Thursday, April 08, 2010 at 5:59 PM
Webmaster Level: AllWe’ve been hearing this question for many years from webmasters. That’s why we built features such as the Safe Browsing API, the malware review form, and our Malware details Labs feature.
As of today, once we notice your site is infected, we’ll do our best to send an e-mail to the address you have associated with your account in Webmaster Tools. We believe malware is such an important issue for site owners that being quickly informed is beneficial to you and your website’s visitors.
In addition, we’ve promoted our Malware details feature out of Labs and placed it under Diagnostics. The malware data is now updated four times faster than before, we’ve updated our algorithms for identifying injected content, and we’re now able to identify exploits which we were unable to catch earlier.
We hope this allows you to stay up-to-date with any malware issues we detect on your site, and to fix them quickly.
As always, please let us know if you have any feedback or questions about how to fix malware-related issues in our Webmaster Help Forum.
11 comments:
This is simply awesome. Yesterday, I got an e-mail from Google that my site had "hidden keywords" like:
buy propecia 5mgbuy etc. etc.
When inspecting the HTML, I did indeed found them on Marcofolio.net .
Great work folks!
Thanks for a great work. If google found malware in a site and send mailware details to site owner's emails. That is a great work.
------------------------------
Russia Moldova Louis O'Neill
It would also help though if Google was faster at REMOVING malware alerts.
My server was hacked into - fair enough - and I got a malware email at around 9am GMT.
Within minutes of that email arriving, access to the website via Google searches was blocked and and Firefox users were blocked due to the 3rd party malware alarm.
By 9:30am, I had rolled back the server to an older backup, verified that it was no longer compromised and submitted a review request.
It took until 7pm that evening for Google to respond to the request!
Considering that the whole process was automated, I can't really understand why it took the best part of 10 hours for a bot to spider the site and decide that it was clean.
I endorse the sending out of malware emails and blocking dodgy sites - but Google really needs to be faster at unblocking them as well.
This is absolutely suberb and in my opionion it is a big and most important contribution to internet from google....you are simply the best..
Google is always improving this process, and it gets better and better each time. However, I agree that there is still work to be done in relation to getting warning labels removed faster.
In the Webmaster Help Forum, we frequently see people getting the notices and fixing their sites immediately. However, they don't (yet) have a "Request a Review" link available to them in Webmaster Tools. It will eventually appear many hours later.
This goes beyond the need to make sure that both the www and non-www versions of the sites are added and verified through Webmaster Tools (or that specific sub-domains and directories need to be added.)
Ideally, that red malware warning banner and the "Request a Review" link accessible through the "More Details" link should be available at the same time that the email notifications go out. Site owners should not have to wait to "Request a Review" if they have already fixed their site.
So ... here's to hoping for continued, ongoing improvements to minimize the time before they can actually "Request a Review" ... as well as reducing the amount of time before the review is implemented and completed.
From what we see in the Webmaster Help Forum, this is generally completed in less than 24 hours, but I do understand that site owners would like to get that warning removed within a few hours of having discovered that their site has been flagged. Maybe we're dreaming here ... but we have to ask. :-)
Pardon me, Googlers, but your self-congratulatory post about how you’re actively going to bat for website owners in the battle against malware makes me want to vomit. Here’s exactly what Google had done “for” me.
On 1/31/09, I received a message from Google informing me that my website “may be distributing malware.” I immediately ran a “safe browsing diagnostic report” and found that my site had not been the source of any malware during the previous 90 days. In fact, Google had not even visited my site during the previous 90 days.
Only months later did I learn that Google mistakenly sent this message to nearly all website owners on the above date. Nonetheless, it was the beginning of the end for my website listing on your search engine.
Since that time, Google has been imposing what I believe is called a “domain suppression” penalty on my website, http://www.FunniestTopTenLists.com. Although my site continues to appear in the #1 position on both Yahoo and Bing, it is nowhere to be found when the search term “funniest top ten lists” is entered in the Google search box.
I have repeatedly sent requests to Google, on those rare occasions when I could find a way to (possibly) contact your intentionally elusive organization, begging someone to please tell me exactly why my site is being so severely punished.
Only once have I ever received a “response” from Google. After sending a snail mail to your corporate headquarters, blindly directed to the “Have Some Mercy Department,” I received an advertising brochure for AdWords by return mail.
I considered that to be so downright cruel that I mailed a letter to Brynn Zuccaro, the head of AdWords, not only to report the conduct of one of his employees, but to appeal directly to him in order to finally get an answer to the question: Why is my website being punished by Google?
As usual, he did not see fit to even reply to me.
Today I spent most of the day cleaning up completely innocent sites that I manage. The chain of problems worked thus:
100% innocent site(s) has thumbnail (load counter) served from second "uninfected" site that lists (has links to) third party malware sites. The second site allows sites to list themselves on a "Top Sites" list and Malware sites had signed up. The automatic inclusion is an error on the part of the second site's operators. . . But that is a different issue.
SO, the 100% innocent site gets a full red flag warning page stating "Visiting this site may harm your computer". And then in much smaller text the URL of the second site (which is NOT a malware site or compromised).
Nothing on that first site will harm anyone's computer. Clicking the link to the SECOND party site shows the same message. Now, clicking a specific link on that second site COULD cause a problem but NOT the site itself. I assume the actual malware sites would also launch the same flag.
Now, this is like the boy that cried "Wolf" when there was not one. Innocent sites are having warnings displayed because they link to a site that links to a malware site. . .
Here completely innocent sites isolated by two further layers of warnings are defamed. The first site in question is that of a business client's on-line store so the red flag warning probably had a significant financial cost even if that warning was only up for a few hours AND may have a continuing cost due to defaming their reputation.
This is like someone saying YOU are a criminal because your cousin committed a crime.
HOW FAR is Google going to go? Other sites (such as mine) link to that 100% innocent site separated by two levels of warnings from the actual malware flagged sites. Three levels? Four levels? Any link path at all. . .
AND Warning the site owner or webmaster is fine and dandy IF they are registered with google. But what about the millions (billions?) that are not. .
I have a google webmaster account for my own personal sites but I had not signed up my client's sites. WE had to hear about the problem from a visitor with the latest Chrome browser with high level security settings. Firefox with the default settings did not display the warning.
Good intentions, bad execution, bad results.
It is a good move but it will be really good if Google will send one warning email so that webmaster can fix the malware issue within that grace period (say four days). "The web site is infected by malware" should not be reflected in SERPs if the malware code has been fixed within grace days!
Another way to be notified is to use http://sucuri.net.
It will alert before Google does that you have malware, so you have time to fix before you get blacklisted...
It will also check multiple blacklists (Nortons, Mcafee,) and alert you if your site is there.
I guess the big question is:
"does an individual named Brynn Zycarro even really exist or is it a name that ZooGle made up to use as a marketing tool?"
Hi everyone,
Since over a year has passed since we published this post, we're closing the comments to help us focus on the work ahead. If you still have a question or comment you'd like to discuss, free to visit and/or post your topic in our Webmaster Central Help Forum.
Thanks and take care,
The Webmaster Central Team
Post a Comment