Today, we want to talk about malware and hacked sites. You would not believe how common it is. I don’t mind telling you that Donald Trump has had a website hacked. Al Gore has had a website hacked.
So let’s talk about some of the free tools and resources that Google provides, as well as exists on the web, to help clean this stuff up. OK. So, first and foremost, there’s something called the safe browsing diagnostic page. So if you search for safe browsing diagnostic, you will basically find something where you can visit it, and you can say, OK, is this URL, or is this site infected with malware? And so you can enter in a specific URL, and it will tell you yes or no and what the statistics are as far as seeing the malware on the domain, all that sort of thing. The way that it works is actually pretty interesting.
The second thing that you should know about is the ability to do a malware review. You should register your site in Google’s webmaster tools. That’s google.com/webmasters. Prove that you own or control the site, and then, you can click on the diagnostics page. And there will be a tab called malware. And once you’ve cleaned things up, you can click on something that says, request a review, and that doesn’t operate instantaneously. So it’s not as if that causes things to go get scanned in real-time. But it does tend to happen relatively quickly, like in an hour’s kind of timeframe, which is good. Because when you’re stressed and you’ve been hacked and you’re serving up malware, you don’t want to wait days and days. So it can take several hours, but it tends to operate pretty quickly. And what you can do is: when you request a review, we will actually show you URLs on your site that we believe have malware. So that’ll tell you exactly where to go to help diagnose what’s going on, how to debug it, how to clean it up, and then, if for some reason the scan fails and we think that you still have malware, we’ll continue to give you examples of stuff that we think is infected. So you can iterate pretty quickly to clean the malware up.
Now, there’s a third tool. It’s a little more useful for hacked sites than for malware, but you can also do Fetch as Googlebot. And Fetch as Googlebot, basically, is another feature in Google’s webmaster tools, so at google.com/webmasters. And you can say, OK, take a particular page that I have proved that I control or that I own. Fetch it as Googlebot. So Googlebot goes and actually gets the content of that page, and then, Googlebot will tell you exactly what was returned to it. So it’ll tell you if there was a redirect, like a 301. It’ll tell you what the exact content was, so you can look through it, and you can look for any sort of stuff that looks like it’s been hacked or is showing up malware. So that can be extremely useful. Especially for some hacked sites, they’ll show Googlebot the hacked content, but they will not show regular users the hacked content, which is kind of evil and mean and malicious.
There’s a few places where you can look. For example, a lot of people will put stuff in an HT access file. So if you look around, you might be able to find something there. You might also look for SQL injection. Sometimes, people will, if you don’t sanitize your URL parameters, your URL input correctly, then people can find ways to do drop tables, comma, insert malware, that kind of thing. So that’s something to be on the lookout for. It is hard, so don’t feel bad if you can’t find the problem straight off. But if you can look at, not just your source files, right? Because if you look at your source code, it might appear clean to you. You want to look at what is actually being returned in the browser, or fetch it as Googlebot and see what the end user really sees. Because there can be various ways where you think the source code looks clean. But whether it’s a mod rewrite or HT access or something along the way, is that in the malware, so that you only see it when you actually access it as an end user. So you want to pay attention to that as well.
Certainly, it’s the case that you want to keep your system up to date. So if you run WordPress, you want to make sure that you patch that. Whatever CMS you use, you want to make sure you use the most recent version. Because if you’ve made some mistake, you can be hacked again, which brings you to the next point, which is when you think you do have it all clean, and probably even before that, you should change your passwords. So find something that’s a really hard, difficult password. Don’t use 1, 2, 3, 4, 5, 6. Don’t use love. Don’t use God. Don’t use password. Don’t use let me in. Generate some random hash kind of passwords, something that’s really, really strong, because that’s a lot more likely to keep the hackers out.
You can also check out some free websites. For example, if you haven’t seen unmaskparasites.com, that can be a really useful place to talk about all the different attacks that are currently going on. There’s a guy there that’s doing a really good job of showing what some of the current malware stuff looks like.
So keep your server patched, up-to-date. Make sure you have strong passwords. If you do get these messages, you can figure out, is it on my site or is it on a third party site by using the safe browsing diagnostic pages and the malware review. Once you know the actual pages, you can clean them up. Make sure they’re really clean. Submit them, and then get a review back in a few hours from Google to say, OK, the malware’s gone. You can also check whether you’re hacked with Fetch as Googlebot. You can look at SQL injection. You can look at HT access. Those are some of the common ways that people get in. I know that it’s frustrating. I know that it’s really irritating.
But Google takes this stuff very seriously, because if a webmaster accidentally exposes their users to malware, that’s a horrible experience, and they complain to us. So we’ve actually taken a bunch of different ways to try to protect the user, and hopefully, some of these tools will help you in getting rid of the mess and getting things cleaned up. And we hope that, after you get this all done, it’s smooth sailing from then on. Good luck.
by Matt Cutts - Google's Head of Search Quality Team