Saturday, May 30, 2015

Safeguard your AdSense Account Against Hackers

Every AdSense publisher is responsible for keeping their own AdSense account safe, and for protecting themselves (and their own websites) against hackers. AdSense will not protect your account for you (beyond the safeguards given in your account). So the question is, how do you keep your accounts (and yourself) safe from hackers?

Regardless of what anyone else tells you or what you might read on blogs or websites, there is no 100% foolproof method to protect yourself. You can do everything "right" and still may (at some point in your life) find yourself the unhappy host for something you don't want.

That doesn't mean you can't or shouldn't take the steps required to protect yourself. The more protections you set up, the harder you make it for someone to get into your accounts. Don't offer them an open door, which so many people seem to do because they haven't thought much about protection, until they really need it..

Where to Begin - the Google Account

The first place you begin is with your Google Account, because your Google Account is your access to every other Google Product you use - it opens the door to all of your products: your Blogger, your Gmail, your YouTube channel, your Adsense account ... anywhere you use your Google login, can be accessed by signing into your Google Account.

  1. Choose your username carefully.
  2. Make your password hard to guess. If there's room, use as many as 20-25 characters for your password. Use a random choice of lower case letters, upper case letters, numbers, and characters (like a # sign, $ sign, ! sign, etc.) Not only are these harder to guess, they also take much longer for crypto program algorithms to find the correct set of characters.  Since you choose these randomly, they're also very hard for YOU to remember, so write it down on paper. Don't lose it. 
  3. Don't store it on your computer, or in your phone or mobile device. 
  4. Don't let your browser save it. 
  5. Don't use the same password anywhere else. 
  6. Change your password weekly. 
  7. Don't use the same password twice when changing it (don't don't alternate between 2 or 3 different passwords).
  8. Enable 2-step login verification. If you have a security key, use it.
  9. Don't login to your Google Account from anywhere except your own devices.
  10. Remember to log out when finished.
  11. Don't share your password or login information with ANYONE, even if you trust them.
  12. Don't share screenshots from your accounts in public forums unless you blank out your personal information.
  13. Don't invite other users to your accounts.
  14. If you must invite others, and they are not YOUR own other accounts, do NOT make them Administrators. Making anyone else an admin. means they can lock you out of your own account.

Since your Google account is your login for your AdSense account, taking these steps will also protect your AdSense account - at least as much as it is possible to protect an account.

All of the above are simply common sense. It really doesn't take a rocket scientist to understand the importance of keeping intruders out of your account.

But, there are other ways a hacker can get your information, and you need to be aware of these as well.

Learning What Not to Click, and What Not to Trust

Everyday, most of us will receive some sort of spam or email with the enticement to "click here" for something ... whether it's to change your password, or to login to another account, or to claim a prize or ... well anyone of a hundred different things.

DO_NOT_CLICK any link in any email from ANYONE without checking it out.

In Gmail, the first step is for you to check the email headers. Use the curved arrow at the right side of the page, and choose the option to "show original". This will open in a new page. Check for the domain authentication. If it was really sent from that sender, and not just spoofed, the authentication will usually show as a "permitted sender". If it's spoofed (ie: looks like it comes from a real person or a business your recognize but really doesn't), it will usually show that as non-permitted, or not allowed sender.



That's just the first clue though, and may not always be reliable.

If there's a link in the email, check it first. DO NOT click on the link.  Just hover over it. Look at the status bar at the bottom of your screen.

It shows you (usually) where that link will lead. If it's fake, it won't lead where you think it should.

The next safety check is to search for that URL on the link. Highlight the link from your email, and select "copy link" or "copy URL". Paste that URL into a blank notepad. Most of the time, there will be a domain name in that link. Go to "Google.com" to search for the domain - don't go there directly, not yet.

