Monday, February 26, 2007 at 12:33 PM
In the fight against badware, protecting Google users by showing warnings before they visit dangerous sites is only a small piece of the puzzle. It's even more important to help webmasters protect their own users, and we've been working on this with StopBadware.org. A few months ago we took the first step and integrated malware notifications into webmaster tools. I'm pleased to announce that we are now including more detailed information in these notifications, and are also sending them to webmasters via email.
Webmaster tools notifications
Now instead of simply informing webmasters that their sites have been flagged and suggesting next steps, we're also showing example URLs that we've determined to be dangerous. This can be helpful when the malicious content is hard to find. For example, a common occurrence with compromised sites is the insertion of a 1-pixel iframe causing the automatic download of badware from another site. By providing example URLs, webmasters are one step closer to diagnosing the problem and ultimately re-securing their sites.
Email notifications
In addition to notifying webmaster tools users, we've also begun sending email notifications to some of the webmasters of sites that we flag for badware. We don't have a perfect process for determining a webmaster's email address, so for now we're sending the notifications to likely webmaster aliases for the domain in question (e.g., webmaster@, admin@, etc). We considered using whois records, but these often contain contact information for the hosting provider or registrar, and you can guess what might happen if a web host learned that one of its client sites was distributing badware. We're planning to allow webmasters to provide a preferred email address for notifications through webmaster tools, so look for this change in the future.
Update: For more information, please see our Help Center article on malware and hacked sites.
Webmaster tools notifications
Now instead of simply informing webmasters that their sites have been flagged and suggesting next steps, we're also showing example URLs that we've determined to be dangerous. This can be helpful when the malicious content is hard to find. For example, a common occurrence with compromised sites is the insertion of a 1-pixel iframe causing the automatic download of badware from another site. By providing example URLs, webmasters are one step closer to diagnosing the problem and ultimately re-securing their sites.
Email notifications
In addition to notifying webmaster tools users, we've also begun sending email notifications to some of the webmasters of sites that we flag for badware. We don't have a perfect process for determining a webmaster's email address, so for now we're sending the notifications to likely webmaster aliases for the domain in question (e.g., webmaster@, admin@, etc). We considered using whois records, but these often contain contact information for the hosting provider or registrar, and you can guess what might happen if a web host learned that one of its client sites was distributing badware. We're planning to allow webmasters to provide a preferred email address for notifications through webmaster tools, so look for this change in the future.
Update: For more information, please see our Help Center article on malware and hacked sites.
36 comments:
Thank you for doing this - this is long overdue - What else will are you considering releasing or updating?
Thanks for taking comments - hope the first three 'comments' do no ruin it for everyone else
We don't have a perfect process for determining a webmaster's email address, so for now we're sending the notifications to likely webmaster aliases for the domain in question (e.g., webmaster@, admin@, etc).
...
We're planning to allow webmasters to provide a preferred email address for notifications through webmaster tools, so look for this change in the future.
Do you not also email all the users who added the site to their Google Webmaster Tools console and verified the site? If not, would it not be worthwhile doing that too? You already have the email address used for their Google Account, so why ask them for another one? (Although the option to provide another one would obviously be good too.)
It would be awesome if there was a tool that we could use to check if a site had malware on it. You could use it on forums or what not to check a URL before making it a link in a discussion.
>> It would be awesome if there was a tool that we could use to check if a site had malware on it.
Niels Provos independently worked on such a tool. Visit http://www.spybye.org/
Better?
My site was hacked in mid December by this iframe insert redirect. In fact, this article written in September of last year describes it in detail:
http://www.heise-security.co.uk/news/78635
I contacted stopbadware.org and the site was re-instated nearly a month later.
The result? My site's rankings in Google are basically non-existant to this day. I had pages showing up as #1 for many keywords and now they are not even listed.
The ISP mentioned in the above article dropped the ball by allowing this to happen 3 months after the article was written.
So a legitimate business has now been penalized by Google for over 2.5 months now for the actions of hackers and the in-action of the ISP.
Do I sound angry? You bet!
So if you get the warning about the insert on your site, don't expect your traffic or your rankings in Google to return anytime soon.
