Plugins Hijacking Ads
Published on: February 2, 2012
Hi everyone, We recently experienced an odd occurrence where we found remnant-like ads on a site that didn't have any remnant tags trafficked. We expected to only see 2 advertisers with whom we were working directly. I was able to see that the proper ad unit was being called on to the page, but that wasn't matching what was displaying. This was happening on Chrome and only to a very few number of people.
We applied a trace on page load and we were able to see our ad server call the proper ad unit for one of the direct advertisers, so the Pointroll wrapper div and stylesheets were left intact, but the object/embed tags were replaced with the imgclck iframe which was displaying the rogue ads. This was al lthrough the help of our ad server, OpenX. On further investigation, they found that it was one of two browser plugins (Auto Refresh Plus and Sexy Undo Close Tab) on that person's computer that was injecting the ad code.
This all brings me to you guys - according to one of our developers, there's no fixing this, and according to our ad server, there's little that can be done to prevent this from happening. This seems extremely inappropriate and shady business practice. Have any of you heard of this/run into this/found a brilliant way to block this? I refuse to believe that there's nothing we can do and I'm at the mercy of a plugin. Look forward to hearing from you!
AdMonsters Membership
Latest Discussions
May 7 | 4:03 pm | Brian Royce
1 comments
May 7 | 2:33 pm | Todd Curran
0 comments
Apr 27 | 2:08 pm | Tyler Madsen
2 comments
Mar 21 | 6:03 pm | Robin Wilson
1 comments
Mar 19 | 11:28 am | Carissa Laufman (Pelletier)
5 comments
May 2 | 9:16 am | Anthony P Polcino
3 comments
May 3 | 4:26 pm | Carissa Laufman (Pelletier)
0 comments
22.03.11 | 10:34 am | Geisla de Souza
2 comments
Apr 26 | 9:30 am | Irina Lodkin
0 comments
May 1 | 8:31 pm | Margaret Trinh
1 comments
Comments
Test
Has anyone figured out if there is any way of monitoring the # of “rogue” impressions? I'm trying to come up with some type of figure to report up as to what percentage of inventory is potentially being hijacked.
Thanks!
Our plugin was Better Gmail ver 2.8.1 (sadly enough) - once removed the malvertising disappeared.
I looked up Better Gmail 2.8.1 and it's NOT a Google extension. It was built by someone else...but she does have a contact form on her webpage...you might email her and ask her if she knows that this "feature" is part of the extension. She seems to have a lot of extensions, so she may not realize that this is happening.
http://ginatrapani.org/
Rainey
Probably not, she's the creator of Lifehacker.com and pretty well-known. I'll alert her on this.
Thanks, Niklas
Hi all,
Just spoke to Gina Trapani that told me that the plugin Better Gmail 2.8.1 for Chrome is false since her plugin is Firefox-only. Sorry for the confusion.
Better Gmail in Firefox is working fine.
Thanks to all of you, especially Michelle.
I have fixed the issues with the computers in my companies by removing those bad Chrome extensions (it has been reported that there are problems with Firefox's addons too! - http://stopmalvertising.com/malvertisements/firefox-add-on-and-google-ch...)
My managers have asked me to seek an official response from Google and I found this contact form to be most related: https://support.google.com/chrome_webstore/bin/request.py?contact_type=c...
However, this certainly seems like talking to a wall, I fear.
In addition, Rainey suggested that it could be difficult for Google to check this kind of issue.
Anybody with an idea how to work with Google to minimise this issue moving forwards?
Cheers,
Eric
Eric,
AWESOME link. Bookmarked that and shared with the DFP Small Business forum!
Unfortunately there isn't really an official response from Google on this. They are trying as hard as they can...but it's just too complex to "sniff" out a solution easily. Everytime they catch it...people will figure out a different way to do this!
Best solution I can see...everyone needs to be VERY careful about the extensions they use. I was hesitant to use the one that blocks the Facebook ticker, but finally was desperate and annoyed enough that I did! So far, so good.
If it seems sketchy or too good to be true...it probably is. Be careful out there folks...you never know what these people could be doing. Hijacking ads is actually pretty lightweight in damages. :-/
Rainey
Hi everyone,
LIke Michael Goff, I've also upgraded myself from "lurker status" for this issue.
We're also having this issue and it seems to stem from a Skype Plug-in ours is real estate. Is there really no way to fix this? How to explain this swiping of inventory?
Hi Albert,
First thing I'd do...check to see if that Skype plugin is actually a Skype one, or if it's built by someone else. I just can't see Skype doing this...they are too big and can't really afford to do things like this.
If it isn't "real"...uninstall that sucker!
