Hybrid Ads JS found on all pages - Google AdSense - Display Ads forum at WebmasterWorld - WebmasterWorld

Forum Moderators: martinibuster

Message Too Old, No Replies

Hybrid Ads JS found on all pages

Am I hacked?

chrizzo

4:07 pm on Apr 24, 2017 (gmt 0)

Hi,

I found a Javascript code, called Hybrid Ads on all my webpages. Google Adsense confirmed its not theirs already.

I wonder what this is. We have been experiencing massive click loss issues and I wonder if we have been code injected.

This is part of the Script:
"new HybridAds(336,280,'center_horizontal','\x3c!doctype html\x3e\x3chtml\x3e\x3chead\x3e\x3cscript\x3e(function(){window.rumTick\x3dfunction(c){var b\x3dwindow,a\x3db.performance;c\x26\x26a\x26\x26a.now\x26\x26(a\x3da.now(),b.google_js_reporting_queue\x3db.google_js_reporting_queue||[],b.google_js_reporting_queue.push({label:c,type:4,value:a,uniqueId:\x22rum.\x22+Math.random()}))};}).call(this);rumTick(\x27fb\x27);\x3c/script\x3e\x3cscript\x3evar google_casm\x3d[\x22\x22,0,null,0,0];\x3c/script\x3e\x3cscript\x3e\x3c!--\n(function(){(function(){function c(a){this.t\x3d{};this.tick\x3dfunction(a,b,c){this.t[a]\x3d[void 0!\x3dc?c:(new Date).getTime(),b]};this.tick(\x22start\x22,null,a)}var a,b;window.performance\x26\x26(b\x3d(a\x3dwindow.performance.timing)\x26\x26a.responseStart);var d\x3d0\x3cb?new c(b):new c;window.jstiming\x3d{Timer:c,load:d};a\x26\x26(a\x3da.navigationStart,0\x3ca\x26\x26b\x3e\x3da\x26\x26(window.jstiming.srt\x3db-a))})();}).call(this);\n//--\x3e\n\x3c/"

Thanks a ton for your help - Scary!
Chris

Peter_S

4:36 pm on Apr 24, 2017 (gmt 0)

Top Contributors Of The Month

Where did you find this code? Into the HTML code of your page ? Or is it loaded separately ?

keyplyr

8:42 pm on Apr 24, 2017 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

Yes it certainly looks like your pages have been compromised. I advise:

• Contact you host admin

• Change server account password & FTP passwords

• Use an editor and globally replace that code with your real Adsense code.

• Follow up with your admin to determine how the breach was accomplished and get it fixed.

chrizzo

2:49 am on Apr 25, 2017 (gmt 0)

Hi,

I found it on Chrome via inspect. The weird thing is all my dev friends cant find the script, so its either on my local network or its randomized by ip.

A bit unsure on next steps,but my revenue is hurting for sure...

Cheers Chris

chrizzo

2:50 am on Apr 25, 2017 (gmt 0)

HI Keyplr,

Thanks a ton. How can you be sure weve been code injected?

The problem is my admin is from VN and it might be an inside job....Thats at least what I suspect..

Cheers Chris

keyplyr

2:58 am on Apr 25, 2017 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

How can you be sure weve been code injected?

I can't be sure, but since you stated Google denied it was their code, and if you didn't install it, the logical assumption is you were hacked.

If you suspect it was "an inside job" due to distrust with the host, I would seriously consider moving to a more trustworthy and accountable hosting company.

Also, use your ftp client to look through all your online files for a trojan that could have replaced your Adsence code. It could look like almost anything and be hidden in any directiry, but likely a directory that has *write* permissions.

[fixed typo]

[edited by: keyplyr at 3:19 am (utc) on Apr 25, 2017]

chrizzo

3:02 am on Apr 25, 2017 (gmt 0)

Hi,

Thanks for the quick reply.

Yes, I think it was my developer. The code itself is pretty shady and weve been experiencing 50% clickloss recently from paid ads to our site...

Cheers Chris