Understanding Search Engine Warnings – Part I – Google – This Site May Be Hacked

If you have any questions about malware, blacklisting, or security in general, send them to us: contact@sucuri.net and we will answer here. For all the “Ask Sucuri” answers, go here.


Question: I just found out that my site is being flagged on Google’s search engine results page with the message “This site may be hacked”. What does it mean?

Answer: This is a good question and one we see often from our clients. We see it so often that we decided to do a series on each type of blacklist warnings that show up on search engines. These are the warnings that we will cover in this series:

Read More

New Google Chrome Blacklist Warning for Macs

If you go to a site that is Blacklisted by Google, you will see a new (and prettier) malware warning now if you are using a Mac:

The Website Ahead Contains Malware!
Google Chrome Has Blocked access to site.com for now.
Even if you have visited this site safely in the past, visiting it now may infect your Mac with malware.

Nothing major has changed, but we found this new wording to be more clear for the end user. So good move from the Google/Chrome team.

Vote SPAM For President: New Election Tactics or Same Old Tricks?

The United States presidential campaign is going full force, and it’s been a doozy. We don’t typically get involved with political situations, short of cleaning some of the crazy defacements we see, this is an exception.

Vote Spam
This election campaign has brought its typical bashing via commercials, the usual rhetoric we see in interviews, and even those cool vote for (plug in your favorite candidate) stickers. My personal favorite was the vice presidential debate which left me feeling like I was on the grade school playground making faces and sticking my tongue out at the resident bully.

Times have adapted a bit, and the tactics have changed along with the advancements in communications, and social interaction. Twitter discussions boasting crazy statistics, Facebook posts about how awesome each candidate is, all of these have even spawned interesting debate and discussion in my own social groups.

Apparently, the crazy and debatably bad tactics stem beyond the historical mediums into our lovely world of geek. I guess it was only a matter of time.

We have drummed up a couple of theories on how this happened, ultimately it’s up to you to decide. More on that at the end.


Read More

Google Safe Browsing Program 5 Years Old – Been Blacklisted Lately?

Today Google released a nice post: Safe Browsing – Protecting Web Users for 5 Years and Counting. In it they provide a good summary of what they have been up to the past 5 years with their Safe Browsing program.

Here are some interesting data points:

  • 600 million users are protected
  • 9,500 new malicious websites are found every day
  • 12 – 14 million Google Search queries show malicious warnings
  • Provide warnings to about 300,000 downloads per day
  • Send thousands of notifications daily to webmasters
  • Sent thousands of notifications daily to Internet Service Providers (ISPs)


Read More

Blacklist Warnings for Users of the Stream-Video-Player WordPress Plugin

If you are using the plugin stream-video-player, it might be a good idea to disable this plugin for now.

The plugin loads a Flash player from “http://rod.gs/_SVP/5.7.1896/player.swf?ver=1.3.2″, a domain (rod.gs) which is currently blacklisted by Google, so anyone visiting your site will get the cross-site warning message. Since it is a popular plugin (with more than 100k downloads), this could be affecting quite a few websites.

Read More

Ask Sucuri: How Long Does It Take For a Site To Be Removed From Google’s Blacklist? – Updated

If you have any questions about malware, blacklisting, or security in general, send it over to us: contact@sucuri.net and we will answer here. For all the “Ask Sucuri” answers, click here

This is an update to our previous post about Google blacklisting. We have some updated numbers to share.

Question: My site was hacked and we cleaned and secured it properly. We also scanned it, and it is showing up as clean. However, it is still blacklisted by Google. How long until they remove us?

Answer: This is a very common question. In fact, every time we clear a hacked site, their owner asks us the same question: How long until that scary red warning sign is gone?

To give a solid answer to our clients, we started to time how long it takes from when the review submission is requested, until the site is reviewed and removed by Google. We have now measured a few hundred blacklist removals and we have some good numbers to back up our tests.

Current Results:

  • Average time from submission to removal: 440 minutes (about 7 hours)
  • Maximum time: 792 (13 hours)
  • Minimum time: 290 (a bit less than 5 hours)

On average, it takes Google around 7 hours to clear your “bad” website from their lists. For our lucky clients, it takes roughly 5-6 hours. Another important point that some people forget is that you need to request a review! Google will not automatically remove a site once cleaned.

How do you increase your odds of getting cleared faster?

  1. Make sure to clean everything up!
  2. Do not remove the infected files, fix them. If you remove them, they will 404, and a 404 will delay the verification (even if you need to leave the file with a 0-size, don’t remove it until after the site is de-listed).
  3. Follow best practices to increase security on your site so that you minimize the risk of reinfection.

That’s it. Let us know if you have any questions or comments.


Is your site hacked? Blacklisted? We are here to help! We can get your sites cleaned up and secured right away!

What to do when your site gets blacklisted

Most site owners only start to think about security when their site gets hacked (infected with malware) and blacklisted by Google.

So, here is what you need to do once you find out that your site is blacklisted:

*If you are registered with us already, don’t worry about it, just open a support request (we will take care of it).

Read More

Blacklisted sites at Netsol

In the last few days many sites hosted at Network Solution got blacklisted by Google. In all of them the report from Google was:

URL: sitename
Last checked: June 2, 2010
General problem
When Google last tested this page, no content was returned from your server.
Instead, the browser was redirected to a malicious web page. It is likely
that your server configuration has been modified.

On the ones that we manually checked, the sites were clean and malware-free (no redirection). They were all hosted at the IP address 205.178.145.65, and it looks like that their other servers didn’t get affected.

What happened? It seems that either that server got compromised affecting all sites on it or a bug on Google’s malware checker.

If your site got blacklisted and it says on the warning page something along these lines: (and you are hosting at that IP address)

Read More

Today is not a good day to be blacklisted

Today is definitely not a good day to be blacklisted as Google seems to be “busy”. We have been trying to help some clients to get their sites reviewed and removed from Google’s blacklist, but all we get at the “Webmasters tools” is: “Our system is currently busy. Please try again in a few minutes.”.

Well, we have been getting this message since last night, so even after removing all the malware and cleaning our client’s sites, we can’t get Google to review them again…

Big fail for google today. They do a good job spotting malware and blocking sites, but they also need to be fast to respond and unblock when a site is clean.Hopefully they will be back soon.