Google Ads continuosly rejecting web site because "Malicious softwae"

[riccardo.belardinelli]

Dear all,

Is now more than one month I'm trying to submit a new Google Ads campaign on this website/page: https://business.niiprogetti.it/abbonamenti/#free

Before everything worked perfectly (Google Ads on sites containing ).

We have recently upgraded from Rel 4.x to latest release Revive Ad Server 5.2.0 on Centos.

The above page, contains a link in the header and footer (probably followed by the Google Ads bot) to this other web site: https://www.niiprogetti.it/ that contains Revive scripts to show some banners: 

So far so good?

Now Google Ads and all the people supporting it that are saying our server contains "Malicious software", more specificalli this page: https://www.niiprogetti.it/biglietto-omaggio/ , which I promptly deleted, from everywhere on the server.

some facts:

this page https://www.niiprogetti.it/biglietto-omaggio/ now gives 404 error (previously after a period of 404 I added a redirection 301 to the home page), but a side of the 404 in the header and in the right column side space I have some banners:

header: https://ads.myadv.org/www/delivery/cl.php?bannerid=472&zoneid=58&sig=a3f287903f5c70db5db512042e45fad6db697787af81ad485b189e35ef762c56&oadest=https%3A%2F%2Fatiproject.com%2Fappalti%2F

right side: https://ads.myadv.org/www/delivery/cl.php?bannerid=638&zoneid=59&sig=0b51a5f54270c9f81040434c871f248562cd67f86713670ca436d72d3da2caad&oadest=https%3A%2F%2Fwww.saiebari.it%2Fit%2Fcontatti%2F%3Futm_source%3Dmedia_partner%26utm_medium%3Dbanner%26utm_campaign%3Deditriceindustriale

We have scanned the site, the scripts, the images, the database, with several tools and there is no sign of any known malware effecting Revive Server: I've found in the past database injections malicious php and backdoor as reported in this article: https://forum.revive-adserver.com/topic/5836-backdoor-left-by-hackers-after-previous-4x-install-has-been-highjacked/ which is been carefully cleaned up, any cache (on WP sites and Revive has been cleaned), we have cleaned the Google search console and we succede to have the page removed from google cache, and there is no warnign of compromised site in any of the tools of google console.

I've changed the scripts from Asynchronous to synchronous. there is a note somewhere in Google Developers saying they do not like Async scripts (and please note all their Analytics scripts are synchronous).

But Google Ads and Support, is still telling me they see "Malware software"....... after a clean up after a db check, after a file system check, after any php, js....etc file that correspond 100% in terms of size, dates, content to the original release.... still they say "Malicious Software", more specifically (that's the crazy format they sent me to check out the links they find):

• https://ads.myadv.org/www/delivery/asyncjs.php, https://ads.myadv.org/www/delivery/asyncspc.php?zones=60%7C58&prefix=revive-0-&loc=https%3A%2F%2Fwww.niiprogetti.it%2Fbiglietto-omaggio%2F&referer=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26source%3Dweb%26cd%3D1%26ved%3D0CEwQFjAG%26url%3Dhttps%253A%252F%252Fwww.niiprogetti.it%252Fbiglietto-omaggio%252F%26ei%3DR8KbYI7rNP2i5AP8dA%26usg%3DAFQjCNGeGukLEGxxJNMZyAJsw3kia4kztQ, https://ads.myadv.org/www/delivery/lg.php?bannerid=0&campaignid=0&zoneid=60&loc=https%3A%2F%2Fwww.niiprogetti.it%2Fbiglietto-omaggio%2F&referer=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26source%3Dweb%26cd%3D1%26ved%3D0CEwQFjAG%26url%3Dhttps%253A%252F%252Fwww.niiprogetti.it%252Fbiglietto-omaggio%252F%26ei%3DR8KbYI7rNP2i5AP8dA%26usg%3DAFQjCNGeGukLEGxxJNMZyAJsw3kia4kztQ&cb=8c6d90f20f, https://ads.myadv.org/www/delivery/lg.php?bannerid=472&campaignid=433&zoneid=58&loc=https%3A%2F%2Fwww.niiprogetti.it%2Fbiglietto-omaggio%2F&referer=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26source%3Dweb%26cd%3D1%26ved%3D0CEwQFjAG%26url%3Dhttps%253A%252F%252Fwww.niiprogetti.it%252Fbiglietto-omaggio%252F%26ei%3DR8KbYI7rNP2i5AP8dA%26usg%3DAFQjCNGeGukLEGxxJNMZyAJsw3kia4kztQ&cb=2ab103c16f, https://ads.myadv.org/www/images/71df6c3029c7a2d1d767118128362c0f.png

Today yet another support agent simply said: on  this page  https://www.niiprogetti.it/biglietto-omaggio/  the link to remove is: https://ads.myadv.org

Pls note that the above is my on premises Revive Download edition https://ads.myadv.org

I'm going bananas guys.... anyone that had same or similar experience?

