Google Thinks your Site is Hacked: 10 Steps to Avoid this Situation

Posted By Shane Sevo on Tuesday, December 9, 2014 - 11:08

Nothing is worse than having your website black flagged or blocked by Google. Businesses of all sizes rely on Google search traffic to acquire new leads, offer products and services, and generate sales or donations.  Let’s consider the statistics-- almost 64% of internet search traffic is fueled by organic search and current search rankings give Google a market share of close to 68% (upwards of 80% for mobile search).  This is effectively a search monopoly.  Follow these 10 steps to ensure your website is not reported as "hacked" in Google search results.

STEP 1: Make Sure Google can Crawl Your Site

In order for your business to have a chance online, it must be in good standing with Google.  New websites that appear online are indexed almost automatically by Googlebots.  It is possible to manually revoke access to your site for indexing by these bots. To ensure that the Googlebot is not blocked by your website:

STEP 2: Determine if Your Site has been Compromised

Once you have cleared through this basic setup, your site will be indexed by Google and begin to rank within search results pages.  These steps will put you in a good position to deal with any future flagging or blocking by Google due to a suspected compromise.  If Google detects that your site could be compromised and potentially dangerous, they will begin to warn potential visitors in the search results.

this site may be hacked example graphic

The phrase “This site may be hacked.” will begin to appear directly underneath your search results.  Needless to say, this will not encourage a higher click through rate and will have a significant negative impact on your site traffic.  Other phrases may report as the following.

  • ‘This Site May Be Compromised’

  • ‘This Site May Be hacked’

  • ‘This site May harm your computer’

  • ‘Visiting this site may harm your computer’

Google presents the following explanation and rationale for why these messages may appear under your site within search results.

To protect the safety of our users, we show this warning message for search results that we believe may have been hacked or otherwise compromised. If a site has been hacked, it typically means that a third party has taken control of the site without the owner’s permission. Hackers may change the content of a page, add new links on a page, or add new pages to the site. The intent can include phishing (tricking users into sharing personal and credit card information) or spamming (violating search engine quality guidelines to rank pages more highly than they should rank).

STEP 3: Check for a Malware Infection

In some situations your website or server may be compromised by a Malware infection that could affect other computers.  Modern web browsers like Google Chrome and Mozilla Firefox check against these flags and trigger a warning message in the browser environment, effectively putting a halt to web traffic.

google hacked site browser warning

Run the Google Safe Browsing Diagnostic.

https://www.google.com/safebrowsing/diagnostic?site=Google.com

The "?site=" url parameter will allow you to run any site you want through the Safe Browsing Diagnostic.  Swap out the Google.com at the end of this address with your website and run the diagnostics.  This diagnostic page will give you an extremely valuable at-a-glance summary page of the status of your site over the last 90 days.  Use this information to guide the rest of your investigation and cleaning efforts.

  • What is the current listing status of this site?
  • What happened when Google visited this site?
  • Has this site acted as an intermediary resulting in further distribution of malware?
  • Has this site hosted malware?
  • Next steps

STEP 4: Quarantine and Clean Your Site

Google may or may not provide additional information to you as a site owner.  It will be on you to investigate the issue and determine how your site has been compromised.  Depending on the level of the compromise, this may require a complete server restore from a known clean backup.  This could take your entire website offline for hours or days depending on your ability to respond to such an emergency situation.  Google outlines a procedure for quarantining your site, discovering the issue, fixing the problem, and resubmitting to Google for a clean bill of health.

STEP 5: Develop a Proactive Plan for the Future

The aforementioned scenario puts you into a reactive posture as a webmaster or site owner.  If you are a marketing manager getting ready to launch a new campaign designed to increase traffic to your site, this will put a big monkey wrench in the works.  A better approach is to proactively monitor and protect your site from vulnerabilities.

STEP 6: Secure your Hosting Environment

Maintaining the security of your hosting environment is an important step.  Depending on your hosting support contract, this may or may not be addressed in a timely manner by your web hosting provider.  Contact your hosting provider and find out what their policy is for securing your hosting environment against known vulnerabilities.

STEP 7: Secure your Websites

Once you have taken care of the general security of your web hosting environment, you need to address each of your websites.  Static HTML websites that are only accessible for edits via FTP are usually quite safe from attacks.  Code scripts like content management systems that allow for user logins and file uploads create possible security compromises by their very nature. If you are the owner of an open source CMS like Drupal, then you have additional concerns as security releases are announced.

STEP 8: Monitor Software Security Releases

SA-CORE-2014-005 was released on October 15th of 2014.  This vulnerability was actively sought out by hackers from around the world and exploited by black-hat scripters.

 

  • Drupal core 7.x versions prior to 7.32.

Update: Multiple exploits have been reported in the wild following the release of this security advisory, and Drupal 7 sites which did not update soon after the advisory was released may be compromised. See this follow-up announcement for more information:https://www.drupal.org/PSA-2014-003

STEP 9: Keep your CMS up to Date with Security Patches

If you own a Drupal 7 website and you are not sure about the level of your updates, it is recommended that you check immediately to ensure your site is at 7.32 or later.  In some instances, Google may report a warning on search results based solely on an algorithmic check of your website’s Drupal version.  In this case, your website does not even need to be compromised by a hacker in order to trigger the warning message.  Using a tool like Drupal X Ray can help to expose vulnerabilities by checking the update level of your Drupal website, but it is only the first step.

STEP 10: Consider DrupalCare Pro-Active Support

At Commercial Progression we take a PRO-ACTIVE stance to Drupal web monitoring and maintenance.  All of our DrupalCare clients are routinely reviewed for known vulnerabilities.  Updating your website before there is a problem is key to the health of your web presence.

Our 10 step Drupal security audit guide demonstrates a core part of our regular client review process.  Download this guide for a step by step process to secure your Drupal website today.

10 Step Drupal Security Audit Guide, Free Download