I’m a solo founder and really struggling to get Google Ads running for my website. My site always gets flagged as Compromised Site and Malicious Software, even though I’ve done several checks that shows it’s clean. Even Google’s own Safe Browsing shows it as clean.<p>Their latest feedback after appealing suggests I change from a .co.uk to .com to resolve the issue which seems like complete nonsense.<p>Does anyone have any suggestions on how I can fix this? All of my competitors are running ads and it’s extremely frustrating as a solo founder that I am unable to do so.<p>Will post my website on request as I’m not sure if I’m allowed to post it.
I'd bet just about anything that Google uses machine learning to decide whether or not to trust a site for ads. It seems like the only solution that would work at a large enough scale to handle that kind of demand (versus more defined but more labor- and resource-intensive malware/fraud detections). I think that also explains why the review process seems so arbitrary and ineffective - in essence, not even Google knows why Google decided your site was bad. I used to help people with hacked websites, but eventually I had to refuse to work on projects where the only symptom was a Google Ads denial because it was such nonsense. In one case a guy completely removed his site and replaced it with a 0-byte page, and even after we saw Google-owned IP addresses doing a crawl in the site access logs, they still told him there was malware (including a list of infected URLs that no longer existed).<p>If I'm correct, changing your domain might help in that machine learning algorithms consume tons of signals and maybe altering that particular one would push your site under the "bad" threshold. But it might not do anything. It's a super frustrating problem. I hope you can stumble onto a solution or find someone at Google willing to help.
Hate to say it, but unless this post gets traction or you have a huge social media following and can successfully go viral while calling them out — nothing will happen.<p>Tons of Google products are going haywire right now and it’s clear nobody at the Monopoly money machine is at the wheel or even cares.<p>Google search console was down for multiple days recently. If you check your Gmail spam folder, you’ll see lots of legitimate emails in there from the past few weeks. Google My Business profiles have been disallowing legitimate profile pictures for months. I could go on.
Your domain has a 20+ year ownership history. Are you the first owner? The suggestion that you switch to .com could be a subtle way to tell you that your domain has a bad reputation that cannot be fixed. Once Google thinks a domain is bad, it’s hard to change their mind. If you’re not the first owner, you don’t know what the previous owners did using the domain.
I run Google Ads professionally and this has also happened to me. I was never unable to fix it directly. One time, I had a Wordpress site that Google Ads claimed was a compromised site. I migrated it to a landing page provider (Unbounce), and Google Ads still insisted the site was compromised even though Google's tools said the said was clean.<p>What I did to fix this was to migrate my landing pages to a new domain. (I believe migrating my landing pages to a different subdomain on the same domain would also work, but I haven't tested this.)<p>You don't need to run traffic to your full website. All you need is a marketing website to run traffic to. That marketing website doesn't even need database integration, so you can put that marketing website on a totally different server.<p>So to fix this issue, I wouldn't try to fix it. I'd just create a marketing website somewhere else and direct traffic to that.
To be super clear you’re trying to buy ads or serve them? I had a pretty bad experience with buying ads in the past as they kept flagging my account because I was using a virtual CC. I had to reach out to one of my ex-colleagues over there to get unblocked…
Couple of things you can check:<p>1. See if VirusTotal lists your site (including subdomains, app.domain and www.domain, etc): <a href="https://www.virustotal.com/gui/home/url" rel="nofollow">https://www.virustotal.com/gui/home/url</a><p>If wrongly flagged, reach out to each security vendor manually - takes about 3-5 days to get them to rescan manually and remove any flags.<p>2. Check for any dodgy javascript libraries you might inadvertently be using. Specifically, just remove all non-relevant JS until you get approved, then you can slowly add them back in if really needed.<p>Super frustrating that Google has this much power, and totally ridiculous they want you to switch to .com (pretty sure that's an outsourced CS worker giving you a random suggestion).
This happens fairly often. But honestly it's a bit ridiculous that Google suggests that you change from a .co.uk to a .com to resolve the issue. That is NOT an option unless they're going to pay for the domain and the domain migration.<p>I would keep pushing back on that, there is no way that you need to move to another TLD.<p>They say that the site is "compromised and has malicious software", I bet it's actually something else, like a site that you're linking out to that's compromised and malicious--that's happened quite a bit in cases where sites are flagged like this in Google Ads.
These stories reappear every now and then here. I remember my startup's domain was blocked by Microsoft Ads (.us TLD). Couldn't even appeal their decision but as a startup David you're rarely gonna go against Goliath and just pick another battle.<p>A friend's gym, freedomfit.us, a now two year old domain that SSLTrust.com.au lists as clean still seems to hit issues with some people. They moved to another domain, ff-wp.com on another hoster but that didn't help their issues with some people that still can't access it. That makes me wonder if associativity by content is viral to the new domains - from a malware-spreading perspective that would of course make sense but I could imagine this doing more harm than good.<p>If anyone has insights on best ways to establish trust new domains/startups, I'm sure the crowd would appreciate your time and insights.
What I'm doing so far, is trying to manually categorize/list the URLs with the dominant firewall/antivirus vendors, but it's a lengthy manual process and I'm not sure of the benefits either.
Is your domain relatively new? It might be that Google's automated systems don't yet "trust" it due to a lack of history/backlinks, or it could be similar to a flagged domain from the past. This might be why they're suggesting you switch to a different domain.<p>To improve this, you could work on building more "authority" for your domain by gaining backlinks, which could help increase its trustworthiness. If time is an issue, you might consider purchasing an existing domain with a solid reputation. There are also some SEO tools which can give you insights into a domain.
Ran into the same issue when I purchased a .ml domain (naively not looking into why .ml is such a cheap TLD to buy good names for, it has a super high spam risk). Purchased a different .com domain and haven't had any issues since. I didn't change content or anything, besides changing the domains in all of my links, and the same google ad campaigns and workspace for the new URL were able to be created without issue.
One thing I thought it could be is I use PostHog for analytics / heat map recording, but I tried completely removing it and they still rejected it.
Do you get flagged in any databases here : <a href="https://www.ssltrust.com.au/ssl-tools/website-security-check" rel="nofollow">https://www.ssltrust.com.au/ssl-tools/website-security-check</a><p>As I know google is partnered with a lot of them and if your flagged in one you’ll need to contact them to get removed.
I am struggling with this problem also. After several failed attempts at appeals, they also suspended a family member's ads account saying they were detected as related to me. Have resorted to paying thousands of dollars for google un-suspension services. Have never knowingly broke any google rule ever.
It's not the same thing, but it's still Google, soo.... all three of my kids are on school or club sports teams that use Teamsnap (<a href="https://www.teamsnap.com/" rel="nofollow">https://www.teamsnap.com/</a>) for coordination. This includes exposing calendar subscriptions to Google Calendar and delivering messages & event/change notifications via email (and push notification via the mobile app). For some reason, Gmail has decided that Teamsnap is no longer a trusted sender and throws big caution notices with every email. It's exceptionally annoying, and stupid, given what the app is, what it's used for, and how long it's been around. I don't know whether it's an ML heuristic that's picking up on something, whether it's an email server configuration change on the Teamsnap side, or whether Google's just created a bug, but it impacts potentially all of Teamsnap's 25 million users in the US.
naïve ideas:<p>- domain reputation
- ip address reputation
- hot linked image/css/js from a malware-flagged domain
- possibly the domain is highly correlated with a malware / SEO clout ring (a group of other domains specifics used to try and game whatever benefit PageRank may still have)<p>When I maintained a social media site, we had lots of users hotlink to random websites that hosted an image they wanted to display. If the hotlinked host/domain got flagged as Malware hosting, our user’s page (on our domain) would also get flagged. Note: this was Google Chrome’s malware detection, not AdWords, but it may be relevant info.
happened to my company where i work at, final solution? we nuked the site, basically built a different website, different domain and hosting, Appealed the decision on adwords and cross your fingers, that's the only thing that worked, we were losing customers while we were trying to figure out what was going on (we were on month 2 already, dead in the water no ADs being served). While doing research i came upon the conclusion its either machine learning that is using old data and does NOT refresh that often just to save computing power / costs, or googles tech support does not care.
I've got a similar problem because google keeps saying my site doesn't have enough content. I add content and still get rejected. The thing is my site is a data tool site and not content based.
> Their latest feedback after appealing suggests I change from a .co.uk to .com to resolve the issue which seems like complete nonsense.<p>Could possibly be a compliance thing on their end. If AdWords is a big part of my funnel, which it is for most Saas companies, I would simply just buy a new .com or use an existing one to run a funnel that connects to the underlying .co.uk site.
> Their latest feedback after appealing suggests I change from a .co.uk to .com to resolve the issue<p>I wonder if what they take issue with is that propertyengine.co.uk and propertyengine.com are different businesses.<p>I mean it doesn't make a lot of sense to take issue with that, but I wouldn't be surprised if that's what it ended up being.