Check the search results for the domain on the link you copied. See what the web has to say about it. If it looks legit, visit one of the pages using a cached page view.  Make sure your browser is using security before visiting. use a popup blocker; use a tracker blocker like ghostery; use an adblocker; use a anti-phishing plugin/extension, and make sure your browser is protected by an antivirus.

Never just click a link in your email without first checking it. Doing so can take you to a site or page that can gather your personal information, including login data from your browser.

Protecting your Website Against Intruders 

Fairly often we see frantic publishers in the AdSense forum whose websites have been hacked and taken over by others. While it isn't always possible to protect against every type of attack on a website, there are simple common sense things you can do if you are using paid hosting, but what's available on paid hosting can depend on what type of hosting you have, and what type of website you've developed.

Wordpress.org self-hosted sites are usually the most prolific and widely used, and there are many ways to protect against unwanted take overs, but none are perfect. Most will work, unless someone really wants in. If you aren't using any protection, you need to.

  1. Set your "login attempts" plugin to really low allowances. Allow no more than 2 login attempts, without lockouts after that. Set the lockout to last for an hour. After two lockouts, they can't try again for 24 hours. Also note that this will make it difficult for you login if you enter a wrong password, so make sure you know your password.
  2. Make your login username different than the name you show on your blog as the person posting. For example, if you write a post and it says "posted by admin"  do not use "admin" as your login name (also don't use administrator).
  3. Don't use your own name as your login.
  4. Don't use your site name as a login.
  5. Don't use a name that can be associated with you in any way as your own user login.
  6. Make your password long, with 20 or more characters. 
  7. Don't use common phrases in your password (for example, don't use things like "4U" together).
  8. Don't use the name of your site, don't use your own name, birthdate, address, phone number or any other sort of personal information as part of your password.
  9. Don't use the same password as your Google account uses, in fact, don't use the same password anywhere else.
  10. If you host multiple sites under your hosting plan, make sure you use different logins and passwords for each of your websites.
  11. Install security for your website. Sites built on wordpress have multiple plugins you can use (WordFence, and Simple Firewall are just two). Before installing any plugins, check them out. Make sure the developer is trustworthy and the reviews are reasonably good.
  12. Follow the suggestions used above: don't login to your admin account unless using your own devices. Logout when you're done. 
  13. Don't share your login with anyone. 
  14. Don't let your browser store your logins. 
  15. Change your password once a month - more frequently if you see people trying to access your admin account. 
  16. Don't store your login/password anywhere online.
  17. If you can avoid it, don't post to your site using a mobile device. Turn off that option.
  18. Be careful how you set up your FTP accounts.
  19. If your hosting allows it, use an .htaccess file to block suspect IP addresses and web spiders you don't trust.
Note that blocking an individual IP address is not the most effective way to prevent problems, particularly if that's all you've been doing for protection. Many (if not all) hackers don't use their own IP addresses, and use one of the hundreds of proxy sites which assign random IP addresses. That means you could block thousands of IPs that don't necessarily belong to an actual hacker. Using other methods will provide more protection than just blocking a bunch of IP address, or even a range of IPs.  So yes, you can block the IPs, but one shouldn't count on just that  to do the trick.





Posted by at No comments:
Labels: , , ,

The AdSense PIN Process

What is the AdSense PIN, and Why is it Needed?

The AdSense PIN is a unique identification number issued to every publisher in their advertising network. The PIN is issued on a folded postcard that is sealed along the bottom, and mailed to your home address (the address used when you signed up for Adsense).

The purpose of the PIN is to verify your address, or in other words, to prove to AdSense that you live where you say you live.  When you sign up, you have to give the address of your residence - your home, or apartment, and the address includes your street address (or PO Box) and your country and postal code. While you can change your street address if you move, you cannot change change your country so when you sign up, you must be sure to give your correct country.

We've seen several problems when people try to sign up using some fictitious address in a different country because they think it will be easier to get approved. This usually doesn't work. Most of the time the application is rejected for incorrect information, but in the few cases where it has worked (usually when they have someone located in that country do the signup), when it comes time to get paid, they cannot receive a payment. To get your payment, it must be issued to the same country location as your address. These people end up being stuck with no way to get their payments.

