nasty behavior from some adsense ads - using javascript confirm popup - Google AdSense - Display Ads forum at WebmasterWorld

Forum Moderators: martinibuster

Message Too Old, No Replies

nasty behavior from some adsense ads - using javascript confirm popup

adnxs, clean master - and it is not malware

amznVibe

3:15 pm on Mar 2, 2014 (gmt 0)

We were getting reports from some users, specifically on mobile, who were getting javascript confirms popping up over the entire page, showing a url from adnxs

Now we are old timers and we know immediately to question if their phone/tablet is infected with a bad app, router possibly being manipulated, etc.

So we took out a tablet, formated it fresh with new android install, google app store is not even installed, no apps.

Fired up the browser on it and started browsing the site.

Within 10 minutes we got the same javascript confirm.

It is NOT embeded in our website source, we have not been hacked, we've examined it at the "view selected source" level.

I do see a pattern though.

"Clean Master" ads seem to be involved and they do seem to be coming from google adsense.

Has a new hack leaked into google adsense that they are not catching?

webcentric

3:46 pm on Mar 2, 2014 (gmt 0)

Take a look at your adsense settings under Allow & Block Ads. There's a tab called "Ad Serving." On that tab try turning off the following setting under "Display Ads."

Expandable ads - show ads that expand beyond the ad unit size following a user-initiated action.

While this setting requires a user action before expansion, it could also be a loophole in the ad serving mechanism that allows advertisers to inject JS in a way that isn't triggered by a user action (well, hovering is an action). Turning it off should help you confirm if the behavior is related to that type of ad anyway. That's one thought anyway.

amznVibe

12:41 pm on Mar 15, 2014 (gmt 0)

Just to follow up, this was google stupidly allowing 3rd party networks in that were not reviewing their advertisers properly.

Disabling this was the solution:

Automatically allow new Google certified ad networks

You cannot trust google/3rd party, very dangerous, they just are not paying attention.

Lame_Wolf

2:05 pm on Mar 15, 2014 (gmt 0)

You cannot trust google/3rd party, very dangerous, they just are not paying attention.

Why do you think the wise ones amongst us blocked them ages ago.

Think about it. If you were banned from Adwords, what would be the easiest way back in?... via 3rd party.

netmeg

2:46 pm on Mar 15, 2014 (gmt 0)

The Third Party networks might also have different policies than AdSense. I ain't sayin' it's right, I'm just sayin' it might be so.

I apparently missed one of the 3rd party networks when I banned them all, and not long ago while checking one of my pages, some popup ad came up that overtook the entire screen. Was horrified to think that might have come from AdWords, but I found the one checkbox I missed and I haven't seen that popup since.

amznVibe

11:36 pm on Mar 24, 2014 (gmt 0)

Client is complaining revenue has gone down since 3rd party was completely disabled.

Is there maybe a middle ground of just blocking individual bad actors?

Does anyone stay on top of it and maybe publish a blacklist?

This is a crazy number of vendors, no way Google stays on top of all these

ad-exchange
[support.google.com...]

3rd party
[support.google.com...]