Google Safe Browsing – What it Means for Your Website

In a previous blog post we discussed the rise in IFRAME injection attacks via FTP that insert malicious code into webpages.  If this malicious code exists in any page that Google crawls, and the URL in the IFRAME or JavaScript call is one that Google has identified as potentially harmful or unsafe, it’s very likely your site will be classified as “unsafe” via Google’s Safe Browsing system.

“What is Google Safe Browsing?”

Google Safe Browsing is an extension in Firefox that is automatically included when the Google Toolbar is loaded into the browser. It is also enabled in Google’s Chrome web browser. This extension in Firefox will stop a visitor from going to any website that is listed in its database of unsafe sites (sites Google believes contain phishing, hacking, or malicious content) and will bring up a warning page:

Site Blocked

Site Blocked

Since Firefox is the second most popular browser (30% market share, source: w3counter.com), having your site listed here could be quite harmful to your website traffic.

“How can I find out if my site is listed here?”

Google provides a simple URL you can use to see if your site is listed. For example, to check if www.lexiconn.com is listed, you would go to:

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=https://www.lexiconn.com/

“What to do if you are listed?”

panicDon’t panic.  There are a few easy steps you can follow to identify the issue, clean up the “mess”, and get your site removed from Google’s Safe Browsing database quickly and hopefully permanently.

  1. Identify what pages are infected:
    When you put your website into the Google Safe Browsing Diagnostic URL above, on the page you’ll see this section of text:
    google_safeThe domain(s) listed can be used to find the pages in your site that are infected. You can search for those domains, or ask your host to perform a “grep” for those domains in your files.
  2. Clean up your pages:
    If you know the earliest date that the hackers altered your web pages, you can ask your host to restore the affected files from a backup.  If you’re not sure when the break-in occurred, or the backups do not go far enough back, you’ll have to download your pages, search for “iframe” or “<script>” lines related to the malicious code, remove it, and re-upload your pages.
  3. Close the loophole:
    With the help of your host, find out whether the hackers accessed your pages via FTP, or if it was a vulnerable script in your account. If it was FTP, change your password. If it was a script, update/patch the script as necessary.
  4. Make sure your PC is clean:
    If the hackers used FTP to alter your pages, make sure your PC (and any PC that may have stored your FTP u/p) is clean of viruses and malware by running the latest anti-virus software and malware detection software such as malwarebytes.org
  5. Get de-listed from Google’s database:
    Google provides an easy mechanism to get removed quickly from their database. Log into your Google Webmaster Tools account (you have one, right?) and under the warning section for your site being listed, there will be a “request a review” link you can click to ask Google to review your website, and if no infections are found, have your website removed from the unsafe list.

Looking for a web host that understands ecommerce and business hosting?
Check us out today!

Leave a Reply