Breach Notice: Resolving Violations of the Identifying Users Policy
Asked Modified Viewed 3,813 times
foc_in_gaura
foc_in_gaura 10
- Member, joined since
- Contributed 100 posts on the community forums.
- Started 21 threads in the forums
- Started this discussions
As the title say, Google warned me that my site is vulnerable.
Look at this page, to see what is about. https://support.google.com/adsense/an...3366?hl=en
In the email they sent me, they say that the files :
login.php
lostpassword.php
register.php
are the problem.
I removed the ads from that pages. I disabled email confirmation (so it won't appear in the activation link)
They recommend to use a slug for every email address .
Please, it's urgent, I have deadline until 13.06.2015.
Thanks!
Look at this page, to see what is about. https://support.google.com/adsense/an...3366?hl=en
In the email they sent me, they say that the files :
login.php
lostpassword.php
register.php
are the problem.
I removed the ads from that pages. I disabled email confirmation (so it won't appear in the activation link)
They recommend to use a slug for every email address .
Please, it's urgent, I have deadline until 13.06.2015.
Thanks!
NetriX
NetriX 10
Need help? Having trouble?
» View our Documentation for guides, functions and more - including the Getting Started section!
» Attach Log Files and Screenshots when reporting issues
» My support days are usually Mon-Thurs. Send me a PM if urgent.
» View our Documentation for guides, functions and more - including the Getting Started section!
» Attach Log Files and Screenshots when reporting issues
» My support days are usually Mon-Thurs. Send me a PM if urgent.
- Senior Member, joined since
- Contributed 566 posts on the community forums.
- Started 93 threads in the forums
I'm pretty sure those web pages aren't violating user policies.
I cannot offer a solution as there doesn't seem to be a problem with those pages.
For example of a breach:
thewebsite.com/contact.php?email=true&from=example@example.com
PHPFusion uses POSTS on those pages and no privacy information is being passed via GET.
I cannot offer a solution as there doesn't seem to be a problem with those pages.
For example of a breach:
thewebsite.com/contact.php?email=true&from=example@example.com
PHPFusion uses POSTS on those pages and no privacy information is being passed via GET.
Quote
From Google:
I believe I was contacted in error. Please re-review my account.
If you believe that you were contacted in error, please select this status. In this case, the policy team will conduct a re-review of your account and send you a follow-up message. Learn more about false positives.
foc_in_gaura
foc_in_gaura 10
- Member, joined since
- Contributed 100 posts on the community forums.
- Started 21 threads in the forums
- Started this discussions
In those pages, it was the GET function used. I did replaced every word GET with POST in that files, and it seems to work ok, bunt I'm afraid that my account will be suspended. IDK if that is a solution, but now I'm hanging on every method.
Another problem is that even I restricted google ads on that pages (register, login and lostpassword), on links like this (test), the ads are still shown.
why?
Another problem is that even I restricted google ads on that pages (register, login and lostpassword), on links like this (test), the ads are still shown.
why?
Falk
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 11 questions
The claim that your site would be vulnerable thru these files should be just plain wrong,
We would be swimming in hack reports by now if there were in truth to it.
Follow Netrix tip to request a re-evaluation from someone that has a better understanding and just don´t go by POST / GET variables.
If you exclude correctly the panel should be excluded, always exclude with a slash like
/lostpassword.php
/login.php
etc.
We would be swimming in hack reports by now if there were in truth to it.
Follow Netrix tip to request a re-evaluation from someone that has a better understanding and just don´t go by POST / GET variables.
If you exclude correctly the panel should be excluded, always exclude with a slash like
/lostpassword.php
/login.php
etc.
foc_in_gaura
foc_in_gaura 10
- Member, joined since
- Contributed 100 posts on the community forums.
- Started 21 threads in the forums
- Started this discussions
It's not totally wrong from them,
I attached a printscreen with the type of link is generated for recovering password. Thee problem is the email in that link, which google thinks is not ok for privacy . It's against their rules.
It wouldn't be a big problem, but the restriction for the /lostpassword.php is not working when is followed by the rest of the link (as in the printscreen).
The solution for my problem would be to alter the lostpassword link using .htaccess, replacing the email address with a slug.
Second solution would be to be able to restrict the ads panels in all password recovery pages.
Please help, it's urgent!
I attached a printscreen with the type of link is generated for recovering password. Thee problem is the email in that link, which google thinks is not ok for privacy . It's against their rules.
It wouldn't be a big problem, but the restriction for the /lostpassword.php is not working when is followed by the rest of the link (as in the printscreen).
The solution for my problem would be to alter the lostpassword link using .htaccess, replacing the email address with a slug.
Second solution would be to be able to restrict the ads panels in all password recovery pages.
Please help, it's urgent!
Falk
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 11 questions
Just restrict the content in the panel then..
