Warning! This Site May Harm Your Computer

0 +1
in SEO

by Ryan Morben

Warning! This Site May Harm Your Computer

With website owners keen to know what Google likes/dislikes on their website(s) it is increasingly common to have both Google Analytics and Google Webmaster Tools setup to keep an eye on websites. In fact, for most clients, Caorda will either add these for free or charge a very small one-time fee to get setup. 

Because of how responsive these services are to website problems more and more Google is stepping into the role of detecting malware and providing the initial notification.

How common is malware?

I am using an example from this week. Most of the data in the example was obfuscated, but the dates are real. The website in question wasn’t a customer we manage, which is why there’s a 4 day delay where this site was issuing a warning for users coming from Google’s search results:
Malware warning on website from Google

The above image can be replaced with browser specific warnings depending on the situation. Here’s a Chrome alert:
Google Chrome browser malware warning

A malware infection could be completely invisible for the owner of the infected website. Viewing the website using a browser without malware detection could result in nothing that indicates any differences or problems. If the malware is only targeting traffic from GoogleBot then the infection becomes even harder to detect.

When Google’s crawlers become aware of malware they will attempt to make contact with the website owner to get the issue resolved. A typical malware notification from Google will look like this:


Subject: Malware notification regarding site.com

Dear site owner or webmaster of site.com,

We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.

Below are some example URLs on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs):

http://site .com/
http://www.site .com/
http://www.site .com/sample.pdf

Here is a link to a sample warning page:
http://www.google.com/interstitial?url=http%3A//site.com/

We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn’t monitor for malicious user-contributed content
3) the site displays content from an ad network that has a malicious advertiser

If your site was compromised, it’s important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites:
http://www.stopbadware.org/home/security

Once you’ve secured your site, you can request that the warning be removed by visiting
http://www.google.com/support/webmasters/bin/answer.py?answer=45432
and requesting a review. If your site is no longer harmful to users, we will remove the warning.

Sincerely,
Google Search Quality Team

Note: if you have an account in Google’s Webmaster Tools, you can verify the authenticity of this message by logging into https://www.google.com/webmasters/tools/siteoverview and going to the Message Center, where a warning will appear shortly.


When you login to your Webmaster Tools you will be able to go into the Security section and load a report on the current detected malware.

If you don’t like the cramped style of the pop-up window you can export the report to a spreadsheet and it looks something like this:

Example export of website malware report from Google

As you can see Google is trying to make it easy to find locations where detection has occurred and includes examples to look for. In the above example it’s an iframe injection from an insecure WordPress plugin.

Confirming the Malware

Google is still run by humans so it’s not surprising that the initial reaction is to get some confirmation of the malware alert. The subject line of emails sent to me on this topic are usually something like:

“This looks bogus but I am forwarding to be safe…” 

So far this year I haven’t seen any false positives reach any of our clients but all of them are pretty sure they can ignore the issue regardless of the details urging immediate action.

Google’s suggestion to reach out to “StopBadware.org” is great! They are a non-profit organization devoted to keeping track of trustworthy resources for assisting webmasters with hacked websites. 

One of the best resources on the site is Sucuri.net’s Sitecheck malware tool. It’s so easy to use you can launch it right from our blog:

Enter URL for Malware Check: Check Website

Resubmission Request

The next step, when you are absolutely sure the infection has been found and removed completely, is to file the resubmission request with Google. Skipping this step could lead to your website being removed from the search results entirely! Do not skip this step!

To start the reconsideration process you need to login to webmaster tools, locate the security alert, and at the very bottom you’ll find an option to submit your website for reconsideration of the malware status. 

If you are successful at removing the infected files you will get a response from your resubmission request that looks like this:

http://www.site.com/: No malware detected

February 25, 2015

Congratulations! Google has received and processed your malware review request. We did not detect any malware on your site.

As a result, we’re removing the malware warning from your site. This may take some time to happen. (You can check the status of your malware review at any time using Webmaster Tools.)

To keep your site safe, we recommend the following:

  • Ensure you’ve enabled message forwarding in Webmaster Tools. This will ensure that you get notified straight away if we discover any more critical issues on your site.
  • Visit Webmaster Tools to regularly check up on site health.
  • Check out stopbadware.org for updates and best practices on keeping your site safe and secure.
  • Ensure you’ve enabled message forwarding in Webmaster Tools. This will ensure that you get notified straight away if we discover any more critical issues on your site.
  • Visit Webmaster Tools to regularly check up on site health.
  • Check out stopbadware.org for updates and best practices on keeping your site safe and secure.

Get more information in our Help Center.

That’s it! If you go test a Google search your website should show in the results and should no longer display malware alerts based on Google data.

Web browsers, security plugins/tools, and other services that feed from data outside of Google may still have warnings and where possible you should consider triggering a re-check within their services to clear your malware status as quickly as possible.

If you do not have Google Analytics and Webmaster tools setup, but want to make sure you’re getting notifications of malware and other website/search issues, please don’t hesitate to contact us.

Malware Monitoring & SEO Reporting

Caorda has both unmanaged and managed monitoring services for our client websites that we check at different intervals.

Client websites on our unmanaged monitoring service get checked regularly for a very low one-time setup fee. Client websites on our managed monitoring service are checked daily (often hourly) for a wide range of issues and qualify for discounted SEO reports but require monthly payment or a prepaid package.

We are just finishing off the re-design of our SEO reporting system, but when it is complete, clients will also be able to choose between basic email reports that run automatically for 12 months, or paying monthly fees for advanced SEO reports that are completely customizable and brandable.

Share your thoughts!