What to do when your site gets blacklisted

Most site owners only start to think about security when their site gets hacked (infected with malware) and blacklisted by Google.

So, here is what you need to do once you find out that your site is blacklisted:

*If you are registered with us already, don’t worry about it, just open a support request (we will take care of it).

  1. Save your index file and put a new one saying something like “site is under maintanence, come back soon”. It will avoid that more users get infected through your site.
  2. Scan your site for malware. You can register with us and run a complete scan or use our free (but limited) scanner: http://sitecheck.sucuri.net.
  3. Remove the identified malware. If you can’t find where it is, check some of these articles with ideas on how to find/remove malware:
  4. If you are using a CMS (WordPress, Joomla, osCommerce, etc), update it to the latest version asap. If you can, remove all plugins and themes and start fresh.
  5. Change all your passwords and make sure your desktop is not infected. This post gives some tips on how to secure your desktop.
  6. Login on Google at: https://www.google.com/webmasters/tools/. (If you don’t have a Google account, you will need to create one).
  7. Add your site on GWT (Google Webmasters Tools) using the “add site” button and follow their instructions to verify your site.
  8. Click on “Request Review” to get it re-verified by Google (and wait. It will take a few hours (up to a day) before Google clears your site):

Requesting blacklist removal

Those are the recommended steps. If your site is blacklisted, you will get a warning when visiting it (if you are using Chrome, Firefox or Safari):

Warning: Visiting this site may harm your computer!
The website at www.xxx.com contains elements from the site xyz.com, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.

Inside GWT (Google’s webmasters tools), it will also give you the details:

Dear site owner or webmaster of site.com,
We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.

Below is an example URL on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs…

Once you’ve secured your site, you can request that the warning be removed by visiting

http://www.google.com/support/webmasters/bin/answer.py?answer=45432

and requesting a review. If your site is no longer harmful to users, we will remove the warning.

Sincerely,
Google Search Quality Team


To avoid getting your site blacklisted or with malware, visit http://sucuri.net to learn about our site security monitoring and malware removal solutions.

Scan your website for free:
About David Dede

David Dede is a Security Researcher in the SucuriLabs group. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.