* We had 2 banner networks rotating at the time - Google AdSense and Yahoo Media.net.
* We have no compromised database tables or anything - I have done a thorough check (both via httpd/access_log and revive tables), and no unauthorized access has occurred and there is no extra tag prepend code or anything like that.
* We removed our Revive tags altogether and requested a malware review - Google de-listed our site 18 hours later.
* We have since put Google AdSense tags back on the site (directly, not via Revive), and have experienced no further issues.
* Media.net is a big Yahoo-affiliated company that works with lots of advertisers, and when their tags are tested directly they do not return links to suspicious websites.
* Google "safebrowsing" check says that we have *not* hosted malware, just that we were "listed for suspicious activity". This means that we did not directly return any malicious code to users (http://www.google.com/safebrowsing/diagnostic?site=grocerycouponnetwork.com), but linked through to compromised sites via our ad-tags.
So, we have narrowed the problem down to either A) Revive, AdSense, or C) Media.net.
Has anybody else had anything like this happen to them? Is it possible it is some un-documented security hole in Revive 3.0.5?
If I can't find any evidence that the issue is with Revive, and we determine that Google AdSense would not send people to malware-ridden sites, then by process of elimination we would point the finger at Media.net.
Any help or thoughts or experiences would be greatly appreciated.
Google "malware Code Injection" Warning
in Managing Revive Adserver
Posted
Hello,
I am hoping that some folks here might be able to help with a Revive-related issue my company has been having.
Our website (http://www.grocerycouponnetwork.com/) recently got listed by Google as a a Malware site.
I was hoping that somebody else might have some experience with this and could help shed some light on the issue.
Useful information:
* We are running Revive 3.0.5, with no additional plugins installed.
* The evidence presented by them in Google Webmaster Tools specifically referenced our Revive iframe tags:
<iframe id='a409f70a' name='a409f70a' src='http://rev.grocerycouponnetwork.com/www/delivery/afr.php?zoneid=3&cb=784531156' frameborder='0' scrolling='no' width='300' height='250'>
* We had 2 banner networks rotating at the time - Google AdSense and Yahoo Media.net.
* We have no compromised database tables or anything - I have done a thorough check (both via httpd/access_log and revive tables), and no unauthorized access has occurred and there is no extra tag prepend code or anything like that.
* We removed our Revive tags altogether and requested a malware review - Google de-listed our site 18 hours later.
* We have since put Google AdSense tags back on the site (directly, not via Revive), and have experienced no further issues.
* Media.net is a big Yahoo-affiliated company that works with lots of advertisers, and when their tags are tested directly they do not return links to suspicious websites.
* Google "safebrowsing" check says that we have *not* hosted malware, just that we were "listed for suspicious activity". This means that we did not directly return any malicious code to users (http://www.google.com/safebrowsing/diagnostic?site=grocerycouponnetwork.com), but linked through to compromised sites via our ad-tags.
So, we have narrowed the problem down to either A) Revive,
AdSense, or C) Media.net.
Has anybody else had anything like this happen to them? Is it possible it is some un-documented security hole in Revive 3.0.5?
If I can't find any evidence that the issue is with Revive, and we determine that Google AdSense would not send people to malware-ridden sites, then by process of elimination we would point the finger at Media.net.
Any help or thoughts or experiences would be greatly appreciated.
Thanks much-