“It is probably an add.”
It is DEFINITELY an Advert. They started on MLS last year - surprised they are now showing up on LSC this late.
Bob and all of you-all: I had the same thiing and then noted that I had not signed in to the site! When I signed in it went away, thank you very much.
Paul
Anyone else having problems with the ads tonight? With AdBlocker disabled on LSC every time it tries to display an ad I get redirected to http://domainfwding.com/?dn=doubleclick.net&fp=0CXGoYlYd4HXOSpKF3AlWgh5omWGdDZYKWoHeLXR3IivCAi%2BNo%2F659Qlraa%2BKFc1zuUtZl1VqoMMRMh0NXdUsQ%3D%3D&prvtof=BgT4XL5g%2Fn4ZnVhwaCacukw1sfMvG8wl8KJtJnrgnE5XuBHP92MZ6w6ygulBmK3Y0pTOUYLsCIDMUuyKwSeQXz6oo%2By8GHhjEt31ga5u6es%3D&poru=XUgffJhcWENYgCO5qWCzqK%2FR2KnGN0QexCAm4ALc7Sg4a3oaPrjBglO%2Babd4nfDBcnALCoTYjPJ%2FqjNEoo93LVrsrzTubtzUOULygyGtsZ0%3D&cifr=1
Which is a page that displays an error message “Error. Page cannot be displayed. Please contact your service provider for more details. (2)”
I have temporarily enabled Ad Blocker on LSC and the problem went away. Don’t know if this is a browser hijack, or if LSC ads have a problem.
Fixed my problem. It was a lame attempt of a virus, but not detected by any anti-virus / ant-malware scanners. A malicious program installer modified the HOSTS file that caused widows to go elsewhere when Google Adsense ads were displayed. Finally found this through Google by searching “Google Adsense Hijack”. I cleared the crap out of my Hosts file and all is now well.
That’s quite interesting, Jon.
Hijacking the ads. I’ll have to remember that should I ever have the issue come up.
Apparently this is a a pretty common problem and an easy hack that really screws Google and moves their revenue into someone else’s pocket. I would have never noticed it had one of the redirected ads not been broken sending me to an error page. For at least a day I was seeing ads that didn’t look right, but didn’t really care. Most of them were HostGator.Com ads.
This is what they did to my HOSTS file starting with the comment line “#Windows32 Host services,Please no clear”…
Copyright © 1993-1999 Microsoft Corp.
This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
This file contains the mappings of IP addresses to host names. Each
entry should be kept on an individual line. The IP address should
be placed in the first column followed by the corresponding host name.
The IP address and the host name should be separated by at least one
space.
Additionally, comments (such as these) may be inserted on individual
lines or following the machine name denoted by a ‘#’ symbol.
For example:
102.54.94.97 rhino.acme.com # source server
38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
Southview Color Laser
#Windows32 Host services,Please no clear
192.254.249.59 googleads.g.doubleclick.net
192.254.249.59 ad.doubleclick.net
192.254.249.59 s.m2pub.com
192.254.249.59 ad.propellerads.com
192.254.249.59 google-analytics.com
192.254.249.59 www.google-analytics.com
192.254.249.59 ssl.google-analytics.com
192.254.249.59 pubads.g.doubleclick.net
192.254.249.59 ads.adpv.com
192.254.249.59 us.adserver.yahoo.com
#sebas
The crappiest part is that none of the anti-virus, anti-malware or ad cleaners that I tried found anything. If I hadn’t googled “Google Adsense Hijack” I would have never figured it out. It seems that Google really wants to keep this vulnerability quiet.
this is a windows vulnerability, nothing to do with Google, except that most of the redirects are aimed at google.
Blame microsoft…
Greg
It does cause problems for ads on sites, since its redirecting people from actual ads, to a different site. Since the way Google determines how effective an ad is (and how sites get paid) is when people click through them, redirecting that click to somewhere else is taking money from site owners.
Bob McCown said:
It does cause problems for ads on sites, since its redirecting people from actual ads, to a different site. Since the way Google determines how effective an ad is (and how sites get paid) is when people click through them, redirecting that click to somewhere else is taking money from site owners.
That was my point. This simple exploit of a pretty much un-needed Windows function as implemented in this case steals money away from the ad host, Google and the other advertising networks targeted and takes traffic away from sites who use these networks for advertising.
I’m just glad that I was able to did mention of it on the web. I probably never would have looked at the HOSTS file.
To be fair my Symantec AV software warned me about a Generic Trojan in the file I was about to execute, but the author claimed it was a false positive and I foolishly let him convince me. Good thing he wasn’t a bit more sophisticated.
Ummm… the hosts file performs a function in windows as well as all the Linux and Unix and Mac systems worldwide.
It’s not un-needed… and this is an example of a very simple exploit that has been used for years.
Greg
I just noticed that some keywords are now hyperlinked to ads. Is this a new feature with the site upgrade? I’m assuming that these has something to do with the google ads?
See this thread for example.
http://www.largescalecentral.com/forums/topic/23150/usa-cracked-gear-hub-fix/view/post_id/272667
Edit- after I posted this, the hyperlinks went missing, but showed up in a different tread. Now I’m even more confused, but if those clicks help Bob I’m all for it!
Thats interesting, Ill have to see what caused that to be changed. I hadnt run into that yet. Hmm…
/me scratches head.
I still see the hyperlinks in the thread you linked, Craig.
“Motor block” links to Newegg
“NW-2” links to Buy.com.
Ralph
It’s malware. Get a scan done with Malwarebytes and get it removed.
Deleted - didn’t see the post above.
Bob McCown said:
Thats interesting, Ill have to see what caused that to be changed. I hadnt run into that yet. Hmm…
/me scratches head.
Hum, I checked on the PC running Firefox and nothing. But it happened when I logged in using the Ipad and Safari, but not Chrome… So maybe it’s not a website problem, but a problem with my Ipad?
Edit- I just double checked on the Ipad, and no ads (21:00 MST). Some of the key words that I recall were “motor block”, “NW-2”, then on the other thread it was “models 1/24”, “Bachmann Couplers” and a few others
The hyperlinks were Malware.
Got by my AV & Windows Defender.
The Malwarebytes found it and removed it.
Ralph
Every time Marilyn walks by and I’m on the home page she thinks I’m browsing porn sites. The latest offender…
You can mark those as “Dont show me”… the links in the upper right let you do that…
Thanks! I found that.