Update Aug 2020 by @matthieu - we have heard back from Google Maldvertising team and they have said they have “fixed some issues” on their end, and it seems the issue is FIXED.
if you still experience this issue from August 2020, please leave a reply here!
Original post:
I had prepared an adwords campaign but the campaign was rejected and the google assistance told me that “you need to remove the Matomo javascript as it is a malware”. Why?
"Your site has been blocked for violation of our “Malicious or unwanted software” policy, as our most recent scans have found malicious programs and strings on your site. In order to guarantee the safety of users, the publication of resources with content potentially harmful to its customers is not permitted.
For your convenience I send you the following list of malware detected by our systems, I invite you to analyze it together with your webmaster so as to be able to proceed with their removal independently:
That’s quite something. Just to make sure that they aren’t correct, can you please make sure that the matomo.js file hasn’t been modified by some other software on the server (it isn’t completly impossible that some malware searched the server for .js files and appended something to all of them).
Can I ask , how dit this end for you? I am facing the the same problem (with a muli-tenancy setup, so a lot of my clients suddenly have this identical problem) Google-ads claims malware, blocks all campagins, google search console claimes all sites are safe.
I see no recently changed files, generated html is clean, piwik.js it self seems also to be OK, and the file (or other) are not recently changed or something. Google can’t pin- point me to the real found malware or code, exept points to the piwik.js. I do load the piwik.js from an other domain, but on the same server.
Could you please share the link to the piwik.js file that they flagged as malware? This is most likely an error on their side, but we need to make sure, and follow up with them. There’s also always a small chance that something on the server/website was hacked and included some malicious code in random JS files including the matomo files. Contact us at: Contact the Piwik team - Analytics Platform - Matomo and we’ll help
At this moment I am for 99,9% sure, my PIWIK/MATOMO install is clean as intended, no hack , no malware, no strange url’s. And I hope I can thrust piwik to have no backdoors build in or something. I use PIWIK since 2006, never had any problem, like it love it… Google search console says all sites are safe, but google ads blocks every campagne . Google is enforcing their dictating position to ban out all software other then Google analytics.
“If you want to use our ads service, loose piwik.js from your site and it will be ok again”
I spend almost 3 days analyzing and comparing the scripts, seeking help, testing, searching through serverlogs, everything within my knowledge, just to be sure there really is no malware active.
Google’s reaction summed up: Dear Remco, I understand your frustration, but please talk to the hand…
This has happened before where Googe mistakenly flagged us as malware for no good reason.
→ Could you please immediately revert the malware claim on the piwik.js
and if you have otherwise any question or feedback about the file, please let us know?
Looking forward to hearing from you,
Matomo Team
You can reach out to the Matomo team at https://matomo.org/contact/
Could you share this text with them and let us know if that helps unblock the situation?
Got two sites from clients that his ad campaigns were shutdown because of Matomo code. As you pointed out… I´m also sure that Matomo code is clean, used it for years. Got the sites tested from several malware test sites, even Search panel from Google says its clean. Sure it is a move from Google to ban out all the competition… or maybe they do not want to track the google campaigns and discover other numbers than they give you?
You are right! Not only the visitor’s privacy is in danger, also fair market trading. You can’t re-check the visitors/CPC that google provides& calculates, You can only hope that google is really honest
Totally unexpected, I received this morning a call from google ads, that my piwik install was claimed to be safe.
Reason for further investigation, was my massive contact moments (calling / mailing / protesting), results of my own investigation and sending extra documentation.
Google promised to unblock the campagnes, but every ads-account have to be evaluated separately.
The soap is not over… The ads account, that was whitelisted by google, is still approved. So I told my other customers, they can activate the piwik stats again.
I was wrong, now they are being blocked . (exept the only whitelisted account). All sites use the exact same piwik tracker / url. So I can conclude, not my piwik installation is whitelisted as safe, only the ads-account…
================================
Update: Today, 20-feb- the google ads employee confirmed that my piwik url was safe, and whitelisted the other blocked customer. It was the same employee that took over the previous case, so explaining what kind of software piwik is, was no problem… . As I use a multi tenancy setup, I requested to whitelist my pwiwk url .Ortherwise it will take us both a lot of time, to whitelist every single account that uses my piwik setup.
Hope this will help anyone, who has the same kind of google ads blocking.
Thought I’d add to this. We just had all of our Google Ads accounts shut down due to the piwik/matomo code being malicious. Been running it for years and never an issue until Saturday. Scanned all the servers, checked the code, everything is fine and nothing changed. Spoke with Google this morning and they confirmed it was the piwik.js file. I told them this is not malware. It is an analytics software like Google Analytics, just from a different company. They didn’t care. We had to remove it from our entire network of websites to get our accounts reconsidered for activation. We asked them to review the file to see if they’ll allow it and they’ll respond within 48 hours.
Thanks @TonyR for the update. Sorry you have to experience this. Google is abusing their position here, never should they force you to remove your analytics tracking code from the site!
We will reach out to Google also from our end.
Is anyone else experiencing this issue? Any more information anyone has is appreciated.
Matthieu, it is unfortunate. We have (had) a deep integration into our systems where we queried the MySql database directly to generate custom reports/insights and automated analytics reporting via email. We have custom dashboards built into our software and everything.
We also received a slew of calls today from clients that were running their own ads with the same issues. We had the analytics deployed to about 200 websites. Luckily, the way our systems are developed, we were able to remove it in just a few minutes with a global update. If Google decides to allow it, we can restore it with a global update as well.
We had about 60 Google Ads accounts that have been disabled that we were managing (not counting the customers managing their own).
We have not yet had our Google Ads accounts re-activated. I will update this forum once I have more information. Waiting to hear back from their support on both the re-activations and whitelisting the piwik.js file.
We have the same problem here, Google block our ads, they say that Matomo.js and Matomo.php were malware!
What can I do now?
That’s what they write us:
Leider wird in meinem Tool noch immer angezeigt, dass die Webseite https://www.werbago.com/ noch immer mit folgenden Links infiziert ist und die Anzeigen somit nicht freigegeben werden können.
matomo.js
matomo.php
Leider können die Anzeigen nicht manuell freigegeben werden, da sie sonst bei der nächsten automatischen Überprüfung direkt wieder abgelehnt werden. Aus diesem Grund muss sichergestellt werden, dass die Webseite bereinigt ist, bevor die Anzeigen wieder freigegeben werden können.
Wenn Sie die Webseite erfolgreich bereinigt haben, stellen Sie bitte sicher, dass Sie noch einmal ein paar kleine Änderungen an den Anzeigentexten vornehmen müssen, damit die Anzeigen automatisch noch einmal überprüft und gegebenenfalls freigegeben werden können.
Sollten Sie noch weitere Fragen haben, freuen wir uns von Ihnen zu hören.
