[hockey97]

Hi, I would like to know how do you guys secure the ads displayed on your website?

what I mean is how can you avoid an ad from running a programming script rather then redirect the user to their website??

I will be using google adsense... but I want to do more for my customers so that if they click such ads it won't run some scrip that steals all their information or grabs cookies etc.

I want to prevent the ads from hacking my customers. I heard in the past google had issues where they had ads on their adsense system that ended up being a virus. People would click the link and it would download a virus onto their computer.

I would like to know how I can prevent this via code???

[RudiVisser]

You can't touch Google's advertisement code, and even if you could and stripped it down to a simple link, the target website can do whatever it wants.

BTW, nobody gets "hacked".

EDIT: And also nothing will get downloaded to a user's computer unless it's confirmed prior. If the user has "auto-download-and-run" enabled then they're bloody stupid.

EDIT: And also this is Google's job. I'm fairly sure that it would be against their TOS to link to a "virus" so you should contact them and get them to sort it out. If I'm not mistaken then it would be their responsibility to followup on the liability of the AdWords account owner on your behalf.

EDIT: And yeah, what he said \/ - You really can't "fix" this stuff as it's 1; Not your problem and 2; Not broken.

This post has been edited by RudiVisser: 17 August 2011 - 04:00 PM

[macosxnerd101]

Plus, what happens on other sites is something you can't control. Once somebody clicks a link, it's not your problem or within your ability to control. It's theirs.

[hockey97]

Oh, ok... but could I at least make a reporting function?

like in google ads is it possible where I can grab the url of that link and like store it in my database and have an automated way to report it to google?

The thing is I don't want to let my customers hanging out there... wanted to give them some protection... thought maybe I could use php curl to open up the link and scan if it's a threat.. and if now allow the customer to proceeded to being redirected to that website.

[RudiVisser]

It generally goes via a proxy URL, and it's loaded in via Javascript.

Seriously, don't waste your time with this - It's Google's job and the chances of something actually happening (unless your website is malicious in content so related ads would be shown) is about 1 in 4,923,589,327,215,856,235,236,734,748,458.

EDIT:

(post needed that exact image)

This post has been edited by RudiVisser: 17 August 2011 - 04:11 PM

[macosxnerd101]

I have a feeling tampering with Google's Adsense service is going to create some trouble for you. It probably violates the TOS. I'd get in contact with a Google customer service representative and get more information from them. They are in the best position to help you.

[hockey97]

macosxnerd101, on 17 August 2011 - 04:58 PM, said:

Plus, what happens on other sites is something you can't control. Once somebody clicks a link, it's not your problem or within your ability to control. It's theirs.

ya, I know I can't control other websites. But, I thought you can with php scan their pages before your client gets redirected.

something similar to the web browsers that scan links in google and tells you weather it's safe or not. I think those are plugins but was thinking to have my server scan the documents of that page where they will be redirected too and figure out the odds of it to be a hack attack or virus on that site.

ya, you can get stuff installed without you knowing... it's called javascript drive by scripts. where when you click something it installs something on your computer without you clicking the ok button. That is why browsers have the option to turn off javascript.


My website content isn't malicious or attract such crowd. Yet, I just worry because I heard on the news many times where facebook , google and many popular websites would have ads that when clicked would send a virus to your computer. That hurt those websites image a little bit. Yet,they were quick to react to it.

I heard google runs the ads they have in their database in their own older server that checks if it has malicious code. It's part of their approval process to approve an ad to be in the system. I read articles that says this.

I just was thinking if I should provide some more protection for my users to hopefully prevent any possibilities of these kinds of things to happen to my website.

This post has been edited by hockey97: 17 August 2011 - 04:16 PM

[macosxnerd101]

When I said "you", I was referring to you not the user. It is the user's responsibility to have proper security precautions. It is yours to provide a quality website, and it is Google's responsibility to insure the integrity of the ads. Contact them.

[hockey97]

macosxnerd101, on 17 August 2011 - 05:13 PM, said:

When I said "you", I was referring to you not the user. It is the user's responsibility to have proper security precautions. It is yours to provide a quality website, and it is Google's responsibility to insure the integrity of the ads. Contact them.

ok, thanks... I will send them an e-mail.

[RudiVisser]

hockey97, on 18 August 2011 - 12:11 AM, said:

ya, you can get stuff installed without you knowing... it's called javascript drive by scripts. where when you click something it installs something on your computer without you clicking the ok button. That is why browsers have the option to turn off javascript.

No, so-called Drive-By scripts either load up a Java applet (which is why browsers generally disable Java by default, Java != Javascript) or install an IE Plugin. BOTH of which popup a dialog these days by default (the IE Plugin has since IE4-5).

The user is always aware. Just because they're bloody stupid and allow it doesn't mean that it's a security exploit, it's users being stupid.

EDIT: To get back on topic a bit... I seriously wouldn't concern yourself with this. As both myself and macosxnerd101 have said it's Google's ultimate responsibility and I'm pretty sure that you would have no liability if your client clicked a link provided by Google.

This post has been edited by RudiVisser: 17 August 2011 - 04:20 PM

[hockey97]

macosxnerd101, on 17 August 2011 - 05:13 PM, said:

When I said "you", I was referring to you not the user. It is the user's responsibility to have proper security precautions. It is yours to provide a quality website, and it is Google's responsibility to insure the integrity of the ads. Contact them.

ok, thanks... I will send them an e-mail.