Carlos Ramos Posted November 25, 2016 Report Posted November 25, 2016 Hi there, I setup a Revive Adserver about a month ago and right now is marked as a phishing site by Google and others. The installation is stock the the exception of a plugin for video ads. I plan to install from scratch again and not use this plugin anymore. But I wanted to ask if there is any know issue that could provoke this problem. Google is marking this paths as deceptive pages: /www/admin/ /www/admin/dashboard.php /www/admin/index.php /www/admin/stats.php Any advice you may have is welcome. Thanks. The video plugin we use is http://www.reviveadserverplugin.com/product/html5-video-audio-ads-plugin/ Quote
Erik Geurts Posted November 25, 2016 Report Posted November 25, 2016 I'm surprised that those URLs are marked as deceptive. With many many thousands of known installations of the software, this is the first time I've ever heard about this, so it must be something specific to your installation. It is possible that your ad server has been compromised and something malicious was inserted by an intruder. The pages that you listed as being labeled suspicious by Google are part of the core application, not of any plugin. That doesn't mean that plugin you mentioned is not involved, but there is no evidence for it in your post. However, those URLs are not something a site visitor would ever need to go to. I'm assuming you have your Revive Adserver installed in a sub folder under your site, like www.example.com/adserver/. As such, Google's bots can still "see" it, which is not necessary at all. You might want to block bots from accessing the /www/admin folder to begin with. Removing that third party plugin, at least as a test for the theory it is responsible, could also be a good idea. Then file for the site to be reconsidered by Webmaster tools. Is there a way for you to post a screen shot of what it looks like, when you see the warning(s) about deceptive pages? Is it in Webmaster tools or is it something else? Quote
Carlos Ramos Posted November 25, 2016 Author Report Posted November 25, 2016 Hi Erik, Thanks for your reply. The adserver is installed at the root of the site, no sub-folder. Something like adserver.example.com. And yes this is google webmaster tools. The problem has escalated and now the hosting provider is saying the same about the phishing. I'll proceed with the cleanup today and see what happens. Here is the screenshot you asked: Quote
Carlos Ramos Posted November 25, 2016 Author Report Posted November 25, 2016 So for the new installation, I cloned the code from github and switch to tag v4.0.0 (hopefully this way I know if a file have changed). Copied the config file and the plugins directory from my previous installation and uninstalled the VideoAds plugin from the web app, only the default plugins remain. Also had to do a `composer install`. All this in order to keep the database intact and not have to configure the entire adserver again. Just two questions remain: Since the plugins directory is not directly under source control. How can I make sure none of the default plugins are compromised?. Does Revive store any code in the database, is there a chance that the problematic code is in the database and not in the files? Thanks for your time. Quote
Erik Geurts Posted November 26, 2016 Report Posted November 26, 2016 You should never use the code from Github, just download from https://www.revive-adserver.com/download/ . Installation instructions are to be found here: https://www.revive-adserver.com/support/installation/ Quote
Carlos Ramos Posted November 26, 2016 Author Report Posted November 26, 2016 Thanks for the advice, will switch to the release files and create the git repo myself, ¿any Idea about the questions? Quote
Erik Geurts Posted November 27, 2016 Report Posted November 27, 2016 17 hours ago, Carlos Ramos said: create the git repo myself As said: You should never use the code from Github, just download from https://www.revive-adserver.com/download/ . On 11/26/2016 at 0:55 AM, Carlos Ramos said: Since the plugins directory is not directly under source control. How can I make sure none of the default plugins are compromised?. Does Revive store any code in the database, is there a chance that the problematic code is in the database and not in the files? First question is not relevant if you use the official releases. Second question: theoretically yes, but in this case it is not likely that this is the explanation. Quote
Display Name Posted March 6, 2017 Report Posted March 6, 2017 Called it " www.example.com/adserver/ " is the best way to get blocked by an AV and other System. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.