Sucuri Webinar: Understand and Fix Google Blacklist Warnings

UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR

Alycia Mitchell| @artdecotech #AskSucuri

VALENTIN VESABrand Evangelist@adspedia



WEBINAR

• Digital Marketing Manager at Sucuri• Data geek and cybersecurity enthusiast

ALYCIA MITCHELL



HOUSEKEEPING ITEMS● We want to hear from you

● Question tab in GoToWebinar● Tweet @SucuriSecurity using #AskSucuri● Questions will be answered at the end● All questions will receive a response

● Video and slides coming in a few days● Please share this content with other website owners



WEBINAR

Victoria, BC - Canada



WEBINAR

My Animals• Loki – Blue Nose Pitbull• Moonshine – Lab• Mystic – Cat



WEBINAR

Overview of Sections

• What is the Google blacklist?• Why is your site blacklisted?• How to remove website blacklist warnings



WEBINAR

What is the Google blacklist?





WEBINAR

95%

Websites lose…

... of traffic when blacklisted



WEBINAR



WEBINAR

10,000

Google blacklists…

… websites per day



WEBINAR



WEBINAR

Many website owners only find out their site has been blacklisted by Google when visitors or customers mention it…

A monitoring and alerting system will make sure you detect website hacks and security issues before Google does.



WEBINAR

Website Malware Warnings• These warnings appear on your site if:

• The website redirects to other malicious websites• Dangerous websites are sending traffic to the website.• Web spam or IOCs were found on the website.

• Malicious downloads can harm Google users:• Viruses• Spyware• Rootkits• Ransomware• etc.



WEBINAR

Deceptive Content Warnings• These warnings will be shown if:

• Fake pages trick users into entering passwords• Forgery of legitimate login or payment pages• Content that tricks users into disclosing information• Potentially unwanted downloads

• Any content that misleads users:• Phishing attempts• Spoofing of legitimate sites• Fake news and malicious pop-ups• Unwanted software • Malicious campaigns on ad networks



WEBINAR









WEBINAR

Search Engine Results Page Warnings• These warnings will be shown if:

• SEO spam or pharma spam is present on the site• Malicious redirects are detected• Drive-by-downloads

• If there is no red warning page showing yet:

• Malicious scripts from third-party sites• Malicious iframes from third-party sites• Could be a precursor to blacklisting



WEBINAR

Blacklist Warning Messages• The website ahead contains malware• Danger malware ahead!• The site ahead contains harmful programs• The site ahead contains malware• Reported attack page• Suspected malware site• This website has been reported as unsafe• Deceptive site ahead• Suspected phishing site• Website request forgery• This site may be hacked• This site may harm your computer• Unwanted software



WEBINAR

Other Website Blacklists• There are over 100 other website blacklists.• Antivirus companies, search engines, and browsers.• We detect the top ten:

• Google SafeBrowsing• Norton SafeWeb• McAfee SiteAdvisor• Bing Blacklist• Yandex Blacklist• PhishTank• SpamHaus• BitDefender• ESET• Sucuri



WEBINAR

Why is your site blacklisted?



WEBINAR

Google Transparency Report

Click the Details link on your blacklist or go to:Google.com/transparencyreport/safebrowsing

1. Click Site Status2. Enter your website URL3. Click the magnifying glass icon to scan4. Review the Site Safety Details and Testing

Details





WEBINAR

Reading the Transparency Report Details

Site Safety Details• dangerous URLs to note• intermediary domains• redirect behavior• hosted malware• unwanted ads and apps

Testing Details• scan date• discovery date



WEBINAR

Scan Using Sucuri SiteCheck

Sitecheck.sucuri.net1. Enter your website URL2. Click Scan Website3. Note any malicious payloads 4. Note any malware locations5. Check the Blacklist Status tab



WEBINAR

External Scanners vs. Server Side Scanners• Note:

A remote security scanner browses your site to detect malicious behavior - but does not have server access.

Some issues can not be detected in a browser (i.e., backdoors, phishing, and server-based scripts).



