May 3, 2020
I Just Create an Ads For one of My Website Post
This was my website post but ads were disapproved due to Malicious Software!
But I'm not where is the Malicious Software? I have Checked my website and scan it using Wordfence
WP Plugins. Nothing found. How I will confirm where exactly Malicious software exactly?
Details
Informational notification.
This question is locked and replying has been disabled.
Community content may not be verified or up-to-date. Learn more.
Only rarely does a WordFence scan identify the problem, or even notice the website is hacked. WF is still useful, but Google's tools can see more.
In my experience, Google is usually correct and you do have malware links on your site.
Diagnosing and fixing it, is not an easy task, even for an seasoned developer. Since you use WordPress, I recommend you read the following:
Contact Google Ads support. Ask them to send you a list of compromised urls. They should be able to do that. You can use that information to help you diagnose the problem. Once you are confident you have both found and fixed it, wait 24 hours then contact Google again to ask them to reassess it.
I've done this a few times. It's not fun. Last time, it took three developers three days to identify the problem: an embedded social post, in a long-forgotten non-English language post. Because it was in an embed, the link to malware was not even on our own website, so scans didn't have a hope of finding it. But Google could see it.
Original Poster Daddys Pick marked this as an answer
First thing you need to contact the Google support team and request them to send you some reference malicious link so that you can do the investigation on your website.
Most of the time Google team send every link a particular page is loading (including images and logo). Either request google again to send some specific link or investigate further on your end.
Google checking tool is detecting something malicious or suspicious that means there is at-least one of below issue:
Possible Issues but not limited to these points:
1.) Malicious advertising: You are using any script/code which is showing advertisement on website or any script that can show two different thing on same spot one two visitor open same landing page from two different location. It might be possible that your website is hacked and some potential script is hidden to server pop-ups or pop under.
2.) Poorly code or outdated script. Any poorly coded or outdate script which might compromise the security of visitor, visiting your website.
3.) A piece of code that causing a false-positive and actually not malicious. Some examples are pop-ups on landing page for subscription or fly-out in lower right or left corner or something similar activity on website.
4.) Your website have some download with some file extension or software that is flagged by some browser as malicious.
5.) Your website is flagged by any antivirus software database. Most antivirus companies have online database for malicious websites or website lacking basic security.
6.) This issue might also be a result of using some nulled plugin/theme from unknown source. It is also possible that you are using some outdated plugin/theme and some hacker try to exploit the vulnerability of that plugin/theme.
7.) You are using any WordPress plugin(s) or script code that is deemed malicious by Google.
8.) Custom scripts added to the landing page are referencing external content deemed malicious by Google.
Most of the time these malicious links are in the decrypted deep inside your website files. You can’t simply search malicious links and found it in any website file or database. Usually, these malicious codes are hidden somewhere in your theme or plugin files and further corrupt core files too. They will generate again if you not remove the complete code.
Sometimes this infected code can corrupt the main core file and database. These can come again or generate again after sometime, if you not able to delete/clean the entire code from some files or database completely.
Some Possible Ways to Find the Code:
1.) Check your all files and database with help of some reputed scanning plugin or tool and identify that some changes had been made close to the date when your ads were disapproved. I will prefer to check some core file manually. Take help of your website developer or hosting provider to check these files for you.
2.) Any changes you, your developer or your hosting company made close to the date of disapproval of ads. (Example - Install, Update, Addition of any code/plugin/file/js/css etc.)
3.) Check the Google console for any signal and also see if your website is blacklisted for any malware activity. However, in 99% cases search console won't show any error for months.
4.) If you are using WordPress then there are many good plugins are available try to use 2-4 different plugins because every plugin has a different way to finding the code. If you have any custom HTML & CSS build website the issue is with some js or CSS file. For custom PHP website issue might be inside some php, js or css file.
5.) Take the help of your website developer or hosting provider to scan the entire website for you with some good hosting plugin. Usually they have the better tool in place to check and scan code for you.
Some Possible Ways to Fix the Website:
1.) Before fixing your website you should take a necessary back-up for your files and database or attempting any fix or changing any code on your website. After making any changes clear your website cache, server cache or any cache mechanism you might have on your website. Wait for 8-12 hours before any appeal for re-scan the website. With every request/appeal, ask support team to clear cache of their scanning tool.
2.) Contact the Google Ads support team via phone/chat/email and request them to email your some reference links of malicious code so that you can investigate further. (This will help you, your developer, or hosting company to fix the problem).
3.) You can try to restore all your website files and database at-least 2-3 days prior to your ads got disapproved. Most hosting companies create automated daily, weekly or monthly back-up This will undo all changes you and anyone else made on your website after the restore back-up date. So think before restoring any changes.
4.) Update all plugins and theme to latest reversion. Make sure that you are not using any theme, plugin, and code with any known vulnerability. Try to de-activate or better remove any/all theme you are not using or not essential at this time before you apply for approval.
5.) Stop all advertisement, pop-ups, flu-outs or any tracking script temporarily before asking Google support team to check the website. Try to remove any/all theme you are not using except the Wordpress default themes.
6.) Try to remove any suspicious base64_decode, eval, referrer, decoded payload etc. in your website and database.
7.) After making any change and fixing the code, clear the cache on server and any cache on the website to make sure that code is not seen by any scanning tool again.
8.) Ask your developer or web designer to manually scan all website files and database for any encrypted code and fix before asking for another review. If you are using Wordpress then the issue is most probably from any plugin or active website theme. After removing any code from your theme or plugin try to replace your wp-admin & wp-includes files.
