Beeline shows ads Google bot. Bot displeased
I'll tell you my little story in the piggy bank of mobile operators:
Given:
It would seem that everything is under control, what can go wrong?
')
And it arrives from where it was not expected: we get a lock in contextual advertising. Contact technical support:
First thought: hacked !!! However, a cursory check shows that there are no suspicious scripts on the site. Checking service endpoint CMS also does not give anything - all are closed by hosting. In the source of the site, as expected, nothing suspicious.
Well, then let's take a closer look at the hero of the occasion:
ssp1.rtb.beeline.ru/userbind?src=rpb&id=4bae2cff-817d-4fda-816e-10effdf6d956
The fact that the domain belongs to Beeline , no one seems to cause any doubt. Let's sort the link in parts:
Quick search, we find the announcement: rb.ru/news/beeline_programmatic
Restore the chain of events:
There are 4 hypotheses:
1) Google servers are hosted on the Beeline network. Advertising insertion is carried out directly by the operator ( comment )
2) Google bot crawls through open proxies that insert ads ( comment )
3) Traffic went through a third-party advertising service, Beeline only won the competition for placement
4) Advertising slipped hoster / site hacked ( discussion )
Most likely the first 3 options. Against the fourth, they say good hosting reputation, the lack of modification of CMS files, old dates of changes, etc.
If you have not switched to https - it's time to do it
PS The article specifically missing the link to the affected site. I am ready to share it with Beeline representatives, but I see no reason to publish it in open access.
PPS Disabled advertising - potentially under-received profit. If the clients attracted from the site - the main source of income - it is very, very bad.
Given:
- The most common landing. Only pages with layout and that's it.
- Hosted on servers of a very famous hoster. The latest version of the popular (non wordpress) CMS.
- Both http and https are enabled. But the redirect from 80 to 443 is not configured.
- The site is advertised in contextual advertising Google.
It would seem that everything is under control, what can go wrong?
')
And it arrives from where it was not expected: we get a lock in contextual advertising. Contact technical support:
First thought: hacked !!! However, a cursory check shows that there are no suspicious scripts on the site. Checking service endpoint CMS also does not give anything - all are closed by hosting. In the source of the site, as expected, nothing suspicious.
Well, then let's take a closer look at the hero of the occasion:
ssp1.rtb.beeline.ru/userbind?src=rpb&id=4bae2cff-817d-4fda-816e-10effdf6d956
The fact that the domain belongs to Beeline , no one seems to cause any doubt. Let's sort the link in parts:
Sell Side Platform (SSP) is a technology platform that represents the interests of the seller and sells advertising equipment. The task of SSP is to sell advertising inventory at maximum cost. SSP is in constant interaction with the DSP, which transmits the SSP rates to advertisers and the requirements for the target audience, resulting in the winner of the RTB auction being determined taking into account the interests of the two parties.
RTB (Real Time Bidding) is an advertising technology that allows you to organize an auction between sellers and buyers of real-time advertising. The object of bargaining at an online auction is the right to display ads to a specific user.At the end of the link is the client’s advertising ID. In our case - google bot.
Quick search, we find the announcement: rb.ru/news/beeline_programmatic
Restore the chain of events:
- Google Bot is trying to check the mobile version of the site
- In the chain of servers to the site comes across a biline system, or some other one that inserts a link to your ad unit. That's right: Google bot is the perfect candidate for displaying ads!
- Google Bot is offended, and identifies the link as malicious
How advertising actually got to the site:
There are 4 hypotheses:
1) Google servers are hosted on the Beeline network. Advertising insertion is carried out directly by the operator ( comment )
2) Google bot crawls through open proxies that insert ads ( comment )
3) Traffic went through a third-party advertising service, Beeline only won the competition for placement
4) Advertising slipped hoster / site hacked ( discussion )
Most likely the first 3 options. Against the fourth, they say good hosting reputation, the lack of modification of CMS files, old dates of changes, etc.
findings
If you have not switched to https - it's time to do it
PS The article specifically missing the link to the affected site. I am ready to share it with Beeline representatives, but I see no reason to publish it in open access.
PPS Disabled advertising - potentially under-received profit. If the clients attracted from the site - the main source of income - it is very, very bad.
Source: https://habr.com/ru/post/459570/
All Articles