What if Google Labels Your Site Malware?

February 15th, 2008 · by David Bradley

Stop Badware Have you ever clicked a hit in Google only to be confronted with a message warning you that the site may harm your computer in some way?

Google malware alert

Usually, this means Google’s bots have spotted some nasty ActiveX component or some errant cookie cutter, or malicious script while spidering the site in question. In the name of safer surfing (and possibly to protect it legally) it then gives you the option to abandon your trip to the nasty site. Of course, you can choose to ignore Google and go there anyway.

But, here’s the worrying part. What if Google mistakenly labels your site or blog as containing malware? Your traffic from the search engine would likely plummet to almost negligible levels as most everyday users will simply assume your site really is bad and on the Google blacklist for a reason and take the next wave instead of visiting your site.

Thankfully, this is not the end of a blogger’s world. Google has an advice page on this very issue and a form that allows you to put the record straight and get your site whitelisted again.

You might also want to check out for more information on the issue of malicious websites at StopBadware.

Perhaps more worrying is the fact that Google may have correctly labeled your site as malware! How could that be, you didn’t upload any nasties to your site? Well, that’s as may be but according to Brian Krebs of the Security Fix blog, more than half of malware sites are actually legitimate sites, just like yours and mine, that have been hacked without visible changes and malicious scripts uploaded on to them so that they become part of some kind of zombie web network doling out nasties to anyone who visits. Tighten your site’s security, keep it up to date, and monitor activity. Google Webmaster Tools can help you out with checking your site for malware. There is more on how to secure your site here.

In terms of protecting yourself when surfing, be sure to install NoScript in Firefox and run immunization in SpyBot S&D. If any readers have other tips about handling malware sites please leave your ideas in the comments box. If you’ve written about this on your own blog remember to include a link.

UPDATE: Oct 17, 2008: The people Google Webmaster Tools have announced that they are checking the hackability of Wordpress and other websites and will alert webmasters of potential problems through the GWMT message system.

5 responses so far ↓

Calaelen // Feb 15, 2008 at 5:49 pm

Thanks for the advice and links to the webmaster resources.

Haven’t seen the Google warning at Google Germany yet..

Calaelen’s last blog post..Deila die kleine Pummelfee
David Bradley // Feb 15, 2008 at 6:39 pm

@Calaelen It’s interesting that they wouldn’t include this warning system in Germany, it’s definitely happening in the US and UK

db
David Bradley // Apr 16, 2008 at 9:14 am

Here’s an additional tip that sounds like vanity, but is simply sense. Search for your domain name in Google without the “.com” and click the link to your site, just to double check you don’t get the malware message. Other than obvious visible signs of hacking it’s probably the quickest way to spot any problems with Google’s view of your pages.

db
Blake // Aug 29, 2008 at 3:53 pm

@David:
Search for your domain name in Google without the “.com” and click the link to your site, just to double check

Better if you search for site:yourdomain.com on Google. If you just search for your domain name, you might get other sites that mention you, or link to you, etc.
David Bradley // Aug 29, 2008 at 5:17 pm

That’s true. But, if you’ve SEO’ed your site right, your domain should be #1 entry. But, yes, point taken.