Can't get rid of "Site Contains Malware" warnings - google-chrome

We've been having this problem for the last month, and it is getting really old. :( I'd love any help or advice.
We have a Facebook app that provides users a simple way to make tabs for pages. Some malicious actors were using our app to host redirects - which we have now blocked. As far as we can tell, there is not any more redirect abuse. Okay, here's where it gets weird.
We've got 12 "apps", each of which has identical functionality but different paths on our domain. For example:
http://raw2.statichtmlapp.com/tab/1/...
http://raw2.statichtmlapp.com/tab/2/...
http://raw2.statichtmlapp.com/tab/3/...
All urls beginning with the path /tab/2 are getting the warning, and all the other urls are fine. Gah.
We have read the documentation thoroughly about how to rectify this sort of thing, to no avail. https://developers.google.com/webmasters/hacked/docs/request_review suggests that we should use the webmaster console to request review for Malware or Spam, but our console says there is no problem with the domain.
We have submitted requests for review of phishing multiple times at http://www.google.com/safebrowsing/report_error/, but nothing happens.
I suspect that part of the issue may be an anti-abuse measure we have in place. The content in our app is only available when embedded inside Facebook, with a signed request that comes along with the iframe url from Facebook. So if a Google system attempts to directly craw urls that have been flagged, it will get either empty pages or errors. But we don't want to make the content available on the open internet for fear of phishing abuse (which is why we lock it down now), and we don't want to try to detect Google and just serve them the content, because that feels like something they would likely detect as suspicious and cause further flagging.
Any advice on what to do? It is incredibly frustrating to have a bunch of walls come slamming down like this, with very little we can do. Thank you so much for any help!

Aha! After a helpful reply on the Google Webmaster Central help forum, we got it cleared up. We needed to add the blocked url as a new site in the search console, not just the root domain. That made a security issue show up, and that enabled us to request a review, and finally get this cleared up.

Related

error on Google Page Speed Insights and doesn't run on one website I made,

I tried to run Google Page Speed Insights and got this error message. I've searched and can't seem to find how to fix that. I also ran Page Speed Insights with other websites that I made and every time it worked.
Lighthouse returned error: FAILED_DOCUMENT_REQUEST. Lighthouse was unable to reliably load the page you requested. Make sure you are testing the correct URL and that the server is properly responding to all requests. (Details: net::ERR_CONNECTION_FAILED)
https://developers.google.com/speed/pagespeed/insights/?url=https%3A%2F%2Fexecfarm.com%2F
Several of us in comments
have tried the link you gave and have not experienced any errors.
However, I have been refreshing the page and the Google Speed insights result has been showing different values for the page overall score From 34%, to 40% to 70% (then back to 40%).
This would possibly imply that the page is being worked on or that there is some other (database) stuff that is changing each time the page is loaded.
If you are not cloudhosting (ie Cached copies) then when your server is taking up a new file uploaded from your IDE, while that file is uploaded to the server it can not be "read" while it's being "written". So maybe Google is trying to access the file when it is being replaced which will cause momentary drops.
You should also be forcing the HTTPS, currently the website is still fully accessible on the insecure http://execfarm.com URL.
try to force redirection to https instead of http by activate SSL
I tried the test 10 times and all of them failed with
Lighthouse returned error: FAILED_DOCUMENT_REQUEST. Lighthouse was unable to reliably load the page you requested. Make sure you are testing the correct URL and that the server is properly responding to all requests. (Details: net::ERR_CONNECTION_FAILED)
This could mean multiple things. Either your page failed to render in Google's PageSpeed Insights, an internet backbone broke, or something else happened.
It may be that an internet backbone outage that caused your server's connection with Google to be broken. When an internet backbone outage happens, user A may be able to connect to your server, but user B may not. To rule this out, check your logs when you go to your Google PageSpeed Insights and look for any IP address associated with Google's IPs.
To rule out that page rendering is the cause, move your index.html file to somewhere else, and replace it with a dummy index.html, to ensure that page rendering isn't the cause.
To rule out an internet backbone outage, switch to a temporary server and move everything there. If Google PageSpeed Insights works, then you know that it was an internet backbone outage.
Hope this helps.
I faced this problem because of my SSL integration. After fixed it, my problem solved. Try to run lighthouse test without SSL.
Also please check this answer:
This issue is quite often reported by many users.
It occurs because of the following issues:
Unresponsive server Unstable internet connection. Please try to rerun
the test then it will work.
For more clear and better result follow instructions in this link.
https://stackoverflow.com/a/53318088/4766521

How can I create a program or bookmarklet that can scrape facebook-chat messages for spam links?

There is a Facebook app which has enabled the depricated facebook-chat feature where users can chat whilst playing their game. Unfortunately there has been a dirge of spammers and scammers posting in this chatroom, which we would wish to automatically detect and send emails or some other alerts to us so that we can more immediately block/ban these users.
Is this possible somehow? What we've tried was to create a python scraping application but it wasn't immediately obvious how to log into facebook and get HTML of an app through a python call.
I've since been introduced to bookmarklets as a concept. Perhaps this could solve the issue? There could be some type of javascript code in a bookmarklet, and all one would need to do is load up the game, open the facebook-chat, and then click the bookmarklet, and leave the computer running 24-7. The javascript would parse the DOM for suspected scam links and send email reminders when found.
This is just me brainstorming possible ideas. I'm really not sure how to approach this automation problem, and I am not finding anything useful online either.