Code Download source
if (!preg_match('/lostpassword.php/i', $_SERVER['PHP_SELF'])) {
//Panel Content
}
foc_in_gaura
foc_in_gaura 10
- Member, joined since
- Contributed 100 posts on the community forums.
- Started 21 threads in the forums
- Started this discussions
That worked. Thanks.
If Google will still see that my website have issues, will there be a solution to remove/replace the email tin that type of link?
If Google will still see that my website have issues, will there be a solution to remove/replace the email tin that type of link?
NetriX
NetriX 10
Need help? Having trouble?
» View our Documentation for guides, functions and more - including the Getting Started section!
» Attach Log Files and Screenshots when reporting issues
» My support days are usually Mon-Thurs. Send me a PM if urgent.
» View our Documentation for guides, functions and more - including the Getting Started section!
» Attach Log Files and Screenshots when reporting issues
» My support days are usually Mon-Thurs. Send me a PM if urgent.
- Senior Member, joined since
- Contributed 566 posts on the community forums.
- Started 93 threads in the forums
If no ads are being served on restricted pages, I see no cause for concern.
There is always an option to remove, although manual programming is required.
There is always an option to remove, although manual programming is required.
foc_in_gaura
foc_in_gaura 10
- Member, joined since
- Contributed 100 posts on the community forums.
- Started 21 threads in the forums
- Started this discussions
OK, I hope that google will let me do my work :).
foc_in_gaura
foc_in_gaura 10
- Member, joined since
- Contributed 100 posts on the community forums.
- Started 21 threads in the forums
- Started this discussions
Sorry for double post, but I have another request.
How can I make this code to work on pages with account activation link ?
How can I make this code to work on pages with account activation link ?
Code Download source
if (!preg_match('/lostpassword.php/i', $_SERVER['PHP_SELF'])) {
//Panel Content
}
Falk
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 11 questions
You just select from what file to exclude with the filename , it should not make any differance on activation links or not
foc_in_gaura
foc_in_gaura 10
- Member, joined since
- Contributed 100 posts on the community forums.
- Started 21 threads in the forums
- Started this discussions
Yes, but Iwant to use both lostpassword.php and register.php . Thanks!
Falk
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 11 questions
Something like
Code Download source
if (!preg_match('/lostpassword.php/i', $_SERVER['PHP_SELF']) || !preg_match('/register.php/i', $_SERVER['PHP_SELF'])) {
// Content
}
foc_in_gaura
foc_in_gaura 10
- Member, joined since
- Contributed 100 posts on the community forums.
- Started 21 threads in the forums
- Started this discussions
Thanks! Great support!
foc_in_gaura
foc_in_gaura 10
- Member, joined since
- Contributed 100 posts on the community forums.
- Started 21 threads in the forums
- Started this discussions
Not happy to announce , but I still got the problem (idk why).
Look at this sample file with the information which they say it's not OK.
Please help me to do something to prevent my Google Adsense account to be closed.
Look at this sample file with the information which they say it's not OK.
Please help me to do something to prevent my Google Adsense account to be closed.
Code Download source
Number of domains: 1
Domain: gpszone.ro has 3 unique url(s).
Url group: gpszone.ro/login.php
Found 880 time(s) or 0.26027802 of the total records
Url sample: http://gpszone.ro/login.php?error=1
Record sample: GET /pagead/ads?client=ca-pub-425659606811xxxx&format=897x90&output=html&h=90&slotname=8083039864&adk=3833793710&w=897&lmt=1432450367&flash=14.0.0&url=http%3A%2F%2Fgpszone.ro%2Flogin.php%3Ferror%3D1%26redirect%3D%252Flostpassword.php%253Fuser_email%253Dredacted@example.com%2526account%253D2d3b566c3c6b376d1cd05c6112edcda95e17435360cfb2fde2e52d84b2d0c1c8&resp_fmts=3&dt=1432461164558&bpp=78&bdt=2075&shv=r20150519&cbv=r20150521&saldr=aa&prev_fmts=300x600&correlator=2838445221889&frm=20&ga_vid=*&ga_sid=*&ga_hid=*&ga_fc=1&u_tz=180&u_his=2&u_java=1&u_h=800&u_w=1280&u_ah=760&u_aw=1280&u_cd=24&u_nplug=15&u_nmime=127&dff=gotham&dfs=15&adx=38&ady=185&biw=1263&bih=699&eid=575144603%2C317150304&oid=3&rx=0&eae=0&fc=24&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C760%2C1280%2C699&vis=1&rsz=%7C%7C%7C&abl=CS&ppjl=f&fu=128&bc=1&ifi=2&xpc=yzNczbA286&p=http%3A//gpszone.ro&dtd=3152 HTTP/1.1
