On Jan 25, 2017, Sucuri Digital Marketing Manager, Alycia Mitchell, presented this webinar as a step by step guide to understanding and fixing Google blacklist warnings.
This webinar provided the knowledge to act fast and get rid of those big red warnings on any website.
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
1.
2. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
VALENTIN VESA
Brand Evangelist
@adspedia
3. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
• Digital Marketing Manager at Sucuri
• Data geek and cybersecurity enthusiast
ALYCIA MITCHELL
4. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
HOUSEKEEPING ITEMS
● We want to hear from you
● Question tab in GoToWebinar
● Tweet @SucuriSecurity using #AskSucuri
● Questions will be answered at the end
● All questions will receive a response
● Video and slides coming in a few days
● Please share this content with other website owners
5. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Victoria, BC - Canada
6. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
My Animals
• Loki – Blue Nose Pitbull
• Moonshine – Lab
• Mystic – Cat
7. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Overview of Sections
• What is the Google blacklist?
• Why is your site blacklisted?
• How to remove website blacklist warnings
8. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
What is the Google blacklist?
10. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
95%
Websites lose…
... of traffic when blacklisted
11. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
12. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
10,000
Google blacklists…
… websites per day
13. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
14. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Many website owners only find out their site
has been blacklisted by Google when visitors
or customers mention it…
A monitoring and alerting system will make
sure you detect website hacks and security
issues before Google does.
15. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Website Malware Warnings
• These warnings appear on your site if:
• The website redirects to other malicious websites
• Dangerous websites are sending traffic to the website.
• Web spam or IOCs were found on the website.
• Malicious downloads can harm Google users:
• Viruses
• Spyware
• Rootkits
• Ransomware
• etc.
16. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Deceptive Content Warnings
• These warnings will be shown if:
• Fake pages trick users into entering passwords
• Forgery of legitimate login or payment pages
• Content that tricks users into disclosing information
• Potentially unwanted downloads
• Any content that misleads users:
• Phishing attempts
• Spoofing of legitimate sites
• Fake news and malicious pop-ups
• Unwanted software
• Malicious campaigns on ad networks
17. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
21. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Search Engine Results Page Warnings
• These warnings will be shown if:
• SEO spam or pharma spam is present on the site
• Malicious redirects are detected
• Drive-by-downloads
• If there is no red warning page showing yet:
• Malicious scripts from third-party sites
• Malicious iframes from third-party sites
• Could be a precursor to blacklisting
22. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Blacklist Warning Messages
• The website ahead contains malware
• Danger malware ahead!
• The site ahead contains harmful programs
• The site ahead contains malware
• Reported attack page
• Suspected malware site
• This website has been reported as unsafe
• Deceptive site ahead
• Suspected phishing site
• Website request forgery
• This site may be hacked
• This site may harm your computer
• Unwanted software
23. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Other Website Blacklists
• There are over 100 other website blacklists.
• Antivirus companies, search engines, and browsers.
• We detect the top ten:
• Google SafeBrowsing
• Norton SafeWeb
• McAfee SiteAdvisor
• Bing Blacklist
• Yandex Blacklist
• PhishTank
• SpamHaus
• BitDefender
• ESET
• Sucuri
24. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Why is your site blacklisted?
25. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Google Transparency Report
Click the Details link on your blacklist or go to:
Google.com/transparencyreport/safebrowsing
1. Click Site Status
2. Enter your website URL
3. Click the magnifying glass icon to scan
4. Review the Site Safety Details and Testing Details
27. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Reading the Transparency Report Details
Site Safety Details
• dangerous URLs to note
• intermediary domains
• redirect behavior
• hosted malware
• unwanted ads and apps
Testing Details
• scan date
• discovery date
28. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Scan Using Sucuri SiteCheck
Sitecheck.sucuri.net
1. Enter your website URL
2. Click Scan Website
3. Note any malicious payloads
4. Note any malware locations
5. Check the Blacklist Status tab
29. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
External Scanners vs. Server Side Scanners
• Note:
A remote security scanner browses your site to detect
malicious behavior - but does not have server access.