Why does google visit my url every time I start chrome?

I've noticed that Google keeps visiting some of my url:s each time i boot up Google Chrome, does anyone know why this might be?
This wouldn't be much of a problem, except that it keeps hitting an login-url for a system I've built. And each time there's an unknown login-call I receive a text message... so, it's kind of annoying.
The IP range i keep receiving this visits from is 66.102.9.*.
Sure, I could block this ip-range. But first I'd like to know why I keep receiving this visits. Does anyone have any ideas?
Perhaps it is your Chrome's starting page and you could change it in the settings.
That's where I'd start, unless you have already checked that.
If that's not it, try the Google Chrome forums
When you use Google Chrome, it sends GET requests to Google's servers for the bowser's update checks and for the Chrome apps updates.
Chrome sends requests to multiple URLs when it’s checking for and downloading updates. The order of requests is determined dynamically at runtime. Both HTTP and HTTPS protocols might be tried. The following URL list of hostnames and paths can change at any time without notice:
www.google.com/dl/*
*.gvt1.com
tools.google.com/service/update2
dl.google.com/*
google.com/dl/*
clients2.google.com
update.googleapis.com/service/update2

Different errors (quota, disabled, bad API key, or none) when loading Google Maps API JavaScript

We ported our site to Google maps, but we get different errors when loading a map using the JavaScript Maps API (v3 of course). Other times the map loads correctly. The two most prominent errors are:
"Google has disabled use of the Maps API for this application. See the
Terms of Service for more information
http://www.google.com/intl/en_US/help/terms_maps.html." (JS Alert)
And:
"This site has exceeded its daily quota for maps. If you are the
creator of this site, please visit the documentation to learn more."
(this is a DOM overlay)
Live minimal example:
This code is not yet live but there's a minimal example here: http://mappat.com/maptest.php. It is simply Google's own Hello World example with our key filled in and even that gives problems.
Network traffic inspection:
I noticed the first error is shown when 'AuthenticationService.Authenticate' fails (returns [0,5,0]), the second when 'QuotaService.recordEvent' returns [0,null,0]. These are remote calls from within the SDK and I don't know if these details are relevant.
What we tried:
Billing is enabled by the way and we stay way below our quota limits. I tried a lot of things already, new key, waiting a few days, turning the Maps API off and on again in the console, etc. I filled in the allowed referrers but also left it open to allow others. No difference.
I don't dare to start a new project in de dev console because this whole thing started when I did actually just that because I had (different) problems with the server-key. That server part is now working flawlessly btw, kind of ironically.
[Edit: I just tried to leave out the API key when loading the JS maps file, which, fingers crossed, seems to work. But now the server-side calls to places/searchtext start to give random "The provided API key is expired." errors, again (same reason we created the new project). Coincidence? Also, I don't like this option, especially with regards to the future (reaching 25k, going beyond and going Business Account)].
So, I'm stuck. Hence my first SO question ever. Could it be that we are blacklisted? Perhaps because of the duplicate project? Is there a way to find that out and/or to get us 'reset'? Or am I simply overlooking something?
Any help is appreciated because until we solve this, this is a deal-breaker.
Sidenote: I also filed a bug report because I think giving random errors on itself is not expected behaviour. It's up to the dev team to decide if they agree. If not, we still have a problem, hence this SO question.
I think you have a syntax error in your php var dump:
<script type="text/javascript" src="https://maps.googleapis.com/maps/api/js?key=AIzaSyDYuWR5wqux1_iTmfIWPveheIOr5PhqjEs&?>sensor=FALSE&language=en">
</script>
you have ?> just before sensor
This issue magically disappeared after a week or so.
I didn't get any response from Google, but they may have change/reset something behind the scenes, of course. The bug is still marked 'new', by the way.
My advice to others having this issue is to first check some basic things, since the individual errors I got could also result from actual things you're doing wrong (ie mistake in allowed-referers). If all seems okay after triple checking, just remove the API key from the request, test along like that for a while and retry in a couple of days.

Inject ads to Google Chrome Extension

I am developing a google chrome extension, and planning to inject ads using the allowed feature. I have checked in front of "Ads Behavior" that says "This extension injects ads into some third-party websites."
My question is, how and where do I mention the source of ad? Say, if I want do display google adsense, how do I set it up??
I searched it throughout the day today, but didn't get any information anywhere.
Thanks,
James
Injecting ads is not that simple.
The first problem you will face is to find an ad network that allows extensions to inject advertisements in pages. AdSense doesn't allow this behavior.
The second (and maybe more complicated) problem is to inject the ads. In a chrome extension you can use script injection to add the advertisements to the pages. The real problem is where to put the advertisements. They should be placed in a smart manner; ensure they don't conflict with the page layout/functionality; they shouldn't be everywhere and on every page, otherwise your users will promptly uninstall the extension; you absolutely shouldn't just replace existing ads if you don't want your extension to be flagged as malware.
I haven't yet added ads to my extension because of these and others problems, and I am striving to get some money from it since it has cost me a considerable amount of time to create it, and I have received very, very few donations considering the over 150.000 users.
Hope I could help.