9.) After fixing the code wait for 8-12 hours and rescan your website to check if code is not generated again. If you are sure that you cleaned the malicious code completely form your website then only ask for another review.
Original Poster Daddys Pick marked this as an answer
All Replies (4)
May 4, 2020
Only rarely does a WordFence scan identify the problem, or even notice the website is hacked. WF is still useful, but Google's tools can see more.
In my experience, Google is usually correct and you do have malware links on your site.
Diagnosing and fixing it, is not an easy task, even for an seasoned developer. Since you use WordPress, I recommend you read the following:
Contact Google Ads support. Ask them to send you a list of compromised urls. They should be able to do that. You can use that information to help you diagnose the problem. Once you are confident you have both found and fixed it, wait 24 hours then contact Google again to ask them to reassess it.
I've done this a few times. It's not fun. Last time, it took three developers three days to identify the problem: an embedded social post, in a long-forgotten non-English language post. Because it was in an embed, the link to malware was not even on our own website, so scans didn't have a hope of finding it. But Google could see it.
Original Poster Daddys Pick marked this as an answer
First thing you need to contact the Google support team and request them to send you some reference malicious link so that you can do the investigation on your website.
Most of the time Google team send every link a particular page is loading (including images and logo). Either request google again to send some specific link or investigate further on your end.
Google checking tool is detecting something malicious or suspicious that means there is at-least one of below issue:
Possible Issues but not limited to these points:
1.) Malicious advertising: You are using any script/code which is showing advertisement on website or any script that can show two different thing on same spot one two visitor open same landing page from two different location. It might be possible that your website is hacked and some potential script is hidden to server pop-ups or pop under.
2.) Poorly code or outdated script. Any poorly coded or outdate script which might compromise the security of visitor, visiting your website.
3.) A piece of code that causing a false-positive and actually not malicious. Some examples are pop-ups on landing page for subscription or fly-out in lower right or left corner or something similar activity on website.
4.) Your website have some download with some file extension or software that is flagged by some browser as malicious.
5.) Your website is flagged by any antivirus software database. Most antivirus companies have online database for malicious websites or website lacking basic security.
6.) This issue might also be a result of using some nulled plugin/theme from unknown source. It is also possible that you are using some outdated plugin/theme and some hacker try to exploit the vulnerability of that plugin/theme.
7.) You are using any WordPress plugin(s) or script code that is deemed malicious by Google.
8.) Custom scripts added to the landing page are referencing external content deemed malicious by Google.
Most of the time these malicious links are in the decrypted deep inside your website files. You can’t simply search malicious links and found it in any website file or database. Usually, these malicious codes are hidden somewhere in your theme or plugin files and further corrupt core files too. They will generate again if you not remove the complete code.
Sometimes this infected code can corrupt the main core file and database. These can come again or generate again after sometime, if you not able to delete/clean the entire code from some files or database completely.
Some Possible Ways to Find the Code:
1.) Check your all files and database with help of some reputed scanning plugin or tool and identify that some changes had been made close to the date when your ads were disapproved. I will prefer to check some core file manually. Take help of your website developer or hosting provider to check these files for you.
2.) Any changes you, your developer or your hosting company made close to the date of disapproval of ads. (Example - Install, Update, Addition of any code/plugin/file/js/css etc.)
3.) Check the Google console for any signal and also see if your website is blacklisted for any malware activity. However, in 99% cases search console won't show any error for months.
4.) If you are using WordPress then there are many good plugins are available try to use 2-4 different plugins because every plugin has a different way to finding the code. If you have any custom HTML & CSS build website the issue is with some js or CSS file. For custom PHP website issue might be inside some php, js or css file.
5.) Take the help of your website developer or hosting provider to scan the entire website for you with some good hosting plugin. Usually they have the better tool in place to check and scan code for you.
Some Possible Ways to Fix the Website:
1.) Before fixing your website you should take a necessary back-up for your files and database or attempting any fix or changing any code on your website. After making any changes clear your website cache, server cache or any cache mechanism you might have on your website. Wait for 8-12 hours before any appeal for re-scan the website. With every request/appeal, ask support team to clear cache of their scanning tool.
2.) Contact the Google Ads support team via phone/chat/email and request them to email your some reference links of malicious code so that you can investigate further. (This will help you, your developer, or hosting company to fix the problem).
3.) You can try to restore all your website files and database at-least 2-3 days prior to your ads got disapproved. Most hosting companies create automated daily, weekly or monthly back-up This will undo all changes you and anyone else made on your website after the restore back-up date. So think before restoring any changes.
4.) Update all plugins and theme to latest reversion. Make sure that you are not using any theme, plugin, and code with any known vulnerability. Try to de-activate or better remove any/all theme you are not using or not essential at this time before you apply for approval.
5.) Stop all advertisement, pop-ups, flu-outs or any tracking script temporarily before asking Google support team to check the website. Try to remove any/all theme you are not using except the Wordpress default themes.
6.) Try to remove any suspicious base64_decode, eval, referrer, decoded payload etc. in your website and database.
7.) After making any change and fixing the code, clear the cache on server and any cache on the website to make sure that code is not seen by any scanning tool again.
8.) Ask your developer or web designer to manually scan all website files and database for any encrypted code and fix before asking for another review. If you are using Wordpress then the issue is most probably from any plugin or active website theme. After removing any code from your theme or plugin try to replace your wp-admin & wp-includes files.
9.) After fixing the code wait for 8-12 hours and rescan your website to check if code is not generated again. If you are sure that you cleaned the malicious code completely form your website then only ask for another review.
Original Poster Daddys Pick marked this as an answer
May 4, 2020
