The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
|||||||
|
#1
05-23-2009, 05:32 AM
|
|||
|
|||
What to do with Adbrite?
Hi guys,
I'm having a problem with Adbrite and im wondering if any of you are able to offer some advice. I am fairly new to the online advertising world and I have been with adbrite for roughly 4 months. Things were going pretty well until about a week ago. For test purposes, I keep my computer's clock set to 2006 and I alternate between google chrome and ie6. (It may seem odd to you, but I assure you I have my reasons.) Starting last week, I would be randomly logged into some one else's account everytime I would visit adbrite. (This only happened in chrome.) After figuring out that it wasnt a one in a million error, I realized that other people with malicious intent could very well be looking at my account and all of my personal information. Fearing the worst, I contacted adbrite via their contact form and filled them in on what was happening. I told them that I suspected it was a cookie error that was some how caused by my less then typical setup. I initially suspected it was a cookie error because it only happened when I would check the "remember me" box on adbrite and then exit and revisit. After a day or 2, Adbrite replied and told me that no suspicious activity was on my account and that I should clear my cookies to resolve the issue. I have a few issues with this response. For starters, even if that proposed solution actually worked, which it didnt, that would not stop the main problem - people with malicious intent. There is no way that a person with malicious intent would kindly agree to clear their cookies so that they could no longer access random accounts. This is clearly an issue that needs to be fixed on adbrite's side, not the user's side. After telling adbrite my mind about their solution three days ago, I have yet to hear back from them. This wasnt a problem as they told me my account was fine. Sadly, my fears were confirmed today. I was looking at my ad statistics when I noticed the "minimum payment" amount was incorrect. After closer inspection, I noticed that everything in my account had been changed! Check payable name, address, phone, email, everything! Well, I take that back, they were kind enough to leave my tax id number. I quickly took a screen shot, emailed adbrite, reset my info, and changed my password. Even though I did not think they had gained access to my account via my password, but rather a forged cookie, I decided to reset it anyway. Also, if it had been a stolen password, they could have easily changed my password to something else to prevent me from accessing my account at all. (Adbrite requires the current password in order to change it to a new password.) A few hours after sending my email to adbrite and reseting my info, I decided to take a look at my stats once again. To my dismay, all of my info has been changed again. This time, the intruder did not decide to input his own info in an attempt to steal my earnings, but rather he filled all of the fields with spam. ("aaaaaaaaaaaaaaaaaaaa"). To rule out the possibility of it being a password logger, I ran several spyware/antivirus/malware scans on my computer. They all turned up clean. Also, I went to another computer and used it to reset my password just in case there was an invisible logger on my other computer. If you have managed to read that entire posting, I applaud you for your effort or your overall need to kill time. You currently know all of the details to my unpleasent situation. If you do not mind, please give me some advice on what I should do. At this point, im pulling my hair out, so anything will help. Thanks in advance. 
|
|
#2
05-23-2009, 08:21 AM
|
|||
|
|||
|
sorry to hear about the problems u had with adbrite but it dont suprise me really.
I used Adbrite Ads on my forum and only had it on for 2 weeks before i had to remove it, because on some of the full page adverts,it was trigging virus warnings to members,and i remember once when logging in to be confronted by a new thread with numerous screenshots by members showing the different virus warning they where recieving. Never used it after that and doing a search on google shows that other people had encountered the same problem. Close down your adbrite account and dont use them.Best advice im afraid
|
|
#3
05-24-2009, 01:53 AM
|
|||
|
|||
|
I'm with Lasto on this one. Good catch on the exploit, shame they won't do anything about it, but I never liked their service anyway. You'd be amazed how well a properly tuned AdSense setup can perform.
|
|
#4
05-25-2009, 08:33 AM
|
|||
|
|||
|
Quote:
Theres a lot of companies out there that claim to do a better service but really you just can't beat adsense, you just need to remember NOT to click on your own ads as they will ban you for this :up:
|
|
#5
05-27-2009, 10:52 AM
|
|||
|
|||
|
Report it to a site that is specialized in exploits. If they don't want to work with you on a solution, or even want to admit that there is a problem, posting on such a site will force them to take action.
|
|
#6
05-27-2009, 01:51 PM
|
||||
|
||||
|
Quote:
Quote:
|
|
#7
05-28-2009, 05:31 AM
|
|||
|
|||
|
Sigh... for any of you that are interested, here is an update.
A few days ago, adbrite got back in touch with me and said that they take this type of thing very seriously. It is such a serious matter, that they have my account disabled while they figure out what is going on. Now, I dont mind my account being disabled if it is just disabled in the sense that no edits can be made. Sadly, their version of being disabled means that no one can access the account and no ads show on my website. My account is now disabled until I fax them my identification (picture idea, proof of address, yada yada.). I have a few major problems with how this has been handled thus far: 1. For starters, for a company that "takes this type of thing very seriously", their response time has been horrible. 2. Faxing my information to them does not solve this issue!! They seem to be under the impression that my identity was stolen, which hey, it very well could have been, but they are over looking one giant fact; I was able to log into multiple accounts that did not belong to me. So, unless identity theft works both ways now, this is not the only issue. 3. Adbrite pay checks come once a month. For me, it is the beginning of the month. According to adbrite, if my account is still disabled when pay day comes, I will have to wait until the following month. The reason that they gave for this, is that they need to make sure they are sending the money to the right place. Now, that logic makes sense on the surface, but if you think about it, it really doesnt. Shouldnt they be able to send the money to the original address that was used before all of the changes happened? If they can not because they do not have the address, what do they plan to compare my faxed version to? Does that mean that if my email was compromised, a random person could fax a random address and that would be the new address? Anyway, thats enough ranting for now. Marco, Ive never heard of an exploit site. Would you be so kind as to recommend me a good one? Thanks for all of the feedback thus far guys; I appreciate it.
|
|
#8
05-28-2009, 05:57 AM
|
|||
|
|||
|
Not sure which site would be the best for this type of exploit, but your could try the Bugtraq at http://www.securityfocus.com/
|
 |
«
Previous Thread
|
Next Thread
»
Linear Mode
|
|
All times are GMT. The time now is 06:53 PM.