There is no way to fix this I'm afraid...and as for explanation...you shouldn't need to worry unless the client has the extension installed. Then you can tell them the downloaded a lousy one...tell them to uninstall it and let them know what a small percentage of the market will experience this.
Rainey
This just vaulted me from lurker to join your fine group. I personally have this happening right now. I don't have either of those plugins. And i've been going crazy for the last day trying to track down imglck, not to mention concerned about all the psa's showing up when i personally booked campaigns i should be seeing.
Turned all extensions off and it's working. I guess i'll add them back in one by one to figure out which of them are making it happen.
In addition to the other behavior reported--taking over our DFP served slots-- the thing that tipped me is that it's also serving an ad over a widgetbox widget on every pageview.
Any insight on nailing this and documenting it, feel free to drop me a line.
Michael Goff
goff@towleroad.com
FWIW, mine was an extension called Bookmark Sentry , "A bookmark scanner that checks for duplicate and bad links."
The page on the chrome app store was gone without explanation from "https://chrome.google.com/webstore/detail/bdglbbcbmgnimogcmcdenggkpdmihlga
I think this is a stickier issue than originally presented. A post at http://stopmalvertising.com/malvertisements/firefox-add-on-and-google-ch... is saying that these are "sponsored" plugins. And if a user is allowed to block the ads, seems tough to say they can't decide to give their browser permission to show other ads within the browser..and not just in the toolbars. These plugins are then just lining the ads up conveniently along with some version of Adblock so as nto not impose on the user. the user most likely doesn't care who's getting paid for the ads. And it's their browser
Hard to say my site has jurisdiction over anything placed in fron of my site by a browser, a screen, chat window, notepad space, or a browser ad. any more than i have a say in how a browser frames my pages and how many toolbars are added, all of which detract from the intended experience.
Another nail in the banner coffin, maybe?
Michael Goff
Yea we just looked at some reports and as expected the discrepancy between our numbers and third party numbers was right around 10%. Nothing extraordinary.
I'm just appalled that this practice is going on without our knowledge. In our other sites where we do run remnant, we would have no way of catching this sort of thing. And more distressing is that there's seemingly nothing we can do about it.
We have a third party that scans our tags for malware (The Media Trust Company), and even they weren't able to catch this. I'm still waiting on if they have suggestions on how to prevent it. I also have our VP and General Counsel looking into it. I'll certainly update with any progress!
Hey Rainey - Yes! We were seeing a lot of Ad Council ads.
I don't think it affected delivery of impressions too much. Our ad server was logging the impression because the proper ad unit was being called. The pointroll object embed were replaced by the imgclck code, but I honestly don't know how pointroll tracks impressions. It's possible they track the impression and request in the same HTTP request. And it's hard to say how many people had the plugins that were serving the ads, but I can only imagine it was very few. Only a handful of our tech editors reported seeing the ads. I'll dive into the numbers today to see if any extraordinary discrepancies could be attributed to the plugins.
And you're right, there are too many variables and according to our developer it's just a shoddy plugin and we're defenseless. There is comfort in that Auto Refresh Plus has been removed from the Chrome store, but there are other plugins doing this. I only hope not too many of our users have them!
One question for you...did you notice a downturn in impressions for the Pointroll ad? Or, was the rogue ad just laying over the top and so the impression was essentially a null impression...since is it really an impression if nobody sees it?
thanks again for posting and finding this...from everyone suffering!
Rainey
Michelle, you are awesome! I'm a Top Contributer over on the Google DFP Forum and we got lit up over the past couple of days with this (ok only a few posts...but all of a sudden!). I knew through talking with Google that it was most likely an extension but we didn't know which one. One of the posters sent a screenshot and after researching those 2 apps you mentioned...Auto Refresh Plus WAS on both computers they were getting PSA ads on.
Looks like that app is gone from the Chrome Store...and I've passed your post as well as my research along to Google DFP support, so they will send it where it needs to be...my guess is, they will probably (hopefully) put some measures in place to look for this sort of thing.
Biggest issue I have...WHY do this? The users I was helping were seeing PSA ads...which really only benefits the organization advertising...so what's the purpose?
I had an issue with DFP where I couldn't see some ads on one of my client's sites...and the answer that came back was that there are just too many variables. These extensions/plugins are cool...but if this is what's happening...I'm glad I have only a few.
Quite honestly, that Auto Refresh Plus plugin is VERY dishonest...if a person were to use that...it's impression fraud for ads because you could have 10 browsers auto refreshing every 5 seconds. NOT cool. I know DFP has filters to look for that...but still...not a good thing!
Thanks so much...you totally made my night!
Rainey
www.oncalladops.com
The exact same thing happened to us ("imgclck" and "Redvertisement network") and also on Chrome but the users on Chrome did not have the 2 plugins you mentioned so it's probably injected into other plugins as well.