We got cases where after recovery of a website, the client still complains that Google Ads disapproved for malicious or unwanted software, Google support says their website still containing unwanted software and malicious links.Follow these steps below to identify hidden malicious links first if they exist on your website.If you hired solvewp.com already to recover your website, please continue from Step 5: Resubmit Ads First of all, contact with Google Ads support, and ask for details, ask for what they got on the website. You may get a reply within 2 business days. That reply email will contain links that Google Ads found on your website.

Step 2: Start finding the hidden links

At first, try Solvewp online Scanner to discover hidden links. In most cases, you will get those links under “external links”. If nothing suspicious found, proceed to these manual steps. Check your website HTML source code in any web browser like Mozilla Firefox or Chrome.
  • 1: Search your website in Google (Don’t type URL in browser address bar directly)
  • 2: Click on any link from the google search result
  • 3: Once you get your website fully loaded on your web browser, press “CTRL+U” on the keyboard or right-click on your mouse and select “View page source”
  • 4: Press “CTRL+F” to find the string on HTML source, type something like “apu” or “zoneid” in the search box
That search keyword, links can be different for your website. Get your links from Google Ads support email.injected-link If you can’t locate those links provided by Google Ads support email in your website source code, skip to the Step 5: Resubmit AdsIf you can identify malicious links in your website HTML source code, follow the next step to locate the source of those links.

Step 3: Check website database

If those malicious links are hidden into the database, you may locate it by simply searching using link domain names or unique keywords. We used dolohen a search term in our example. Login into phpmyadmin > Select appropriate database name > click on search search-in-phpmyadmin Make sure that you have selected all database tables to search into. If those links exist in the database, you will get it like this db-search-result Click on “browse” browse-for-details You got your culprit hidden malicious links! Try different unique search keywords if the result returns nothing.

Step 4: Check website files

Most of the cases, WordPress security plugins or any other malware scanner can’t identify those javascript malicious links. As we know those links already from Google Ads support email, we will use SSH terminal to grep search keywords using this command
grep -Hrn 'dolohen' /var/www/html/wp-content
grep-serach-dolohen Once you got the source of those JavaScript links injection, get it clean. Verify again if those malicious JavaScript links still exist in website HTML source by following Step 1: Check site source code

Step 5: Resubmit Ads

Once you get everything clean, resubmit your ads in Google by simply editing existing ads. If you make any simple edit in existing ads like just change a word, ads status will change to “Under Review”.
  1. Select the ads you want to resubmit for review.
  2. In the menu at the top, click Edit.
  3. Make any change, you can just change a word.
  4. Click Submit.
Wait and see if the ads get approved or you get disapproved email again.Once your ads disapproved for malicious links or unwanted software, there is a high chance that Google won’t approve your ads again automatically. You will need for manual review. In that case, follow the next step.

Step 6: Contact Google

Assuming that you already contacted Google Ads support and they sent you some malicious links they found on your website.Now, reply that email by mentioning that you hired security professionals, they have cleaned and secured your website already. But unfortunately, Google Ads still getting those links in your website. You believe that Google Ads automated scanner getting cache results. You need a manual review.Google ads support will raise a ticket for you and will arrange for manual review.After a few days, usually within 2-3 business days, you will get an update from Ads support. You may get your ads approved in this stage.But from our experience, there is a high chance that Ads support will claim again that they still getting malicious links, just like this image below: ads-reply-with-linksNow you have to take a bold step. Before that, again, are you 100% sure that your site is clean? If your security team assure you that your website is clean, write a reply like this:ads-reply-for-approvalIf your website is really clean, you will get good news this time! 🙂 ads-approved

Sample of hidden links we found

Just so that you can identify malicious links from HTML source code, here are some samples we found in different cases we worked for.