Has your web site been marked with the “This site may harm your computer” label in the Google search results? It doesn’t take the brains of a rocket scientist to know that this is going to affect the rankings of your web site – if not immediately, then surely in a few days.
By the way, my web site too had the same problem and this article details what I learn and how I tackled the issue. So why does Google display this message and how can you get it removed?
Update – Google admits mistake: On the 31st of January 2009, all results on the Google search engine displayed the “malware warning” (as I like to call it). The company admitted it was a human error. Read more to know how even big businesses screw-up sometimes and how they rectify the situation quickly.
I’ve already written about the Google search engine safety procedures and security measures in Google Chrome. The “This site may harm your computer” label is displayed when Google suspects the web site would infect visitors’ computer with malware (read, bad programs); and in all cases I have come across, including my own, they have been correct!
You need to take Google’s warning seriously because just visiting the site can infect the system with malware. One doesn’t need to click on anything on the web page – simply loading it in a browser would install malware on your computer. And this is why I recommend using Google Chrome (download and install instructions) because it actually deters you from visiting sites that may harm your computer – refer Chrome safety and security measures.
All infected pages that I have come across have the HTML <iframe> code which points to a domain that distributes the malware. This code is typically placed right at the end of the web page HTML and you can see it if you view the source. Here are a couple of examples:
Most web site owners would not be aware of this problem till they come across their site’s listing in the Google search results (not true after January 31, 2009 🙂 and surely most wouldn’t even know how or why their web site has been labelled such. “I’m not doing anything wrong and certainly I’m not distributing malware through my web site… yes, yes, I know. I had the same thoughts. But the issue remains… the site is indeed a vending machine for malware.
There is no need to curse Google – they are certainly not playing God (exploiting their number one search engine position) – in fact, it’s the other way round, Google is only helping you.
When I came to know of this problem on my website, I did a little bit of digging around. Couldn’t find much help on the web on this issue; though I understood the gravity of the situation – my web site a distributor of malware… NO!
I quickly concluded that the cause of all my troubles is the <iframe> code. I didn’t put it there … so who did? Obviously the “bad guys”! FYI, the <iframe> code does not pass W3C validation and this was a nice thing to know as you shall soon see.
My first reaction was replacing the infected pages on the server with clean copies. However, to my utter astonishment when I checked the newly uploaded pages via the W3C validator or viewing the source code, the <iframe> code was back once again – sometimes in a matter of seconds and sometimes it took a few minutes.
I realised there was only way the new pages could be modified – the bad guys were accessing my web site server – they had the login details! Also, the code was probably being appended by an automated program because it was just not possible to do this manually on so many pages so quickly.
So I changed the password to my web server, logged in once again, deleted all infected web pages and uploaded fresh clean copies again. I made it a point to check my web site for a few days… by now it was clear that the problem was solved.
Once you have verified that you site no longer hosts malware or acts as a distributor, log in to Google Webmaster Tools and place a request. The label will probably be removed in a few hours. Google offers additional help on how to go about this in at the Webmaster Central blog.
Final words: Google doesn’t have a personal grudge against you. It’s not their intention to “blackmail” you (as someone mentioned). They understand a web site can be hacked and the webmaster is usually not at fault – heck, Google has done mistakes too. However, they do want to prevent the spread of malware and accidental computer infections of unsuspecting visitors. Your site can be hacked either by your negligence, through the use of third party scripts or bad programming – yes, shit happens. It’s all up to you how to react to the situation.
Laurence Canter and Martha Siegel, creators of the world's first commercial spam, made $100,000 off an ad that cost them only pennies. They had posted the spam message on April 12, 1994 to 5,500 Usenet discussion groups. [more...]