I've basically been "put out of business" while the ISP's, stopbadware and search engines pat themselves on the back, like is being done in this article.
The technology behind this is often pretty confusing to the novice. I feel this page has helped with that. A year ago seeing that a blog was crawled with a spider to me means that there was some insect infestation in the server room!
R2K
I've just discovered that our small, non-profit website, www.westfield-bni.com, was flagged as MALICOUS by "stopbadware.org. Despite the fact that this organization states that it is a policy to notify Web Masters, we were not notified at all. What's more, it is puzzling how this site became flagged as dangerous as it is predominantly html-only with some minor scripting for navigation. As per directions, I have appealed to 'appeals@stopbadware.org' in hopes that they will correct this error. The concern is that if “stopbadware.org” chooses not to respond, or choose to ignore my request for whatever reason, there is no recourse. While the mission of this organization may seem legitimate, it could as easily become vigilante in nature. Who is policing the police? Are we guaranteed a review or response and if so, in what period of time? Is there an appeals process? Who manages the appeals process? Websites have become of vital importance to business and I feel hostage to this undefined process. I hope that this issue is resolved immediately for this false designation as malicious is hurting our ability to operate our business.
I've never been notified of the "this site may harm your computer" warning that Google has falsely attributed to my badware-free wbesite ( www.tiswasonline.com ). A good job my site is non-profit, but this false positive is not condusive to me or Google, and neither is it helpful to many innocent webmasters, especially those who rely on a revenue from their sites. I think it's best that Google re-examines the whole system before someone with the clout issues a lawsuit. It's also ironic that there are heavily well-known cracks and serial websites (riddled with badware on almost every page) that are not flagged up as such on Google.
Google, you're normally an excellent company, but you've totally dropped the ball on this one.
StopBadWare.Org is not equipped to deliver on their mission of eliminating malicious sites. They delist sites without informing Web Masters, they are WRONG in many cases, they permanently damage legitimate Web business's rankings, and the "flagged" sites basically have no rights. If StopBadWare.Org is wrong (and they have been multiple times) there is no compensation for the damage they have caused to legitimate businesses and there is no PROCESS they follow about attempts to contact Web Administrators. Any site flagged, is guilty until proven innocent. This is mccarthyism. If Google is to embark down this path, then they need to added a system for "pre-approving" sites and registering with Google so that Web Masters can be duly notitified BEFORE delisting occurs. But then a pre-approval process would be costly to Google, so they would need to charge for it. Then, why not charge for a subscription to such services; it would be like the mafia asking for protection money. If the provider of such a service as provided by StopBadWare.Org was indepedent, that would be different, but Google has the power to simply DE-LIST you without trial or review. Shoot first, ask questions later. I'm sure this organization has stopped some very harmful sites from harming people's computers, but at what expense? Does StopBadWare.Org post what percentage of MISTATKES its makes?? Of course not; it would rather boast about how many sites it is swept up and de-listed. As Web Masters, we need to demand more from an organization such as this, and more from Google if they are to act as police.
It would be extremely useful if you could specify the email addresses that these will be sent from. Those email addresses are often disabled due to being huge spam-pots, so if we could filter for only specific 'from' email addresses that would be useful.
While I find this protection helpful, it has some implementation problems. A website I manage was flagged by Google, but Google was not the first to tell me. I did not get an email at webmaster@orgwithinreach.com or the address registered with Google site manager. A customer told me first!
After searching Google and looking at site manager, I found the message. It was useless at that time. It just sent me to stopbadaware.org, which did not yet have my site in it.
I looked at the source code for my site and I did find the hacked-in java script and immediately removed it. I’m checking it everyday to make sure it doesn’t come back and am investigating what I can to prevent it.
Of course, my site is still flagged. The reply from stopbadaware.org was that it could take up to 10 days for my appeal to be processed. That’s too long for my small business! I am going to stop my advertising with Google until it’s resolved, but this really hurts because our first showroom will be opened within the next couple of weeks.
