What do you do when your website is blocked by a google malware warning
What do you do when your website isblocked by a Google Malware Warning?Author: Conative Business Inc. (06/01/2011)On a regular day you visit your website and may suddenly see this scary warning "This website atwww.MyWebsite.com (example) has been reported as an attack site and has been blocked based onyour security preference". This is not a fictitious scenario; we have seen this problem hurt businessestime and time again with our clients.If you are a business owner, I bet you will feel the danger right away! This scary warningcan immediately sweep away your frequent visitors, your online customers or anyone else whovisits your site. Nobody will dare to visit or come back to a blocked website because they are worried thattheir computer can be infected with malware. Especially if you have an ecommerce website, you definitelywould want this warning to disappear immediately.But it wont, unless you take the proper actions.It is necessary to know why this can happen, how you can avoid it, or how to act quickly whenyou see this kind of warning.This kind of warning, called Google Malware Warning, is issued by Google when it indexes your websiteand discovers that there is malware source code. This malware can be active and infect visitors who visityour website. Google then issues this warning to protect the visitors and prevent the malware to run in thevisitors browsers. Firefox and Google Chrome browsers always show the warning, while many timesInternet Explorer can still open the website.How the malware can possibly land in your website? There are various possible reasons, including(1) your website has some security holes that make it vulnerable for Internet attacks (2) the server thatyour hosting company uses to host your website is infected with viruses and it affected every websites onthat server (3) Google makes a mistake and gives a wrong warning!
How the malware can affect you and your visitors? There are also various types of malware, but ingeneral, it may use your website as a node to attack another targeted website (known as Denial OfService (DOS) attack), or copy itself to visitors computer and steal their information. The Google Malware Warning (Image is for example only)What should you do when you see such a warning? The first right thing is to call a web securityprofessional immediately. Fixing web security problems is usually NOT something that business ownerswould like to try themselves. Meanwhile, there are a few actions you could take:(1) You should scan your computer, your webmasters computer, and any computers that have access toyour website files, for viruses and malware.(2) You should change all passwords for ftp account, email account, and hosting account.(3) You should request your hosting company to scan their own server to avoid this issue to happen toyou again.The web security expert will screen your website source code for suspicious malware source code andremove them. He/she will also should figure out how the malware can access your website, and fix thesecurity problems.Now, after your website is clean, you or your web security expert can request Google to unblock yourwebsite as soon as possible. There are 2 ways to do that:a. Send a request via http://www.google.com/safebrowsing/report_error/?tpl=mozillab. Use Google Webmaster Tools (https://www.google.com/webmasters/tools) to Request a review. Ifyou have not had an account, sign up for it and follow instruction to verify. This is simple andstraightforward so I will not go into the details.
It may take a few days (2-7 days) for Google to come back and review your website and remove the warning. This is a bit frustrating as you have already done everything you could and still see your website blocked. To avoid this situation, you should:• Find a good hosting for your website. Do not always look for low-cost host, but look for good track record, quick support and secure hosting service.• Choose a good website vendor. Good website vendors are familiar with popular attacks and can prevent known security holes right at the beginning of the website development process. Of course nobody can guarantee a 100% risk-free website (as hackers are also genius!) but it can prevent novice hackers from coming in and out of your website easily!