riccardo.belardinelli Posted June 3, 2021 Report Share Posted June 3, 2021 Dear all, Is now more than one month I'm trying to submit a new Google Ads campaign on this website/page: https://business.niiprogetti.it/abbonamenti/#free Before everything worked perfectly (Google Ads on sites containing ). We have recently upgraded from Rel 4.x to latest release Revive Ad Server 5.2.0 on Centos. The above page, contains a link in the header and footer (probably followed by the Google Ads bot) to this other web site: https://www.niiprogetti.it/ that contains Revive scripts to show some banners: So far so good? Now Google Ads and all the people supporting it that are saying our server contains "Malicious software", more specificalli this page: https://www.niiprogetti.it/biglietto-omaggio/ , which I promptly deleted, from everywhere on the server. some facts: this page https://www.niiprogetti.it/biglietto-omaggio/ now gives 404 error (previously after a period of 404 I added a redirection 301 to the home page), but a side of the 404 in the header and in the right column side space I have some banners: header: https://ads.myadv.org/www/delivery/cl.php?bannerid=472&zoneid=58&sig=a3f287903f5c70db5db512042e45fad6db697787af81ad485b189e35ef762c56&oadest=https%3A%2F%2Fatiproject.com%2Fappalti%2F right side: https://ads.myadv.org/www/delivery/cl.php?bannerid=638&zoneid=59&sig=0b51a5f54270c9f81040434c871f248562cd67f86713670ca436d72d3da2caad&oadest=https%3A%2F%2Fwww.saiebari.it%2Fit%2Fcontatti%2F%3Futm_source%3Dmedia_partner%26utm_medium%3Dbanner%26utm_campaign%3Deditriceindustriale We have scanned the site, the scripts, the images, the database, with several tools and there is no sign of any known malware effecting Revive Server: I've found in the past database injections malicious php and backdoor as reported in this article: https://forum.revive-adserver.com/topic/5836-backdoor-left-by-hackers-after-previous-4x-install-has-been-highjacked/ which is been carefully cleaned up, any cache (on WP sites and Revive has been cleaned), we have cleaned the Google search console and we succede to have the page removed from google cache, and there is no warnign of compromised site in any of the tools of google console. I've changed the scripts from Asynchronous to synchronous. there is a note somewhere in Google Developers saying they do not like Async scripts (and please note all their Analytics scripts are synchronous). But Google Ads and Support, is still telling me they see "Malware software"....... after a clean up after a db check, after a file system check, after any php, js....etc file that correspond 100% in terms of size, dates, content to the original release.... still they say "Malicious Software", more specifically (that's the crazy format they sent me to check out the links they find): https://ads.myadv.org/www/delivery/asyncjs.php, https://ads.myadv.org/www/delivery/asyncspc.php?zones=60%7C58&prefix=revive-0-&loc=https%3A%2F%2Fwww.niiprogetti.it%2Fbiglietto-omaggio%2F&referer=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26source%3Dweb%26cd%3D1%26ved%3D0CEwQFjAG%26url%3Dhttps%253A%252F%252Fwww.niiprogetti.it%252Fbiglietto-omaggio%252F%26ei%3DR8KbYI7rNP2i5AP8dA%26usg%3DAFQjCNGeGukLEGxxJNMZyAJsw3kia4kztQ, https://ads.myadv.org/www/delivery/lg.php?bannerid=0&campaignid=0&zoneid=60&loc=https%3A%2F%2Fwww.niiprogetti.it%2Fbiglietto-omaggio%2F&referer=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26source%3Dweb%26cd%3D1%26ved%3D0CEwQFjAG%26url%3Dhttps%253A%252F%252Fwww.niiprogetti.it%252Fbiglietto-omaggio%252F%26ei%3DR8KbYI7rNP2i5AP8dA%26usg%3DAFQjCNGeGukLEGxxJNMZyAJsw3kia4kztQ&cb=8c6d90f20f, https://ads.myadv.org/www/delivery/lg.php?bannerid=472&campaignid=433&zoneid=58&loc=https%3A%2F%2Fwww.niiprogetti.it%2Fbiglietto-omaggio%2F&referer=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26source%3Dweb%26cd%3D1%26ved%3D0CEwQFjAG%26url%3Dhttps%253A%252F%252Fwww.niiprogetti.it%252Fbiglietto-omaggio%252F%26ei%3DR8KbYI7rNP2i5AP8dA%26usg%3DAFQjCNGeGukLEGxxJNMZyAJsw3kia4kztQ&cb=2ab103c16f, https://ads.myadv.org/www/images/71df6c3029c7a2d1d767118128362c0f.png Today yet another support agent simply said: on this page https://www.niiprogetti.it/biglietto-omaggio/ the link to remove is: https://ads.myadv.org Pls note that the above is my on premises Revive Download edition https://ads.myadv.org I'm going bananas guys.... anyone that had same or similar experience? Cheers, RIC Quote Link to comment Share on other sites More sharing options...