As I said I think this service is helpful, but there has to be a better way to get my site cleared! Since a Google bot probably found it, couldn’t I ask for it to rescan my site so I wouldn’t have to wait so long?
Today my site is now show the "BADWARE" notification and I have received NOTHING From Google. I have a Google Account that also lists NOTHING for any page on my site. Now my site is FLAGGED and can't be used properly at all.
What do I do to ge this fixed? Nothing that you have stated I was to get as far as notice has happened. I don't have anyhting in my SUMMARY either and I'm NOT LISTED in the offical Badware site. But my site is completely blocked.
I've been reading everything I can on this page about how I can get some help with the Badware Notice on my site. So far there has been NO HELP AT ALL.
I have a site account with Google for my web site: www.shopgaithersburg.com. They have NOT indicated anything is Summary section and my site is NOT list with the Official Badware site.
I am a SMALL BUSINESS and this site is EVERYTHING to my business. I have no badware on the site that I am aware of, but if there is something on the site, or my site was hacked, why hasn't GOOGLE pointed it out in the reports I get.
Now my site is WORTHLESS. I've sent an Email to the Official Badware Site and I haven't received a reply. So basically I get to be walked all over by WHO, WHAT? NO ONE CARES!!!
I'm thinking that maybe someone needs to be sued.
Not one single step was followed where notifying me was concerned and there is NOTHING at all in my account information that EVERYONE says will be there.
If my site was hacked I am not aware, but I am HAPPY to fix anything as long as I know where it is. SO far EVERY PAGE on my site has a bad ware notification.
jlpalfrey, did you see http://www.mattcutts.com/blog/info-about-malware-warnings-and-how-to-appeal-them/ ?
I can't believe how we have slid into this witch hunt with Google and Badware. There should be something in place that tells us excatly why we are black listed and and software to assist in the matter. I run non profit sites and make a living using the web to promote health and wellness and now what. I know, go out of business! Come on, the internet is powered by porn. So if we are on an ivory tower of doing no evil, then Google should censor everything. No violence, no porn, no hate sites, no sites dedicated to blah blah blah
Like many others I am quite frustrated by big brother.
Class Action Law suit-
Would some attorney please stand up?
Yoour Blog entry says that you place as much information as possible on the Google Webmasters site for the web site in question we have recently had an issue but we have had no emails from you nor is there any information on our Google Webmaster pages / or your message center.
I like the idea of what your saying but don't seem to be seeing the action.
I have one other query - I'm not sure how long there is between you discovering a problem and you changing the index but I guess there is a period it is surely in that time frame that it would be most useful to contact the site and provide as much information as possible to solve the problem which you have found.
google erronous states that our site http://www.gma-nitsa.gr is a badware source
we have check and recheck our site and the only possible source of badware can be the google adsense advertisments.
if *anyone* can provide us with some insight (google doesnt give much and we still wait for stopbadware to check our site) please do.
thank you very much
they say that it's better to have out of jail 100 guilty people than to imprison one innocent.
our site, www.gma-nitsa.gr, has been flagged as a badware source. we have check and recheck it. we have also open a discussion in stopbadware.org group - http://groups.google.com/group/stopbadware/browse_thread/thread/097ace758f5607f3/13151903ffac1274#13151903ffac1274 . none can find any problems with our site.
but, after 2 requests for rescan, google insists that we are a badware source.
gma-nitsa.gr is a site dedicated to food recipes and techniques and is named after my grand mothers name, Nitsa. i have it online since 2001 and it is highly reputable with very warm friends.
in the immage http://www.gma-nitsa.gr/images/google-stopbadware/visits.png
you can see the decrease in traffic since google marked our site as a badware source.
if *anyone* can provide me with a contact information, someone in google who can explain the problem it will be very nice.
Thank you in advance for your help.
gEorgE sTaThis
This thing really should be removed. It is the web user's responsibility to deal with understanding that the sites they are visiting may be dangerous. Of course, half the time the warning pops up, it is for a completely legitimate site, and then just turns it into a hassle for actually getting to the destination. Why should this one group have such authority and such audacity as to impose its will upon the habits and livelihoods of so many people without those people choosing such? Utterly outrageous.
