All Collections
Ad Lightning
Blocking
Best Practices for Handling Ad Complaints
Best Practices for Handling Ad Complaints

Experiencing malware threats? Receiving redirect complaints? Having trouble tracking down a rogue ad? Here's what to do next.

Meghan Mark avatar
Written by Meghan Mark
Updated over a week ago

First things first, if you’re getting redirect or malware complaints, do you have blocking implemented? If not, reach out to your Ad Lightning Account Manager to sync on next steps regarding implementation. If protecting your site against malicious ads is your main concern, our blocking solution offers the most comprehensive coverage.

If you already have blocking implemented and your site is the target of a new malicious threat, below are the next steps you and your team can take to help track down the offending ad.

1. Add the destination URL to your denylist in Ad Lightning’s dashboard. (Navigate to 'Settings' in the upper right-hand corner of our UI and click on the third tab, labeled 'Denylist.'

2. Alert the Ad Lightning team to the issue and provide as much detail as possible:

  • HAR file <-- this is the gold standard and will help us most efficiently track down the issue

  • Screenshot

  • Landing page

  • Article URL the issue stemmed from

  • Destination URL

  • Location (city/state)

  • Date/time

  • User's external IP address

  • Connection type (WiFi or data)

  • Browser and browser version

  • Device type/User Agent

Once the Ad Lightning team is made aware of the issue, we’ll move into action on our end by:

  • Temporarily bumping up the scan frequency for your site (if applicable)

  • Attempting to reproduce the issue and identify samples using the details provided to us by your team

Keep in mind:

  • The bad actors are constantly evolving and finding new ways to spread their malvertising efforts and it’s rare that the final destination URL of a malicious ad will effectively block a redirect, since they typically aren't present in the ad markup.

  • Our redirect blocking tech leverages the ability to detect and block specific malicious behaviors as well as our denylist. Our denylist is constantly being updated and is derived from a combination of manual threat research, industry partners via data sharing, and an ML backed automated detection/response system.


Common Questions

I'm not seeing any of the new URLs we've added show up in the UI. Should they be?

Most of these redirect blocks will appear under Wrapper > DFP > filtered by 'Potential Redirect'. These are ads that we've detected specific behaviors present in redirects and blocked them.

Does blocking a URL signature on a redirect attack do anything? Isn't the whole point of a redirect attack that it's really hard to block using the URL?

This depends on how the redirect is being loaded. We have seen instances where the redirect landing page is in the markup, however the more sophisticated threat actors do not typically do this. That said, the full redirect landing page URL does help us gather more details on the threat.

Did this answer your question?