Google Ban for Malware Injection

I got a website Google slap for malware and in the Search console they said it was because of a WordPress plugin that adds the tracking code into the page WP-Matomo (WP-Piwik) – WordPress plugin | WordPress.org

Malware code injection
Pages like the sample URLs directed users to a site that serves malware. The source of malware may be embedded ads or other third-party content on these URLs.
Learn more
Recommended actions

  1. Review our resources about Malware infection type: Code injection.
  2. Check your source code (including JavaScript files) for any unauthorized changes.

This is the code as shown to me in Searxh console as being injected
<script type="text/javascript"> var _paq = _paq || []; _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u="//mydomain.com/piwik/"; _paq.push(['setTrackerUrl', u+'piwik.php']); _paq.push(['setSiteId', 22]); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s); })(); </script>

So I have disabled the plugin and asked for a review - odd I have been using the plugin for a while never had an issue - the tracking code looks normal - so I am at a loss as to why they put a ban on the site.

Same for me. All my sites that uses piwik through script tag are being banned bt google. Any ideas on ho to solve it? Maybe the piwik instalation must be under ssl? Could it be a self.signed certificate?

Thanks a lot.

I had a slightly older Piwik install 2.15, which was vulnerable, thing is the update/icon wasn’t displaying where it normally did, so I didn’t think about updating.

Anyway I ended up updating to 2.16 and asked for Google reviews on 3 sites which after a couple of requests they passed.

Of the three sites only 1 had malware which was JavaScript discussed here Massive Admedia/Adverting iFrame Infection

Hello, this is a very strange issue. Do other users reading this have experienced this problem? It seems only very few users have been contacted by Google. For sure, Piwik is not a malware :slight_smile: I’m wondering what the real issue is. Maybe your websites have some other un-expected code that got injected?

I have the same problem with my websites. My piwik installation is on https://visitorstats.de/ As of virustotal.com some Antivirus- and Malware-Checker think that this website is a phishing website. When being asked about that, nobody has an explanation for that. Other Antivirus- and Malware-Checker report the website to be malicious. The piwik version on that website is and has always been up to date (I am always updating as soon as there is a new update-release available).

While virustotal.com still shows some “troubled” results today, sitecheck.sucuri.net results in a malware free website. I also used clam av and rkhunter on the server without any results.

Though this blacklisting by some Antivirus-Tools results in blacklisting my other websites as well, those where the piwik-tracking-code has been added to.

Does anybody have any idea why this happens now? We really doublechecked the website wether it had been compromised or not and the results were clear that it hadn’t been compromised. Those Antivirus-Tools delivered false positives instead. (Google, Freedome and others declared the website to be clean and to have been delivering out false positives which they changed now).

How can we stop this? All I can do right now is to deactivate the piwik plugin and stop gathering website analytics data, which is not really an option.

Thanks in advance,
Patrick

Hi Patrick

It’s likely that this was a human error in the anti virus companies, some developers or staff who blacklisted Piwik without reason. Maybe you could contact the anti virus companies, and let them know about it? Feel free to CC me on these emails (matt at piwik.org). In general, the only way I know to have this fixed is to insist to the company creating the product, that there is a bug in their product. This occured a few times in the past to Piwik and usually contacting the company results in the problem fixed!

Thanks mathieu,

I am already contacting those companies on a more or less regular basis, because some of them still get my domain on their blacklist. But I will keep on with that and I will follow your advice and CC you in those messages.

Thanks,
Patrick

1 Like

I have this issue and reported it to Piwik. It only happens when I have Piwik installed and running. I was told it was my issue on my server.

This happened again recently, if you still experience this issue, feel free to continue discussion here: Adwords campaign rejected. For Google Matomo javascript is a Malware