Some issues can not be detected in a browser
(i.e., backdoors, phishing, and server-based scripts).
30. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Other Website Malware Detection Methods
Free Website Scans
• SiteCheck
• UnmaskParasites
• VirusTotal
• Redleg Aw-Snap
• etc.
Free Webmaster Tools
• Google Webmasters
• Bing Webmaster Tools
• Yandex Webmaster
• Norton SafeWeb
• etc.
31. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Review Google Search Console Warnings
1. Go to Google Webmasters Central:
• google.com/webmasters
2. Click Search Console and sign in with your Google account.
• Add and verify your site if needed
3. Check the Messages and Security Issues section for details.
4. Note any malware locations or files flagged by Google.
32. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Check Recently Modified Files
1. Log into your server using an FTP client or SSH terminal.
2. If using SSH, you can list all files modified in the last 15 days using this command:
• find ./ -type f -mtime -15
3. If using SFTP, review last modified date column for all files on the server.
4. Note any files that have been recently modified.
Unfamiliar modifications in the last 7-30 days should be investigated for malware.
33. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Compare Core Files - Diff Command (SSH)
To check core file integrity with SSH commands:
1. $ mkdir clean
2. $ cd clean
3. $ wget https://official-CMS-example.org/your-cms-version.tar.gz
4. $ tar -zxvf your-cms-version.tar.gz
5. $ diff -r clean ./public_html
34. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
How to remove Google blacklist warnings
35. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
sucuri.net/guides
Step by step walkthroughs for
popular CMS platforms and
website security issues.
Get Instructions
36. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Back Up First!
Before you start any cleanup process, take a
complete backup of your site including:
• Server files
• Database
• Custom files
• Log files
Get a professional to help if you have
concerns.
37. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Remove Hacked Website Content
• Do not overwrite database configuration or custom files.
• Restore using fresh copies of your CMS and extensions.
• Use the exact same version of core files, themes, plugins, extensions, etc.
• Restore from a recent backup
• Make sure it has not been hacked too
• Remove hacked content from database
• Search for backdoors
• Test site functionality
38. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Important Post Hack Steps
• Update all website software to patch any vulnerabilities
• CMS version
• Extensions, plugins, themes…
• Server software such as cPanel and Apache
• Confirm all user accounts are valid and update with strong passwords
• CMS
• FTP/SFTP/SSH server accounts
• PHP admin panels, cPanel, DB configuration password
• Scan all users computers for viruses and malware infections.
39. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Request Review with Google
1. Log in to Google Search Console:
• google.com/webmasters
2. Go to the Security Issues tab.
3. Review the issues listed.
4. Select I have fixed these issues.
5. Click Request a Review.
6. Type detailed information in the box.
7. Click the Manual Actions section.
8. Repeat steps 3-6.
40. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Waiting Period…
•Wait period after submitting request.
• Most take a day or two
• Some reviews can take up to two weeks.
• Manual actions take longer to review
• Google is now limiting repeat offenders
• Do not try to trick Google
• Make sure your site is absolutely clean
• One submission every 30 days
Note: Sucuri will submit blacklist review requests for you!
41. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Bonus Round: How to Prevent Blacklisting
• Harden your website using official best practices for your platform
• File and folder permissions
• Rules in custom .htacccess files
• Security configurations
• Keep your website up to date!
• Make regular backups of your site
• Use strong passwords and limit permissions on all users
• Stay aware of security news and security configuration options
• blog.sucuri.net
• Use a file integrity monitoring service or extension
42. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Shared Server Access Can Be Dangerous
Cross-site contamination happens when one
FTP account has access to multiple websites.
One weak site is all it takes.
Ask your host if they isolate FTP and SSH
accounts for each website on your server.
We recommend using a virtual private
server (VPS) which isolates your server
operating system.
43. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Website Firewall
44. UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
• Time for questions!
• Tweet us any time with your questions @SucuriSecurity using #AskSucuri
• Reach out to Alycia @artdecotech
THANK YOU