Ian Posted June 3, 2021 Report Share Posted June 3, 2021 Maybe your hostname is blacklisted? Hard to tell ... on first sight i don't see you serving malware either. Quote Link to comment Share on other sites More sharing options...
riccardo.belardinelli Posted June 3, 2021 Author Report Share Posted June 3, 2021 Maybe, but if you mean by google, I should have got warned in the Google console and the support guys should tell me if I'm black listed ..... they keep saying like a record ..... delete that page and remove those (Revive) scripts. Any tool from Google I can run say I'm clean, 4 different support Agent with 3 escalations to 2nd level are saying I have Malicious software. Any suggestion of any other service where I can check my site reputation? Cheers, RIC Quote Link to comment Share on other sites More sharing options...
riccardo.belardinelli Posted December 14, 2022 Author Report Share Posted December 14, 2022 Yes, I'm back Hi guys, unfortunately I would need your help again. After putting in place a workaround publishing in Google Ads a different site, different landing page without any link to the Revive server, I was able to run my campaigns. But. Now I need (for business reasons) to go back the web site containing the Revive scripts (https://www.niiprogetti.it/ clean WP instance), and of course Google Ads reject the advertise for the same reasons "Malicious software". I'm 100% sure my Revive server is clean. I'm going bananas, I'm thinking Google is rejecting simply to force people to use their platforms. Anybody else having the same issue? Any suggestion on any further check I should run? Any suggestion on a different setup of Revive banners or Revive server setup? Cheers Quote Link to comment Share on other sites More sharing options...
Ian Posted December 14, 2022 Report Share Posted December 14, 2022 https://www.virustotal.com/gui/url/ed1b1656f2bfed190dda6533fa58c2054206fa107d75dd618c4a61a7c93551cf Seems clean ... i understand your frustration. Quote Link to comment Share on other sites More sharing options...
riccardo.belardinelli Posted December 15, 2022 Author Report Share Posted December 15, 2022 On 12/14/2022 at 10:06 AM, Ian vM said: https://www.virustotal.com/gui/url/ed1b1656f2bfed190dda6533fa58c2054206fa107d75dd618c4a61a7c93551cf Seems clean ... i understand your frustration. Thanks Ian, I thought: "in the remote chance there is something on my on premises Revive I'm missing, let's try to get a hosted instance" This site (https://www.editriceindustriale.it) never had issues in linking pages into Google Ads (Google Ads campaign is running in this hours on that page: https://www.editriceindustriale.it/landing/i-box-doccia-con-bagno-turco-di-hafro-sono-una-vera-e-propria-spa-allinterno-del-bagno-di-casa/ without any Revive activation code). Today, I've activate a Revive hosted site, set up with one single banner, published on: https://www.editriceindustriale.it/landing/test-thank-you-page/ Created a new Google Ads campaign and announcement and BANG! Ads Rejected, malicious software in it, and it's all about the Revive activation code. Guys, your ideas please, now I'm paying for Revive hosted, I really need a solution on that. Cheers, Quote Link to comment Share on other sites More sharing options...
Ian Posted December 16, 2022 Report Share Posted December 16, 2022 I'm sorry. I don't know how to help you. there is no malware on that site. You could contact google to ask them why its being flagged. Quote Link to comment Share on other sites More sharing options...
riccardo.belardinelli Posted December 16, 2022 Author Report Share Posted December 16, 2022 Ciao Ian, already done they say it's Revive activation code. I cannot say differently, page without Revive hosted code goes through Ads check. Page with activation code doesn't. Quote Link to comment Share on other sites More sharing options...
riccardo.belardinelli Posted December 19, 2022 Author Report Share Posted December 19, 2022 Ok, nobody in the Revive Multiverse has the same issue? Revive guys, any suggestion in not using Google Ads? what alternatives would you suggest? Cheers Quote Link to comment Share on other sites More sharing options...
riccardo.belardinelli Posted January 10, 2023 Author Report Share Posted January 10, 2023 bump Quote Link to comment Share on other sites More sharing options...
isabella Posted January 11, 2023 Report Share Posted January 11, 2023 What I can suggest is to create another subdomain for https://www.editriceindustriale.it (but don't use "ad" or any other related word). And set the dns record for this new subdomain to the server where revive is installed. I'm not sure how revive manages dns at the website level but if you're serving ads to other websites through https://ads.myadv.org you may need to change the url inside the script to your new subdomain. Also, do you have matomo running inside any page/path on that subdomain? Maybe matomo is trying to run a script inside your ads. Quote Link to comment Share on other sites More sharing options...
riccardo.belardinelli Posted February 6, 2023 Author Report Share Posted February 6, 2023 Thanks Isabella for looking into it, but that is not working. Also because I have mani domains to serve. The point is that Google ads looks most probably also on linked pages. See https://business.niiprogetti.it/abbonamenti/#free (we used as landing page for an announce), it has no Revive script in it at all, in any page, but there is a link in the upper left side that points to another site that got some. Regarding Matomo, the problem was present even before I did install the script (now removed). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.