WEBINAR

Other Website Malware Detection MethodsFree Website Scans• SiteCheck• UnmaskParasites• VirusTotal• Redleg Aw-Snap• etc.

Free Webmaster Tools• Google Webmasters• Bing Webmaster Tools• Yandex Webmaster• Norton SafeWeb• etc.



WEBINAR

Review Google Search Console Warnings

1. Go to Google Webmasters Central: • google.com/webmasters

2. Click Search Console and sign in with your Google account.• Add and verify your site if needed

3. Check the Messages and Security Issues section for details.4. Note any malware locations or files flagged by Google.



WEBINAR

Check Recently Modified Files

1. Log into your server using an FTP client or SSH terminal.2. If using SSH, you can list all files modified in the last 15 days using this

command: • find ./ -type f -mtime -15

3. If using SFTP, review last modified date column for all files on the server.4. Note any files that have been recently modified.

Unfamiliar modifications in the last 7-30 days should be investigated for malware.



WEBINAR

Compare Core Files - Diff Command (SSH)

To check core file integrity with SSH commands:

1. $ mkdir clean2. $ cd clean3. $ wget https://official-CMS-example.org/your-cms-version.tar.gz4. $ tar -zxvf your-cms-version.tar.gz5. $ diff -r clean ./public_html



WEBINAR

How to remove Google blacklist warnings



WEBINAR

sucuri.net/guides

Step by step walkthroughs for popular

CMS platforms and website security issues.

Get Instructions



WEBINAR

Back Up First!

Before you start any cleanup process, take a complete backup of your site including:

• Server files• Database• Custom files• Log files

Get a professional to help if you have concerns.



WEBINAR

Remove Hacked Website Content• Do not overwrite database configuration or custom files.• Restore using fresh copies of your CMS and extensions.

• Use the exact same version of core files, themes, plugins, extensions, etc.

• Restore from a recent backup• Make sure it has not been hacked too

• Remove hacked content from database• Search for backdoors • Test site functionality



WEBINAR

Important Post Hack Steps

• Update all website software to patch any vulnerabilities• CMS version • Extensions, plugins, themes…• Server software such as cPanel and Apache

• Confirm all user accounts are valid and update with strong passwords

• CMS• FTP/SFTP/SSH server accounts• PHP admin panels, cPanel, DB configuration password

• Scan all users computers for viruses and malware infections.



WEBINAR

Request Review with Google1. Log in to Google Search Console:

• google.com/webmasters2. Go to the Security Issues tab. 3. Review the issues listed.4. Select I have fixed these issues.5. Click Request a Review.6. Type detailed information in the box.7. Click the Manual Actions section.8. Repeat steps 3-6.



WEBINAR

Waiting Period…•Wait period after submitting request.

• Most take a day or two• Some reviews can take up to two weeks.• Manual actions take longer to review

• Google is now limiting repeat offenders• Do not try to trick Google • Make sure your site is absolutely clean• One submission every 30 days

Note: Sucuri will submit blacklist review requests for you!



WEBINAR

Bonus Round: How to Prevent Blacklisting• Harden your website using official best practices for your platform

• File and folder permissions• Rules in custom .htacccess files• Security configurations

• Keep your website up to date!• Make regular backups of your site• Use strong passwords and limit permissions on all users• Stay aware of security news and security configuration options

• blog.sucuri.net • Use a file integrity monitoring service or extension



WEBINAR

Shared Server Access Can Be Dangerous

Cross-site contamination happens when one FTP account has access to multiple websites. One weak site is all it takes.

Ask your host if they isolate FTP and SSH accounts for each website on your server.

We recommend using a virtual private server (VPS) which isolates your server operating system.



WEBINAR

Website Firewall



WEBINAR

• Time for questions!• Tweet us any time with your questions @SucuriSecurity using #AskSucuri• Reach out to Alycia @artdecotech

THANK YOU

Social Media

Sucuri Webinar: Understand and Fix Google Blacklist Warnings