What to Do with Google’s Malicious Code Security Warning Report
So, you’re running a Website. Your little piece of the World Wide Web is peaceful and harmonious. You awaken; the sun is shining, the birds are chirping. You rub the sleepy crusts from your eyes, stumble to your computer, take a sip of your morning coffee and log into Google Webmaster tools. And then you spot the gruesome, big ugly Google warning.
Unless you’re intentionally hosting malicious software that Google is finding (and I hope you’re not), you’ve probably been a victim of SQL Injection or another technique that puts malicious code, a virus, or something nasty onto your Web pages. This code can harm your users, so the page gets flagged in the Google index with “This Site May Harm Your Computer”.
While in the past, Google would have probably just unexpectedly dropped your site out of the Index….about a year ago they started handling this differently by telling you what pages are causing issues. This is overall a very good thing for the Internet and to keep a Webmaster in the loop. This notification comes with pros and cons:
The pros:
- You get to know the problems, fix them quickly, and get in good with Google again.
- Since Google has implemented this process, you get a handy warning so your Website isn’t getting booted without notice of the cause.
The cons:
- You’re given a constant warning in Webmaster tools (above).
- Your pages are marked in the Google index as “This site may harm your computer”.
- Google also reports to stopbadware.org, which flags your site as potentially harmful.
- FireFox 3.0+ now will label these pages on your site with a big bad red warning page that tells the user that this page has been flagged for serving up malicious code.
How to get rid of Google Attack Site Notices:
- Identify and fix the problem as soon as possible – Google Webmaster tools will tell you what pages they found the malicious code on. Check your code, identify the malicious code, and remove.
- Secure your Site – Take the steps necessary to secure your site so it doesn’t happen again.
- Tell Google the problem is fixed – Log into Webmaster tools and click “Request a Review” on the Malware warning notice. Write them a response telling them that you identified the error, what it was, it was fixed, and if applicable, that the security breach was fixed.
- Tell StopBadware.org that the error is fixed – Search for your site in their Clearinghouse database and request a review.
- Wait – Google will review the site, probably within 48 hours. After the review, you’ll get a notice in Webmaster Tools that your site has been reviewed and has passed. From there, you will have to wait between 1 -4 weeks for the changes to propagate in the Google index.
Problem fixed! Sleep comfortably.
Thanks the information on Google Attack Site notice. hopefully they will respond quicly, they are very quick to collect the money for their Adwords, Google is a blind elephant, too big and clumsy
Hi There,
I’ve followed your instructions step by step.
1st challenge is that there is no request a review showing up on my google tools. Even when I click on the website in question. I have been verified as the site owner.
So I cant get the problem sorted our.
2. I went to StopBadware.org and followed their instructions.
But again there is no “Request an independent review of partners’ findings” button underneath the “Current Activity” section of the report.
So now what? If I cant request a review what can I do?
Hi Andrew,
If you are logged into Google webmaster tools, you should be able to access the “reconsideration” form within the admin panel. The URL is https://www.google.com/webmasters/tools/reconsideration .