Most recent time: 2015-05-31 06:51:40 UTC
Url group: gpszone.ro/lostpassword.php
Found 1710 time(s) or 0.50576752 of the total records
Url sample: http://gpszone.ro/lostpassword.php?user_email=redacted@example.com
Record sample: GET /pagead/ads?client=ca-pub-425659606811xxxx&format=1200x90_as&output=html&h=90&slotname=8083039864&adk=1326996234&w=1200&lmt=1432463347&flash=17.0.0&url=http%3A%2F%2Fgpszone.ro%2Flostpassword.php%3Fuser_email%3Dredacted@example.com%26account%3D4343c88f6e45283cbf2e286f30acd462&resp_fmts=3&dt=1432463346956&bpp=787&bdt=74&shv=r20150519&cbv=r20150521&saldr=aa&prev_fmts=300x600_as&correlator=3497196607489&frm=20&ga_vid=*&ga_sid=*&ga_hid=*&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1200&u_aw=1920&u_cd=24&u_nplug=6&u_nmime=8&dff=gotham&dfs=15&adx=201&ady=185&biw=1891&bih=1094&eid=575144603%2C317150304&oid=3&rx=0&eae=0&fc=24&brdim=3%2C0%2C3%2C0%2C1920%2C0%2C1918%2C1200%2C1908%2C1094&vis=1&rsz=%7C%7C%7C&abl=CS&ppjl=f&fu=128&bc=1&ifi=2&xpc=TZoYdriEWQ&p=http%3A//gpszone.ro&dtd=830 HTTP/1.1
Most recent time: 2015-05-31 06:04:50 UTC
Url group: gpszone.ro/register.php
Found 791 time(s) or 0.23395444 of the total records
Url sample: http://gpszone.ro/register.php?email=redacted@example.com
Record sample: GET /pagead/ads?client=ca-pub-425659606811xxxx&format=300x600&output=html&h=600&slotname=6376261868&adk=1846109464&w=300&lmt=1432638103&flash=0&url=http%3A%2F%2Fgpszone.ro%2Fregister.php%3Femail%3Dredacted@example.com%26code%3Def1a91c794a464475cec40f13c74c6a83f3aff77&dt=1432648902087&bpp=49&shv=r20150519&cbv=r20150521&saldr=aa&correlator=8339459715073&frm=20&ga_vid=*&ga_sid=*&ga_hid=*&ga_fc=1&u_tz=180&u_his=1&u_java=0&u_h=1024&u_w=768&u_ah=748&u_aw=1024&u_cd=32&u_nplug=0&u_nmime=0&dff=gotham&dfs=15&adx=713&ady=191&biw=1024&bih=672&eid=575144604%2C317150304%2C828064100&oid=3&rx=0&eae=0&fc=24&brdim=0%2C0%2C0%2C0%2C1024%2C0%2C0%2C0%2C1024%2C672&vis=1&rsz=%7C%7C%7C&abl=CS&ppjl=u&srr=1&fu=16&bc=1&ifi=1&xpc=UvuD6cRqYi&p=http%3A//gpszone.ro&dtd=1127 HTTP/1.1
Most recent time: 2015-05-31 06:59:27 UTC
Falk
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 11 questions
You can always just turn both sides off for these areas in Settings > Main settings
Exclude Left Panels
/login.php
/register.php
/lostpassword.php
Exclude Right Panels
/login.php
/register.php
/lostpassword.php
Also if login was included in the report the match exclude section did not include it. ( included in the code below)
Exclude Left Panels
/login.php
/register.php
/lostpassword.php
Exclude Right Panels
/login.php
/register.php
/lostpassword.php
Also if login was included in the report the match exclude section did not include it. ( included in the code below)
Code Download source
if (!preg_match('/lostpassword.php/i', $_SERVER['PHP_SELF']) || !preg_match('/register.php/i', $_SERVER['PHP_SELF']) || !preg_match('/login.php/i', $_SERVER['PHP_SELF'])) {
// Content
}Category Forum
Announcements & Security IssuesLabels
None yet
Statistics
- Views 0 views
- Posts 15 posts
- Votes 0 votes
- Topic users 3 members
3 participants
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 11 questions
NetriX 10
Need help? Having trouble?
» View our Documentation for guides, functions and more - including the Getting Started section!
» Attach Log Files and Screenshots when reporting issues
» My support days are usually Mon-Thurs. Send me a PM if urgent.
» View our Documentation for guides, functions and more - including the Getting Started section!
» Attach Log Files and Screenshots when reporting issues
» My support days are usually Mon-Thurs. Send me a PM if urgent.
- Senior Member, joined since
- Contributed 566 posts on the community forums.
- Started 93 threads in the forums
foc_in_gaura 10
- Member, joined since
- Contributed 100 posts on the community forums.
- Started 21 threads in the forums
- Started this discussions
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions