Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

Breach Notice: Resolving Violations of the Identifying Users Policy

As the title say, Google warned me that my site is vulnerable.

Look at this page, to see what is about. https://support.google.com/adsense/an...3366?hl=en

In the email they sent me, they say that the files :

are the problem.

I removed the ads from that pages. I disabled email confirmation (so it won't appear in the activation link)

They recommend to use a slug for every email address .

Please, it's urgent, I have deadline until 13.06.2015.

I'm pretty sure those web pages aren't violating user policies.

I cannot offer a solution as there doesn't seem to be a problem with those pages.

For example of a breach:


PHP-Fusion uses POSTS on those pages and no privacy information is being passed via GET.


From Google:
I believe I was contacted in error. Please re-review my account.
If you believe that you were contacted in error, please select this status. In this case, the policy team will conduct a re-review of your account and send you a follow-up message. Learn more about false positives.
In those pages, it was the GET function used. I did replaced every word GET with POST in that files, and it seems to work ok, bunt I'm afraid that my account will be suspended. IDK if that is a solution, but now I'm hanging on every method.

Another problem is that even I restricted google ads on that pages (register, login and lostpassword), on links like this (test), the ads are still shown.

The claim that your site would be vulnerable thru these files should be just plain wrong,
We would be swimming in hack reports by now if there were in truth to it.
Follow Netrix tip to request a re-evaluation from someone that has a better understanding and just don´t go by POST / GET variables.

If you exclude correctly the panel should be excluded, always exclude with a slash like
It's not totally wrong from them,

I attached a printscreen with the type of link is generated for recovering password. Thee problem is the email in that link, which google thinks is not ok for privacy . It's against their rules.


It wouldn't be a big problem, but the restriction for the /lostpassword.php is not working when is followed by the rest of the link (as in the printscreen).

The solution for my problem would be to alter the lostpassword link using .htaccess, replacing the email address with a slug.
Second solution would be to be able to restrict the ads panels in all password recovery pages.

Please help, it's urgent!
Just restrict the content in the panel then..

if (!preg_match('/lostpassword.php/i', $_SERVER['PHP_SELF'])) {
//Panel Content


That worked. Thanks.

If Google will still see that my website have issues, will there be a solution to remove/replace the email tin that type of link?
If no ads are being served on restricted pages, I see no cause for concern.

There is always an option to remove, although manual programming is required.
OK, I hope that google will let me do my work :).
Sorry for double post, but I have another request.

How can I make this code to work on pages with account activation link ?

if (!preg_match('/lostpassword.php/i', $_SERVER['PHP_SELF'])) {

//Panel Content


You just select from what file to exclude with the filename , it should not make any differance on activation links or not
Yes, but Iwant to use both lostpassword.php and register.php . Thanks!
Something like

if (!preg_match('/lostpassword.php/i', $_SERVER['PHP_SELF']) || !preg_match('/register.php/i', $_SERVER['PHP_SELF'])) {
// Content

Thanks! Great support!
Not happy to announce , but I still got the problem (idk why).

Look at this sample file with the information which they say it's not OK.

Please help me to do something to prevent my Google Adsense account to be closed.

Number of domains: 1

Domain: gpszone.ro has 3 unique url(s).

Url group: gpszone.ro/login.php
Found 880 time(s) or 0.26027802 of the total records
Url sample: http://gpszone.ro/login.php?error=1
Record sample: GET /pagead/ads?client=ca-pub-425659606811xxxx&format=897x90&output=html&h=90&slotname=8083039864&adk=3833793710&w=897&lmt=1432450367&flash=14.0.0&url=http%3A%2F%2Fgpszone.ro%2Flogin.php%3Ferror%3D1%26redirect%3D%252Flostpassword.php%253Fuser_email%253Dredacted@example.com%2526account%253D2d3b566c3c6b376d1cd05c6112edcda95e17435360cfb2fde2e52d84b2d0c1c8&resp_fmts=3&dt=1432461164558&bpp=78&bdt=2075&shv=r20150519&cbv=r20150521&saldr=aa&prev_fmts=300x600&correlator=2838445221889&frm=20&ga_vid=*&ga_sid=*&ga_hid=*&ga_fc=1&u_tz=180&u_his=2&u_java=1&u_h=800&u_w=1280&u_ah=760&u_aw=1280&u_cd=24&u_nplug=15&u_nmime=127&dff=gotham&dfs=15&adx=38&ady=185&biw=1263&bih=699&eid=575144603%2C317150304&oid=3&rx=0&eae=0&fc=24&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C760%2C1280%2C699&vis=1&rsz=%7C%7C%7C&abl=CS&ppjl=f&fu=128&bc=1&ifi=2&xpc=yzNczbA286&p=http%3A//gpszone.ro&dtd=3152 HTTP/1.1
Most recent time: 2015-05-31 06:51:40 UTC

Url group: gpszone.ro/lostpassword.php
Found 1710 time(s) or 0.50576752 of the total records
Url sample: http://gpszone.ro/lostpassword.php?user_email=redacted@example.com
Record sample: GET /pagead/ads?client=ca-pub-425659606811xxxx&format=1200x90_as&output=html&h=90&slotname=8083039864&adk=1326996234&w=1200&lmt=1432463347&flash=17.0.0&url=http%3A%2F%2Fgpszone.ro%2Flostpassword.php%3Fuser_email%3Dredacted@example.com%26account%3D4343c88f6e45283cbf2e286f30acd462&resp_fmts=3&dt=1432463346956&bpp=787&bdt=74&shv=r20150519&cbv=r20150521&saldr=aa&prev_fmts=300x600_as&correlator=3497196607489&frm=20&ga_vid=*&ga_sid=*&ga_hid=*&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1200&u_aw=1920&u_cd=24&u_nplug=6&u_nmime=8&dff=gotham&dfs=15&adx=201&ady=185&biw=1891&bih=1094&eid=575144603%2C317150304&oid=3&rx=0&eae=0&fc=24&brdim=3%2C0%2C3%2C0%2C1920%2C0%2C1918%2C1200%2C1908%2C1094&vis=1&rsz=%7C%7C%7C&abl=CS&ppjl=f&fu=128&bc=1&ifi=2&xpc=TZoYdriEWQ&p=http%3A//gpszone.ro&dtd=830 HTTP/1.1
Most recent time: 2015-05-31 06:04:50 UTC

Url group: gpszone.ro/register.php
Found 791 time(s) or 0.23395444 of the total records
Url sample: http://gpszone.ro/register.php?email=redacted@example.com
Record sample: GET /pagead/ads?client=ca-pub-425659606811xxxx&format=300x600&output=html&h=600&slotname=6376261868&adk=1846109464&w=300&lmt=1432638103&flash=0&url=http%3A%2F%2Fgpszone.ro%2Fregister.php%3Femail%3Dredacted@example.com%26code%3Def1a91c794a464475cec40f13c74c6a83f3aff77&dt=1432648902087&bpp=49&shv=r20150519&cbv=r20150521&saldr=aa&correlator=8339459715073&frm=20&ga_vid=*&ga_sid=*&ga_hid=*&ga_fc=1&u_tz=180&u_his=1&u_java=0&u_h=1024&u_w=768&u_ah=748&u_aw=1024&u_cd=32&u_nplug=0&u_nmime=0&dff=gotham&dfs=15&adx=713&ady=191&biw=1024&bih=672&eid=575144604%2C317150304%2C828064100&oid=3&rx=0&eae=0&fc=24&brdim=0%2C0%2C0%2C0%2C1024%2C0%2C0%2C0%2C1024%2C672&vis=1&rsz=%7C%7C%7C&abl=CS&ppjl=u&srr=1&fu=16&bc=1&ifi=1&xpc=UvuD6cRqYi&p=http%3A//gpszone.ro&dtd=1127 HTTP/1.1
Most recent time: 2015-05-31 06:59:27 UTC

You can always just turn both sides off for these areas in Settings > Main settings

Exclude Left Panels

Exclude Right Panels

Also if login was included in the report the match exclude section did not include it. ( included in the code below)

if (!preg_match('/lostpassword.php/i', $_SERVER['PHP_SELF']) || !preg_match('/register.php/i', $_SERVER['PHP_SELF']) || !preg_match('/login.php/i', $_SERVER['PHP_SELF'])) {
// Content

Thread Information
16 posts
2526 times
Last Post
Last updated on 5 years ago
You can view all discussion threads in this forum.
You cannot set up a bounty in this discussion thread.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
You cannot up or down-vote on the post in this discussion thread.
Users who participated in discussion: Falk, NetriX, foc_in_gaura