Malware Detected, Google Ads Disapproved

[eslamalbaik]

The ad was rejected on Google Ads and these are the reasons I found
1- The hacked website
2- Malware
3- Circumventing regulations
When I checked my site, I found this injected code

 

<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-GY1V6F3565"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'G-GY1V6F3565');
</script>

<script>
  document.addEventListener('click', function(e) {

    if (e.target.closest('[href*="https://apps.apple.com/sa/"]')) {
      gtag('event', 'conversion', {
        'send_to': 'AW-11092313649/_FiOCN_Q8doYELGMnakp'
      });
    }

    if (e.target.closest('[href*="https://play.google.com/store/"]')) {
      gtag('event', 'conversion', {
        'send_to': 'AW-11092313649/Sfa5CNjb8doYELGMnakp'
      });
    }

  }, {
    capture: true
  });

</script>

Is there any glitch or problem? I have been trying for two full weeks to solve the problem. Please reply as quickly as possible

[eslamalbaik]

 where guys ???

[eslamalbaik]

The ad was rejected on Google Ads and these are the reasons I found
1- The hacked website
2- Malware
3- Circumventing regulations
When I checked my site, I found this injected code

 

<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-GY1V6F3565"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'G-GY1V6F3565');
</script>

<script>
  document.addEventListener('click', function(e) {

    if (e.target.closest('[href*="https://apps.apple.com/sa/"]')) {
      gtag('event', 'conversion', {
        'send_to': 'AW-11092313649/_FiOCN_Q8doYELGMnakp'
      });
    }

    if (e.target.closest('[href*="https://play.google.com/store/"]')) {
      gtag('event', 'conversion', {
        'send_to': 'AW-11092313649/Sfa5CNjb8doYELGMnakp'
      });
    }

  }, {
    capture: true
  });

</script>

Is there any glitch or problem? I have been trying for two full weeks to solve the problem. Please reply as quickly as possible

[eslamalbaik]

The ad was rejected on Google Ads and these are the reasons I found
1- The hacked website
2- Malware
3- Circumventing regulations
When I checked my site, I found this injected code

 

<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-GY1V6F3565"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'G-GY1V6F3565');
</script>

<script>
  document.addEventListener('click', function(e) {

    if (e.target.closest('[href*="https://apps.apple.com/sa/"]')) {
      gtag('event', 'conversion', {
        'send_to': 'AW-11092313649/_FiOCN_Q8doYELGMnakp'
      });
    }

    if (e.target.closest('[href*="https://play.google.com/store/"]')) {
      gtag('event', 'conversion', {
        'send_to': 'AW-11092313649/Sfa5CNjb8doYELGMnakp'
      });
    }

  }, {
    capture: true
  });

</script>

Is there any glitch or problem? I have been trying for two full weeks to solve the problem. Please reply as quickly as possible

[HotHouse]

Currently having issues with suspected malware on our site while trying to set up google ads.
Anyone have any idea what this relates to? These are the urls from google which failed.

/api/census/RecordHit,
/api/census/button-render,
/api/census/form-render

[eslamalbaik]

6 hours ago, HotHouse said:

Currently having issues with suspected malware on our site while trying to set up google ads.
Anyone have any idea what this relates to? These are the urls from google which failed.

/api/census/RecordHit,
/api/census/button-render,
/api/census/form-render

Hi , same issues 
Can I contact you on WhatsApp if we find a solution?
https://wa.me/+9720592860416

[Karl1570048093]

Me too, taking ages for a fix! Getting desperate. 

[GlynMusica]

This is a nightmare and so I'll explain what happens as I've had this happen to a Client in the past. Google Ads looks for codes that might be considered malicious in the pages that are running Google Ads. Google Ads represents an immediate way to gain exposure to Google users, and as long as there is budget, there is the capacity to scale and hit lots of Google users. So there is good reason for doing this.

The experience we had was related to the third-party codes of a provider that, for whatever reason, Google had decided was malicious. What did we do? Pretty much everything that has been documented here: we found no code hacks in the PHP files, and we found absolutely nothing in the source code or JQUERY or other external libraries that were compromised (for this you should use lighthouse chrome extension to see whether any libraries are considered a security risk).

If you have done the above and still find nothing you should remove any third-party codes from your website. For example if you deliver your codes using Google Tag Manager (which is great for deployment) you just remove the GTM container.

In our situation the problem had nothing to do with anything on our side, it was a 3rd party provider that had tried to do something overly creative with their code that Google didn't like. Very frustrating on our side as we went through the pain of what has been described here, and they then went on to tell us that they had been aware of it and were trying to fix it (before it affected their Clients!).

My advice is therefore to remove any code you have added to your pages via the code injection section and to then resubmit your Google Ad. I might even reach out to SquareSpace support to verify beforehand whether or not the CDN that Squarespace uses for the affected website has been cleared just to be absolutely certain that before you send a request for a review to Google there are no straggling pages left online that might be the cause of future pain.

I'd then write to whomever provides the third-party code and ask them to confirm that they have not been having any similar problems with their clients and to confirm this before you send their codes to your Developer for auditing.

I would also make sure I have 2FA setup on every account I use that has any ability to add code either via GTM or via the website. For Google Accounts follow all the security settings. I would also recommend never using a VPN, no matter how secure they are declared to be when connect to these accounts, and that goes for any public network WIFI too, where people can just sit and run Wireshark and potentially steal your cookie. I've seen that happen too.

 

Good luck.

G.

 

 

 

 

[nzalklh]

Same here!

Ridiculous... has anyone actually had this resolved by Squarespace?

Looks like I'll be leaving Squarespace at this rate...

[ryanbrinkerhoff]

Anyone figure this out yet? Is Squarespace listening?

[123456Tony654321]

Hi Everyone,

 

We have just resolved the issue of urls;

/census/recordhit 

/census/form-render

Flagging up as malicious content and stopping Google ads.

 

We found the problem was the integration with our shipping software. In our particular case it was ROYAL MAIL CLICK & DROP integration.

 

After removing the integration from the Royal Mail back office we then had to get squarespace to remove the cache from our squarespace site. Now the URLS are not flagging and we can run ads. 

 

Good luck resolving!! Hope this helps.

Tony 

Payst Ltd UK 

[PhilB]

I'm having this same issue. I first experienced it over a year ago which forced me to stop using Google Ads altogether. I refocused on my second business site (for a second small business I own) and used other means of marketing on the affected original business site. However, I now need to resume Google Ads for this business. So, I thought I'd start over with a clean sheet and a brand new site on Squarespace. I even went as far as setting up a new Google Ads account with a new campaign. Same thing happened - Google Ads disapproved for 'compromised site' and 'circumventing systems'. 

So I got back in touch with Squarespace customer support and this time was told that there is an issue that the Squarespace Engineering team is aware of - originally I was told they couldn't see any issues when I first reported this for my old site over a year ago.

This is part of the reply I got yesterday:

'We’re currently investigating an issue with internal performance and census URLs within the robots.txt file are being marked as harmful or malicious software or malware, and results in ad disapproval —thanks for reporting this to us. Our Engineering teams are prioritizing a fix for this as we speak.
 
There are many variables that we test against before we release a fix, so we can’t provide an exact timeframe for a resolution. We can’t always follow up personally when a fix is released due to the volume of reports we receive for this issue.'

Having read this thread I now know that this issue has been happening as far back as 2020!! So this doesn't fill me with confidence that the Engineering team are going to be rolling out a fix anytime soon?!?!

This situation is a deal breaker for me and for at least one of my clients who I'm building a Squarespace site for who will be planning on using Google Ads to promote her business.

Has anyone managed to get this issue resolved on their site? 

I'm now seriously looking at other platforms to move all of my Squarespace sites over to. I really don't want to do this but will be left with no alternative if a fix can't be found quickly. 

Does anyone have any suggestions?