Google blocks the site for viruses with a size of 0 bytes

A

Alexander2017-10-11 12:19:47

Google

Alexander, 2017-10-11 12:19:47

Google blocks the site for viruses with a size of 0 bytes - how to win?

Google sent this email:
Site blocked: malware
20160353764760001 3372754536
Good afternoon! Your site has been blocked for violating the rule - malware. Our review has shown that your website is highly likely to contain malware or code designed to install malware. For the safety of users, we prohibit advertising resources that may contain content that is potentially dangerous for your customers.
Next are links to files, and almost all files are static - css, js, jpg.
Naturally, the files are absolutely not criminal. In particular, there is, for example, http://mysite.ru/bitrix/js/quetzal.retailrocket/j...which is easy to check - it's pure minified jquery without changes and distortions.
Moreover, there is a file http://mysite.ru/bitrix/spread.php?s=QklUUklYX1NN... - for non-bitrix users I will explain - this is a cookie sharing file. It is empty - its content is 0 bytes.
The first thought was that the claim was just for sharing cookies, since they rummage between two different sites with dissimilar content. Disabled.
Sent for verification. A complaint came to one page of the store and favicon.ico
favicon was replaced, the page was turned off.
I sent it for verification - in response, a whole huge bundle of links and again to static. Of course, completely valid, and with a postscript:
Please check carefully before submitting the site for re-checking. If any link remains on the site, the site will remain blocked.
Those. I now have to manually change a bunch of images, css and js and the paths to them, just to check the site again, so what? And again they sent a list of statics allegedly containing viruses with a size of 0 bytes?
What doesn't Google like?
UPD:
Bitrix site. Another site is running on the same instance (a regular Bitrix license for two sites), i.e. they have a common Bitrix kernel, a common database, a common apache/nginx. Google has no complaints about this second site!
UPD2:
I added another domain to the site. Passes the test without problems. In short, it looks like the virus is contained somewhere in a 12-letter domain name...

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Alexey Pyanov, 2017-10-19
Madzhugin @Suntechnic

As far as I understand, "Google" is specifically Adwords. I deal with viruses a lot, and Adwords is a completely inadequate service in this regard. You are not the only one he sends such false positives to. I have never managed to convince them of the wrong approach, it remains only to correspond and hope for good luck that someday their algorithm will stop working. In a sense, you can get around the problem if you buy another domain, make it an alias to the existing one on the hosting and promote it in Adwords.

X

xmoonlight, 2017-10-11
@xmoonlight

Turn on the logging of all requests outside and go to the page that Google does not like and find in the log - requests for third-party resources and check them.

A

Anatoly, 2017-10-19
@Skit25

An attacker can do this: he launches his barmaley script and your site is hacked. Next, the manipulations are carried out and the script returns everything to its place, including the date the files were modified.
Files may not be deleted, but cleaned, so 0 bytes.