Any One out there who knows how things work? my Blog http://franciscushenri-gospels-franciscus.blogspot.com/ is un accesable via google search.
it was listed for some days then dissapeared..? a previous blog, that I removed, is still listed (some times) and of course reads as "page not found.'
The only way I can get to the blog is via my account and this defeats the purpose. Has the right wing religious got to me or am I not doing something..I'm Old!!
Franciscus, specific questions about your site are more appropriate for our Webmaster Help Group than for this blog's comments. I've started a thead here with some answers to your questions.
I have 2 sites that got the "badware" warning page when googled. They both had stat counters from www.statcounter.com .
I removed the statcounter from one site..... got reviewed by google... or stopbadware.org... and the "badware" warning page is now gone. I just removed the statcounter from my other site and have requested review.
I hope that statcounter.com will now write code for stat counters that is not "badware"...because I loved my statcounter...
bxb
More on Stat Counter's code being "badware"...
I really don't care about the visitors to my web-site's monitor resolution or operating system.
I would like to know if there are any "functional" free stat counters available... who's code would not be considered "badware" by stopbadware.org and google.com . Can anyone with google.com or stopbadware.org recommend a free stat counter that will not cause problems?
thanks,
bxb
I just got hit by StopBadware.org.
My question is what gives you guys the right? Stopping so called badware? Laugh my but off guys! It should be the responsibility of the user to protect themselves with security measures. Next thing you know, it will be like the old west and people will just shoot before the trial. Just the kind of thing that can make or break a good company. Hey Google!!!! And StopBadware!!! You guy's are in no way Gods! and I will tell ya, if you keep up this kind of crap, you wont have to worry about being number 2 anymore cause Google itself is now getting a bad rep from all of this.
For all of the other webmasters...DIVERSIFY !!! This unfounded slap on my site, http://thegadgitech.com dosen't really hurt me as 95% of my traffic does NOT come from Google! Post articles and blogs and market somewhere else other than Google! If I depended on search engine traffic, my business and income would have been Gone! So, diversify your traffic to come from other sources and let the so called "Big Guys" take the hit from now on. I have found that if you promote on sites like Digg.com and YouTube, then when a bonehead idea like this comes up, my traffic remains! The guy who wants a lawyer...me too. I would jump on that band wagon. But why not just spread the word as to what's going on to the rest of the world and put a stop to all of this crap! Who's with me? I ain't scared, I have lots of blogs and traffic to let em know how I was treated by this new not cool at all tactic. As far as a webmasters e-mail being hard to manage and contact? That's a bunch of bull! If I can find it, why can't a multi-million dollar company do the same? Hello Yahoo, Adbrite, and so many others!
since i have been flagged today as a badware site, i came along to this blog.
what really bothers me is that i dont get any deeper information about what exactly caused this flagging. i dont have any badware to my knowledge. i only find the info that someone has reported my site to stopbadware, but WHO and WHY, that info that should be available is not. and this is a must.. you always should know who is doing such things
cheers,
christian
wow, i just found out that the sourcecode of my blog contains hidden links to poker pages and such stuff. only in edit mode those links are visible. i wander how this has been hacked in. and i wonder if there is something that can be done to make the owners of the target sites responsible ?
I have recently found out that my website displays the message "This site may harm your computer" when you search for it using the domain name. Luckily the message only shows up for 1 folder and which is something like domain.com/blog/
I have been reading and searching on Google for people with the same problem. I found out I had to do this according to Google
-----------------------
This identification is based in part on guidelines set by StopBadware.org. However, Google uses its own criteria, procedures, and tools to identify sites that host or distribute badware. If you feel your site has been mistakenly identified, or if you make changes to your site so that it no longer hosts or distributes malicious software and you secure your site so that it is no longer vulnerable to the insertion of badware, you can request that your site be reviewed.
Once you have reviewed your site and are sure it is clean, you can can submit a request for review:
1. On the Webmaster Tools Dashboard, click the site for which you want to request a review.
2. Click Request a review.
--------------------------------
I have checked the URL of the site on stopbadware.org and there has been report against it and nothing according to them is harmful. I have also tested the site from some other online sources and I found nothing.
