Jump to content

Adsense script injection still happening after upgrade to 4.2.0

Recommended Posts

Even after upgrading to Version 4.2.0, a hacker was able to use script injection to force his/her ads with the following Adsense ID -- pub-6084777151829107 -- into my websites.

It appears this person found a way to get to a file named ads.txt, which is recommended by Google to allow specific Adsense IDs to be used on a website. The txt file is in the root directory of the site.

I installed additional security software on both the webserver and via the Web host, and for the last 12 hours, things have settled down.


I am not sure if the vulnerability is found in Adserver 4.2.0 or some other file in Wordpress. In any case, be on the lookout for this Adsense ID showing up on your site, especially if you notice Adsense revenues are down.


I reported the ID to Google, but I never hear back from Google on anything I send to them.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...