Home Online Advertising By Sneaking Into Ads.txt Files, The 404bot Cost Advertisers $15 Million
Online Advertising

By Sneaking Into Ads.txt Files, The 404bot Cost Advertisers $15 Million

By

SHARE:

For two years, the 404bot worked unchecked, exploiting a flaw in the ads.txt spec that cost advertisers $15 million in wasted video ads.

The 404bot served 1.5 billion video ads, according to Integral Ad Science, which revealed the scheme Tuesday with a warning for the industry, including for publishers to audit their ads.txt files.

Ads.txt was designed to stop domain spoofing by allowing publishers to list all direct partners and resellers. Advertisers can confirm they are buying inventory from sellers with legitimate access to a publisher’s inventory.

But if publishers add an untrustworthy partner, they can abuse their position as an ads.txt-verified path and spoof the publisher’s inventory.

The few hundred domains where Integral Ad Science found ads.txt files linked to the 404bot all had something in common, said Evgeny Shmelkov, head of the IAS Threat Lab. “Their ads.txt files were huge,” he said. “There were lots of parties freely trusted.”

Once the 404bot was added to a publisher’s ads.txt list, it sold legitimate ads from the publisher and ads at other sites spoofed to look like they came from the publisher’s domain. Since the partner was listed as an approved path to a publisher’s inventory, advertisers had no easy way to determine that the domain was spoofed.

As the name suggests, the 404bot relied on fake URLs. The bot would also create an article page name that didn’t exist on the publisher’s site but existed legitimately elsewhere, such as a story about the week’s highest-grossing movie.

Although some domain spoofing simply puts lipstick on a pig – repackaging human traffic to dating, porn or non-brand safe content sites as higher-value URLs – the 404bot showed the ads to bots, not humans. So publishers’ inventory was not only spoofed and devalued, but their invalid traffic rates would appear higher.

IAS notified the publishers affected by 404bot, Shmelkov said.

Publishers should audit their ads.txt files using best practices outlined by the IAB Tech Lab, he added. By closely monitoring their ads.txt files, they can avoid letting partners onto their sites that could misrepresent their inventory.

And DSPs can track fake URLs in their inventory to root out potential domain spoofing, in addition to buying only from ads.txt-compliant paths to supply.

Tagged in:

Must Read

Felipe Cuevas for TelevisaUnivision
CTV

We Went To Eight Upfronts This Week. Here's What We Learned

Upfront week is officially over. In case you missed any of the dog-and-pony shows — including Chappell Roan belting out “Pink Pony Club” during YouTube’s Broadcast — don’t worry; we’ve got you covered.

CTV Roundup

Let’s Be Upfront About Performance

During upfronts, publishers flexed their ad performance muscles at media buyers all week long in an effort to appeal to the biggest demands media buyers have during their upfront negotiations: flexibility and results.

CTV

Upfronts Day Two: Dancing And Data

TelevisaUnivision and Disney took over Day Two of upfronts week in New York City on Tuesday, and the throughline was data quality.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
CTV

Warner Bros. Discovery’s Upfront Was All About Performance

Warner Bros. Discovery used its upfront stage to announce two new ad measurement efforts, including that it’s joining a CAPI-focused initiative led by OpenAP.

CTV

Upfronts Day One: Publishers Jostle For Position As Performance Drivers

AdExchanger Senior Editor Alyssa Boyle and Associate Editor Victoria McNally traversed the island of Manhattan on Monday to scope out upfront presentations by NBCUniversal, Fox and Amazon.

Marketers

Viant Sees A Growth Wave Coming, But First Marketers Must Really Ditch Walled Garden Ad Tech

Viant’s modest growth story took a backseat to a far louder claim: that fed-up advertisers are finally ready to ditch the rigged economics of Big Tech’s walled gardens.

Popular

  1. CTV

    Upfronts Day Three: Ad Tech Jargon And Brand Awareness 

    Another TV upfronts season is in the books. Please send your condolences to Senior Editor Alyssa Boyle and Associate Editor Victoria McNally as they reluctantly return to reality and their overstuffed inboxes.

  2. Felipe Cuevas for TelevisaUnivision
    CTV

    We Went To Eight Upfronts This Week. Here's What We Learned

    Upfront week is officially over. In case you missed any of the dog-and-pony shows — including Chappell Roan belting out “Pink Pony Club” during YouTube’s Broadcast — don’t worry; we’ve got you covered.

  3. AI

    CMOs Have To Be More Tech-Enabled Than Ever – And So Do Their Agencies

    Advertising agencies have invested millions of dollars into their own AI-powered platforms – and apparently, it’s making a difference.

  4. Kevin Gentzel, Global President, Channel Factory
    OPINION: Data-Driven Thinking

    The AI Chat Ad Frontier: What LLMs Change About Brand Safety And Control

    LLM environments introduce new dimensions to brand safety and suitability. Understanding them is the starting point for testing ChatGPT ads.

  5. Commerce Roundup

    Why Albertsons Is Adding The LTV Metric To Its Analytics

    “If we only are looking at ROAS, we’re being fairly myopic about how we understand the actual relationship between the retailer and the brand,” says Liz Roche, VP of media and measurement at the grocery chain Albertsons.