Sure, but you could make them add a meta tag or upload a validation file to prov... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		luckylion on May 8, 2019 \| parent \| context \| favorite \| on: Google AdWords Exploit Seen in the Wild Sure, but you could make them add a meta tag or upload a validation file to prove they are actually working on behalf of the final URL, just like they do to validate that you're in control of the URL for the webmaster console. If the malicious ad buyer has access to ebay.com's server all bets are off, but I feel like that happens a lot less often than this.

soared on May 8, 2019 [–]

I posted this above but thousands of companies send their ad traffic to their amazon.com product page, and there are a ton of other one-off examples.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact