Their latest feedback after appealing suggests I change from a .co.uk to .com to resolve the issue which seems like complete nonsense.
Does anyone have any suggestions on how I can fix this? All of my competitors are running ads and it’s extremely frustrating as a solo founder that I am unable to do so.
Will post my website on request as I’m not sure if I’m allowed to post it.
I'm checking web.archive.org and it all looks pretty innocent so far apart from the domain for sale pages that started around 2011
If it is, then they should say what they mean instead.
[0] https://news.ycombinator.com/item?id=40431126 "Show HN: Pls Fix – Hire big tech employees to appeal account suspensions (plsfix.co)"
If I'm correct, changing your domain might help in that machine learning algorithms consume tons of signals and maybe altering that particular one would push your site under the "bad" threshold. But it might not do anything. It's a super frustrating problem. I hope you can stumble onto a solution or find someone at Google willing to help.
It doesn’t work. These automated systems are flagging a (presumably) benign site and an article yesterday regarding their $5M lawsuit for running a scam ad on their SERP for “Coinbase support” suggest the automated systems can be bypassed too.
I’m not saying automated detection can’t be a part of it, but we shouldn’t accept companies automating away decision making as if computer-derived errors are acceptable.
The larger point is that Google isn’t exactly strapped for cash. They could hire an army of reviewers. They just don’t.
> They could hire an army of reviewers. They just don’t.
They may actually do that too, but perhaps there are thresholds that must be met for something to reach a reviewer. I have some sympathy for Google here as I work on email security in a high-volume environment. ML is one tool in the box, and human reviewers are another. Everything is a tradeoff between resources, false positives, and false negatives.
At least my organization's customers can contact support if something is going wrong, but for people trying to legitimately use Google Ads, it can be an extremely frustrating situation of shouting into the void. (And getting boilerplate support answers back from the void.)
I would keep pushing back on that, there is no way that you need to move to another TLD.
They say that the site is "compromised and has malicious software", I bet it's actually something else, like a site that you're linking out to that's compromised and malicious--that's happened quite a bit in cases where sites are flagged like this in Google Ads.
The web isn't as well woven as it used to be. They'll just harm a bunch of innocent people, not numerous enough for the public at large to even notice.
Tons of Google products are going haywire right now and it’s clear nobody at the Monopoly money machine is at the wheel or even cares.
Google search console was down for multiple days recently. If you check your Gmail spam folder, you’ll see lots of legitimate emails in there from the past few weeks. Google My Business profiles have been disallowing legitimate profile pictures for months. I could go on.
What I did to fix this was to migrate my landing pages to a new domain. (I believe migrating my landing pages to a different subdomain on the same domain would also work, but I haven't tested this.)
You don't need to run traffic to your full website. All you need is a marketing website to run traffic to. That marketing website doesn't even need database integration, so you can put that marketing website on a totally different server.
So to fix this issue, I wouldn't try to fix it. I'd just create a marketing website somewhere else and direct traffic to that.
1. See if VirusTotal lists your site (including subdomains, app.domain and www.domain, etc): https://www.virustotal.com/gui/home/url
If wrongly flagged, reach out to each security vendor manually - takes about 3-5 days to get them to rescan manually and remove any flags.
2. Check for any dodgy javascript libraries you might inadvertently be using. Specifically, just remove all non-relevant JS until you get approved, then you can slowly add them back in if really needed.
Super frustrating that Google has this much power, and totally ridiculous they want you to switch to .com (pretty sure that's an outsourced CS worker giving you a random suggestion).
On a related note, one interesting thing I did discover, due to a small misconfiguration of NextJS + App Router, I was getting two </html> closing tags in my markup, which https://sitecheck.sucuri.net/ was flagging as potential site compromise, I guess because a site with malware injecting unwanted scripts could cause broken markup as a common side effect? Anyway I long since fixed that and it hasn't made a difference.
As I know google is partnered with a lot of them and if your flagged in one you’ll need to contact them to get removed.
A friend's gym, freedomfit.us, a now two year old domain that SSLTrust.com.au lists as clean still seems to hit issues with some people. They moved to another domain, ff-wp.com on another hoster but that didn't help their issues with some people that still can't access it. That makes me wonder if associativity by content is viral to the new domains - from a malware-spreading perspective that would of course make sense but I could imagine this doing more harm than good.
If anyone has insights on best ways to establish trust new domains/startups, I'm sure the crowd would appreciate your time and insights. What I'm doing so far, is trying to manually categorize/list the URLs with the dominant firewall/antivirus vendors, but it's a lengthy manual process and I'm not sure of the benefits either.
To improve this, you could work on building more "authority" for your domain by gaining backlinks, which could help increase its trustworthiness. If time is an issue, you might consider purchasing an existing domain with a solid reputation. There are also some SEO tools which can give you insights into a domain.
- domain reputation - ip address reputation - hot linked image/css/js from a malware-flagged domain - possibly the domain is highly correlated with a malware / SEO clout ring (a group of other domains specifics used to try and game whatever benefit PageRank may still have)
When I maintained a social media site, we had lots of users hotlink to random websites that hosted an image they wanted to display. If the hotlinked host/domain got flagged as Malware hosting, our user’s page (on our domain) would also get flagged. Note: this was Google Chrome’s malware detection, not AdWords, but it may be relevant info.
Can’t you have some respect to other people’s time?
Could possibly be a compliance thing on their end. If AdWords is a big part of my funnel, which it is for most Saas companies, I would simply just buy a new .com or use an existing one to run a funnel that connects to the underlying .co.uk site.
I wonder if what they take issue with is that propertyengine.co.uk and propertyengine.com are different businesses.
I mean it doesn't make a lot of sense to take issue with that, but I wouldn't be surprised if that's what it ended up being.
