I've been fighting off a hacker for a week now. The person seems to have gained access to my hosting account or at least my ftp login. It's annoying, but I've held my own by changing passwords, scanning my computer, etc.
Now it seems like they might have been hijacking my clicks and revenue for quite some time. Of four sites, one gets almost no traffic, and that's fine because it supports a brick-and-mortar business and the main goal of the site is to get the phone ringing. If I get 10 visits a day on that site and one phone call, it's doing its job. I barely even look at that site.
Of the other three sites, two get solid traffic (hundreds of visits a day, tens of thousands of page views a month) and one gets a steady flow (30-50 visits a day).
Here's the thing: Over time, the AdSense clicks and revenue on the low-traffic, ignored site are what I expected when I signed up. CTR is x percent. On the other three sites, including one with a pretty loyal following, the CTR has been miserably low. Placement on one site is totally in-your-face. On the others it's more subtle because I thought CPA and affiliate things would be more profitable.
Try as I might, I have not been able to get the sites to function properly without pulling these files. They run on totally unrelated themes so it seems odd that they would all need to pull these strange files.
Oh, and I'm not getting results from my CPA campaigns either. One (Indeed job search) actually produced revenue within its first hour of being up, but died shortly thereafter -- very suspicious.
Sorry for the long post, and thanks in advance for any help.