for example.
http://www.largescalecentral.com/forums/topic/23150/usa-cracked-gear-hub-fix/view/post_id/272667

Edit- after I posted this, the hyperlinks went missing, but showed up in a different tread. Now I’m even more confused, but if those clicks help Bob I’m all for it!

Thats interesting, Ill have to see what caused that to be changed. I hadnt run into that yet. Hmm…

/me scratches head.