Cheers,

    RIC

[Ian]

Maybe your hostname is blacklisted? Hard to tell ... on first sight i don't see you serving malware either.

[riccardo.belardinelli]

Maybe, but if you mean by google, I should have got warned in the Google console and the support guys should tell me if I'm black listed ..... they keep saying like a record ..... delete that page and remove those (Revive) scripts. Any tool from Google I can run say I'm clean, 4 different support Agent with 3 escalations to 2nd level are saying I have Malicious software.

Any suggestion of any other service where I can check my site reputation?

Cheers,

   RIC 

[riccardo.belardinelli]

Yes, I'm back

Hi guys,

unfortunately I would need your help again. After putting in place a workaround publishing in Google Ads a different site, different landing page without any link to the Revive server, I was able to run my campaigns.

But.

Now I need (for business reasons) to go back the web site containing the Revive scripts (https://www.niiprogetti.it/ clean WP instance), and of course Google Ads reject the advertise for the same reasons "Malicious software". I'm 100% sure my Revive server is clean.

I'm going bananas, I'm thinking Google is rejecting simply to force people to use their platforms.

Anybody else having the same issue?

Any suggestion on any further check I should run?

Any suggestion on a different setup of Revive banners or Revive server setup?

Cheers

[Ian]

https://www.virustotal.com/gui/url/ed1b1656f2bfed190dda6533fa58c2054206fa107d75dd618c4a61a7c93551cf

 

Seems clean ... i understand your frustration.

[riccardo.belardinelli]

On 12/14/2022 at 10:06 AM, Ian vM said:

https://www.virustotal.com/gui/url/ed1b1656f2bfed190dda6533fa58c2054206fa107d75dd618c4a61a7c93551cf

 

Seems clean ... i understand your frustration.

Thanks Ian,

I thought: "in the remote chance there is something on my on premises Revive I'm missing, let's try to get a hosted instance"

This site (https://www.editriceindustriale.it) never had issues in linking pages into Google Ads (Google Ads campaign is running in this hours on that page:  https://www.editriceindustriale.it/landing/i-box-doccia-con-bagno-turco-di-hafro-sono-una-vera-e-propria-spa-allinterno-del-bagno-di-casa/  without any Revive activation code).

Today, I've activate a Revive hosted site, set up with one single banner, published on: https://www.editriceindustriale.it/landing/test-thank-you-page/ 

Created a new Google Ads campaign and announcement and BANG! Ads Rejected, malicious software in it, and it's all about the Revive activation code.

Guys, your ideas please, now I'm paying for Revive hosted, I really need a solution on that.

Cheers,

 

[Ian]

I'm sorry. I don't know how to help you. there is no malware on that site. You could contact google to ask them why its being flagged.

[riccardo.belardinelli]

Ciao Ian,

already done they say it's Revive activation code.

I cannot say differently, page without Revive hosted code goes through Ads check. Page with activation code doesn't.

[riccardo.belardinelli]

Ok, nobody in the Revive Multiverse has the same issue?

Revive guys, any suggestion in not using Google Ads? what alternatives would you suggest?

Cheers

[riccardo.belardinelli]

bump

[isabella]

What I can suggest is to create another subdomain for https://www.editriceindustriale.it (but don't use "ad" or any other related word). And set the dns record for this new subdomain to the server where revive is installed. I'm not sure how revive manages dns at the website level but if you're serving ads to other websites through https://ads.myadv.org  you may need to change the url inside the script to your new subdomain. 

Also, do you have matomo running inside any page/path on that subdomain? Maybe matomo is trying to run a script inside your ads.

[riccardo.belardinelli]

Thanks Isabella for looking into it, but that is not working. Also because I have mani domains to serve.

The point is that Google ads looks most probably also on linked pages.

See https://business.niiprogetti.it/abbonamenti/#free (we used as landing page for an announce), it has no Revive script in it at all, in any page, but there is a link in the upper left side that points to another site that got some.

Regarding Matomo, the problem was present even before I did install the script (now removed).