Adwords campaign rejected. For Google Matomo javascript is a Malware

Hello, is this still an ongoing issue? We would like to use Matomo but can’t put our adwords account at risk.

Thanks

Hi @Edu can you please forward us the following details to hello@matomo.org,
To make our case more clear at Google Ads, you can help us by providing the following information about the issues:

  • URL of your website where you had the issue
  • Google Ads Campaign ID
  • Google Ads customer ID
  • Support case ID

I’m wanting to know as well.
For instance, the cases where this has happened. Was it under specific circumstances? What type of Ad campaigns? What countries? Etc.

It’d help if Matomo would create a page to assess risks for users.

Hi @V.K
@rstark Could you help us
We still blocked by google ads after we remove each matomo js
I sent you the mail to you and write the campaign and consumer id, looped our google ads account manager

Please search the email title:Help! Google Ads Campaign sitll block after removed the matomo js

Hi @xp12452 We received your email. Thank you for sharing those details. We have added this to strengthen our case with Google. Please review the email we have shared.

Hi @V.K
I recommend it is good to know the best pratice to set matomo js with google.

like : using subdomain to collect data

beacuse there are many saas product collect user behavior to optimize uiux, 3rd party display network, remarketing ads

Hello, we are having the same problem with Matomo.

We have decided to use a subdomain for data collection. Currently, we just removed Matomo to make sure that the ads are running again as soon as possible.

Any news here on how we can make sure Google Ads is running and Matomo can be used?

It would be very annoying if we had to live without Matomo. :roll_eyes:

It is a serious issue. It should be sorted out as quickly as possible. I am a Google Ads Campaign Creator. So, it is good for me now come to know about this issue.

The thread above is long. Here is a medial summary at this point:

#1
In most cases reporting the false-malware-positive to Google Safe Browsing resolved the problem. The link for doing that is above - please report it yourself for accuracy and quickness.

In the last two years we saw a single case where the problem came back a second time after reporting it as a false positive to Google Safe Browsing. In that case, Matomo was being deployed by the user within GTM (Google Tag Manager).

We would be interested to find cases where it persists. If you have such a case, please contact hello@matomo.org. We would want to look at it deeply and correspond more quickly and directly with you.

#2
We can consider the rate of occurrence.

To get a rate of occurrence for this issue (“Matomo is detected as malware”) we have the denominator: Matomo is present in 1.5% of all of the sites on the internet currently (so some millions of sites, small and large).

And we have the numerator, which is this, roughly every few months we see one or more sites report this problem, so it is happening one or two dozen times a year, that we see reported. That is the numerator.

Dividing those two numbers, we see there is a steady, low probability of it happening.

1 Like

I am planning to create a campaign to test whether the issue is solved or not.

Thanks for doing this for the forum @Henry_Richards

Avast, Google, Microsoft use holistic factors sometimes to flag URLs. One thing to check is whether your IP address is adjacent to an address that has been flagged as disreputable.
https://scamalytics.com/ is one place that claims to assess this - this is not an endorsement - we welcome other opinions / knowledge on IP reputation and how to gauge it.

Just an idea … As we want to run Matomo again asap but don’t want to risk being shut down with our important Google Ads Campaigns once more … How about installing Matomo on a subdomain and creating a Google Ads campaign for that subdomain, to check if everything works out as supposed?

Thanks for your feedback in advance

I have not heard what the effect is on the “Matomo as malware” warnings problem. Will be useful to know as a workaround. The theory on your end is: get a false-positive malware flag when a user loads page of a subdomain (like an inconsequential page), but main site still loads okay, yes?

dashboard >> :gear: >> Measurables/Websites >> Manage >> Add a new website >> put in the URL of a subdomain like https://trivia.example.com/ or a path like https://example.com/a/b/

Matomo works well on a subdomain. And sidenote: can roll up two or more subdomains into a third sort of meta-site, if that is useful (Roll-Up plugin module needed).

I´m not that technical skilled so sorry possible confusion. Currently we do not have the Matomo JS implemented at our main webpage as we have ads running and want to prevent to get the ads disapproved again.

The idea I have in mind is to implement the Matomo JS on a subdomain of or main Domain and run an Google Ads Campaign for that subdomain and see if it works… The reason is that I to prevent the risk that the ads for our main webpage get disapproved again. Nut sure if that makes sense at all …

Hello,
We have just used Matomo (Tag Manager) for 3 months (June),
and Google Ads have told us that our website is a “Compromised Site” since August.

We have already reported “false positive malware” to Google Safe Browsing (twice) last week.
The first time without any changes (with Tag Manager),
and after direct injection of the script (without Tag Manager).

And we still have the problem :frowning:

If you have any idea to solve our problem, it will be very helpful to us.

NB:
We are about to stop using Matomo to check if this could be the cause or just a coincidence.

Hello @RER I have replied to the email you sent us. Kindly review the steps I provided and let us know if it works. Have a nice day.

1 Like

Yes, @bernd , Matomo can monitor a subdomain/path.

I am not sure what information this will add. I look forward to seeing your result.

In general, one theory for why some sites get a false positive from Google Safe Browsing, is that the IP address where you are hosted is a factor in getting a local software tool, like Matomo, labeled as malware. Have you entered your IP address(es) into a scanner, like Scamalytics? Here is a typical score they give, with transparent reasons supplied:

Hi Genest,

just checked the IP - from that side it seems ok?

I will check again when we might get a fals positive again.

To resolve this, update the Matomo.js script to the latest version, review your website for other issues, and request a review from Google AdWords after making necessary changes. Ensure ongoing website security to prevent future problems.

Related: Google Chrome and Google Ad Words can both give false positives for your site. The red screen can be made to go away once you report it as a false positive. Problems with adwords can be similar. ​See here how to report it and get your site safelisted by Google:
https://matomo.org/faq/on-premise/troubleshoot-chrome-warning-on-matomo-domain/