Now I would also want to know where is this in webmasters control panel because I don't see it.
"1. On the Webmaster Tools Dashboard, click the site for which you want to request a review.
2. Click Request a review."
Can anybody help me?
Thanks
Curious.. I just went to stopbadware.org & searched for reports/alerts on statcounter.com -- 0 results. As such, seems StatCounter is still good... wondering if something greater is going on? Seems odd that a "good" site (e.g. yours) plus a "good" counter (statcounter) would be badware.... Wondering the reality on this.
After spending numerous hours going over our website and code, we found no problems whatsoever. So, we did the review thing and low and behold... our site was now good! How was it bad before, nothing done, and then good? I really don't think we need internet cops. What the heck is all the end user anti-this and that for? Somebody to make money or to inform them of malware and viruses? What a frigin waste of my time!
My site: www.nepif.weblet.in is a forum site for education and employment.
I has no malware/badware or whatsoever. Yet it has been flagged as "Harmful" by Google.
That is really frustrating!
Hope this stops!
Hi,
I want to ask one question, few days, back google sent me notice for some virus or bad ware in my site of www.ibtada.com one page, and same day i have removed it, and given message to google from webmaster tools many days back and till now no action is taken and till now its written "
This site may harm your computer.". Pls guide me how google and check it quickly and remove that from my site as i am getting losses due to it.
Google have to send one notice first to webmaster and give at least 1-2 to gix it before appealing that message to any site name.
Pls guide me about that.
Our site, sparkleberrysprings.com/v-web/b2, was blacklisted toward the end of March 2008 by Google, McAfee Site Advisor, Yahoo!, and by who knows what other search engines and software security companies. As far as we could tell this was done at least in part by the zealous efforts of RSA.
A buggy file, xmlrpc.php, in our blogging software, had allowed upload from an America Online account of the old bancopostaonline phishing software, which then proceeded to send out thousands of emails from our site. This is what RSA noticed, and we quickly received a nasty email from them. Our replies, along with a request to send the log files, went unanswered. Blacklisting occurred soon thereafter.
Whether Google and others detected this independently is unclear, since we never received notification by email from anyone at any time. The redirects to the warning page were inaccurate, as the blog page itself was never compromised. The site was hijacked for sending phishing emails, but there was no malware on the page itself.
We removed the phishing software and the xmlrpc file, and that solved the problem.
(Did we notify our ISP? You bet. They did absolutely nothing. We had to figure it all out.)
Our frustration has arisen from the presumption of guilt on the part of google and mcafee, and others. They're very quick to blacklist, but very slow to review and remove blacklisting (several weeks??? come on!!). The route toward correcting the problem is circuitous and arcane, and there is no response so you never know if your efforts are paying off.
And as others have indicated, this has a huge effect on reputation.
If Google and others are going to pride themselves on being quick to respond to sites that have been compromised by badware, then they must be equally quick to analyze those sites. Surely they understand that the vast majority are guilty only of naivety, and not actual malice.
All of this just underscores the zealotry that prompts a quick blacklisting, and the laziness for clearing the victims who are in the majority.
My website has just been flagged and I have no idea how to get reinstated. I have never and never would infect anyone with anything! I am a small webdesigner and it's just a portfolio online. No one contacted me to let me know i was blocked, i just found out myself while searching around on the internet. I tried clicking on the link google gave to try and be re-instated but the link they say to click on isn't there!
Help me!
I need to fix this and I don't have a budget to have someone look into this. Network Solutions which hosts my site says they looked and don't see any bad code there. so what the hell?
Does anyone know how to contact google directly?
who's paying for the web hosting that goes to waste when no one can get to my site?
please email me with any suggestions at swandivedesign@yahoo.com
Stephanie, here's how to request a review of your site.
Hi everyone,
Since over a year has passed since we published this post, we're closing the comments to help us focus on the work ahead. If you still have a question or comment you'd like to discuss, free to visit and/or post your topic in our Webmaster Help Group.
Thanks and take care,
The Webmaster Central Team
Post a Comment