Malware URL redirect that google ads detects, which gets through Cloudflare?

Google adds recently disapproved adds because of a re-direct on my site. I actually looked at the File Manager on our ISP’s server for my domain folders, and noticed a folder named e.g. “mysite.com-redirect.” In this folder there was an index.html file with a redirect to the bad URL (listed below from a Sucuri site scan). So I removed the folder.

Next, I ran a Sucuri site scan, and the results were:


HTTPS mixed content found.

http://www.iyfipgun.com/ on https://www.mysite.com/404testpage4525d2fdc

So, there is a 404 test page with bad content, but it’s not visible in the File Manager.

Also, I have the Pro plan at Cloudflare, and turned on "Convert all HTTP to HTPPS, but jut called google and they checked and said they can still detect redirects. Why is Cloudflare WAF not preventing the redirects that google ads tech support can see?

Without all the logs it’s hard to determain what happened. You’ll need to review your logs to determine exaclty when and how they gained access. If you have cPanel, good chance they may have your bypassed all security and accessed the server directly. If it’s a CMS such as WordPress, was it up to date or a plugin. Is there 2 factor authentication, do they have access to email, hosting or backend passwords.

3 Likes

Hi @user2214, the auto rewrites is great and convenient, but it does not work for everything, css and script files are not corrected. I’ve seen several instances of images called from a javascript file that are not rewritten.

WRT how the file got there, for good measure the security steps @Withheld laid out should be done on the cloudflare account and host. It does not hurt to be paranoid and do that on all your accounts to keep bad actors out of everything. And, once you see the logs, let us know! I am very curious as this pretty clearly should not happen.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.