On July 18, our system was subjected to a sophisticated javascript injection attack, which "hijacked" our advertisements from Google Adsense. The hack, which many sites have experienced over the past couple of years -- as fast as the good guys find out how to block the move, the bad guys find a way to evolve around it -- overlays the hacker's ads on top of legitimate advertisements on a website, so that the credit for, and revenue from, the views and click-throughs goes to them, instead of the host site.
When we say that "our site" was hacked, that isn't exactly the case. What happens is that the iframe ("box") for the ad unit -- which is generated by Google and is not hosted by LVA -- gets hijacked, so we were actually being served those bad spam ads (for fake handbags and buying gold) by Google! Once they realized what had happened, Google then shut down our site because of the bogus ads that adservers on their network had been delivering to their ad units! There's irony for you.
We were aware that something was wrong almost immediately, and contacted Google Adsense (no easy task -- they have no real "helpline" and prefer to send their clients into a free-for-all forum in the hope that we can collectively solve any problems among ourselves), but it took a week for them to acknowledge the problem we'd repeatedly tried to inform them about. Once they agreed with us, they posted that scary "this site has the plague" notice across every browser platform -- not that many of our readers' spam and virus blockers hadn't already alerted them to a problem.
In the meantime, we were busy researching and blocking all the bad ad-server websites from posting their spam on top of our ads. The miscreant servers are mainly based in Eastern Europe and the clever hackers are exploiting weaknesses in bits of code update that the major browsers (Chrome, Firefox, Safari, etc.) continually release; as any website owner can tell you, it's a never-ending cat-and-mouse battle against people who do nothing but sit at their computers all day finding ways to steal from and subvert legitimate websites. We, the opposition, are busy generating content and all the things good websites are supposed to be doing, instead of living in a (valid) state of perpetual paranoia, looking for a never-ending barrage of evil needles in the server haystack that can ruin a business overnight.
We successfully eradicated anything remotely dubious that we found on our servers in relatively short order, but then had to sit back and wait for Google to review our site again and give the all clear, which, thankfully, they now have done.
Welcome back, everyone, and our apologies for the interruption in service. We'd like to take this opportunity to thank all our supporters on Twitter for the sympathy they expressed. As for Google, if it sounds as though we have an axe to grind, it's because we do, as we don't feel remotely supported by the Internet behemoth that doesn't seem to give a whip about legitimate content-producing websites if a problem doesn't relate directly to its not-so-all-encompassing algorithms. We can't do much about that, but if Google can't clean up its ad-serving act, we'll ditch them, since the integrity of our website is far more important to us than their ad revenue.