No, you can't just change the country and address to receive the payment. The country can't be changed.

This is one of the purposes of the PIN. Sure, the PIN might be issued to the fictitious address, but the publisher would never receive it. If they used a friend or family member's address in a different country, the friend/family member might be able to get the PIN and give the publisher the PIN number to enter into their account.

While that might work to verify the address, come payment time ... the publisher won't receive his or her payment. If you use EFT or Wire Transfer (the majority of accounts now use this option) the bank account you have your earnings issued to must be your own - using your own name. It must also be located in the country where your address is. If you live in India but have a UK address in your AdSense account, then you need a bank account in the UK.

Most countries won't allow you to open a bank account if you don't reside in that country, and you usually need some sort of photo-ID and/or government ID to open a bank account.

So, the result is that you will save yourself a lot of trouble if you just use your own address in the first place.

When is the PIN Issued

In most countries, the PIN threshold is around $10US or the equivalent in local currency.  What may be confusing for some is the fact that this threshold is the value of "verified" earnings, and not estimated earnings.

AdSense used to send the PIN once estimated earnings reached $10, but haven't been doing that for some time now. Once your Payments page has a total of verified earnings at or over the $10 required threshold, the PIN would usually be issued with a week or so of that amount showing up on your Payment page.

You'll know when they've issued your first PIN - there will be a red notice in your AdSense account telling you that your payments are on hold until you enter your PIN. The PIN is sent out in the regular mail services, so it's no different than if you bought a postcard, stuck a stamp on it and dropped it off at the post office to be sent out to someone else. Adsense does the same thing (not literally).

How Long Does it Take

Once they stick it in the mail, how long it takes to get to your home address depends entirely on the mail services. AdSense has no control over how long the postal service takes to deliver it, nor even whether it gets delivered at all. If the postal service loses it, or delivers it to the wrong address, the publisher might not get the first PIN at all.

You can request a second PIN about 4 weeks after the first one had been issued. If you don't get that, you get one more opportunity to request your PIN (again about 4 weeks after the second was issued). If you don't get your third PIN ... is it "3 strikes, you're OUT!!!" ?

No - don't get excited. There is still a way to verify your address. About 4 weeks after you request the third PIN if you haven't entered a PIN into your AdSense account, AdSense will ask you to submit documentation to prove your address. This option will appear in your Adsense account, with a link so you can upload documents. What you'll need is an official document or two that shows your name and address - a passport if it shows your address (not all passports show an address in text); a government issued identification card; a driver's license; sometimes they'll accept a utility or tax bill. If you aren't sure which is best, it wouldn't hurt to submit two documents.

What if My Payments are on Hold?

Once you enter your PIN, the payment hold would be lifted within a few days (if not immediately), but you may not receive your payment immediately. It will depend on the payment system you are on, and how long you've been at the payment threshold waiting for your PIN, and whether or not you have other payment holds (ie: entering your tax info, setting up a payment method).

In some cases, those at or past the threshold who have been waiting through several payment cycles may see their payments issued within a few days, and those who only got to the payment threshold will probably see their payment issued during the upcoming payment cycle.

If you aren't using EFT or Wire Transfer then you would not receive payment until the next payment cycle.

What if I enter my PIN wrong 3 Times?

I used find it hard to believe that any one could accidentally enter the number wrong 3 times in a row, but considering how many people use mobile devices to access their accounts, it is a lot easier to make that mistake than it used to be.

If you enter your PIN wrong 3 times, you are likely to find yourself locked out of your account. For this, you would need to use the PIN troubleshooter to contact AdSense for help.

If you are don't receive any response at all from the troubleshooter, as a last resort, you can ask for help in the AdSense help forum.




posted by J. Gracey Stinson
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)