Dealing With a Google Malware Warning

A short while ago I was working with a clients site which got hacked and subsequntly penialised by google with the dreaded malware distribution warning. The following is my account of how we dealt with the issue and my advice to anyone who finds themself responsible for a site with a similar problem.

In this case the cause of the malware warning was a hack which exploited a wordpress vulnerability so I guess the first lesson here is if you’re usig wordpress or any other open source software to run your site make sure you’ve got the latest security updates in place. In this case I think this would have prevented some future headaches.

Anyway so I’m also assuming that if you’re reading this, like my client your site was distributing malware inadvertedly. If you’re doing it on purpose I’m not sure what you can do, maybe stop, or get better at it!

Locate the problem with Google Webmaster Tools

First thing to do if you’re not already- register with Google Webmaster tools and get verified. This is the only way to get the malware warning lifted and get your site back in the index.

So the first we knew about the problem was conducting some searches for the clients main keywords and finding their listing accompanied by the ‘this site may harm your computer’ message. If you get this message the first thing you want to do is login to your google webmaster account- you should see a message here which will tell you more about the source of the problem, including the infected pages.

Actually I think if you’re a verified webmaster you should get an email telling you about the problem. For whatever reason we didn’t receive this email. I guess the advice connected to this would be to ensure the email address associated with your webmaster account is your main address so you receive these notifications.

Removal

Right, so the first thing you need to do is remove the source of the problem. In this case it was simply a matter of removing an iframe which linked to a malicious site. This is quite a common problem. The other one to look out for are hidden links and redirects to dodgy sites which are popular with hackers.

It’s important you remove the malicious code from the entire site, not just the page which webmaster tools is telling you about. As far as I can tell the webmaster console will only tell you about problems with the first page Google finds. If you clean up this page only, chances are Google will find more problems when they revisit. The trick here is getting rid of all the problems first time to avoid having to go through multiple review requests.

Request a review

Once you’re sure you’ve got rid of all the malware problems/ malicious code you can request a review by Google through the webmaster console.

It’s hard to know whether these reviews are actually checked by humans or robots but I think it’s worth crafting an intelligent message to go with your review just in case someones actually reading it. I would include the following:

• What happened to cause the problem
• What you’ve done about it
• What you’d done to ensure it doesn’t happen again
• Mention if you’re an adwords customer

In my own experience the first review took about 12 hours. The developers missed some of the malicious code and we had to go through a second review, meaning the whole process ended up taking about 36 hours before the warning was lifted from the site. If we got rid of all the malware in he first place it would have been sorted in 12. I’ve since heard others who had similar problems having the malware warning lifted in about 3 hours. Maybe Google are getting faster at it.

What else can you do?

If you’re running adwords it might be worth asking your account manager to put on a word for you. We did this in this case and who knows it might have sped things up. We had to pause the Adwords campaigns associated with the site which prehaps incentivised Google to get the site cleared (although adwords links aren’t actully effected by the malware warning).