Being blacklisted by Google is one of the worst things that can happen to a website. The public shame coming from every visitor being stopped by the Big Red Warning page can literally destroy any online business, I am speaking from personal experience before joining the Sucuri team. When a website is blacklisted, users are unable to access the website without specifically agreeing to take on the risks. As a result, blacklisted websites lose around 95% of their traffic.
The following is a true story, based on my personal experience with a blacklisted website. This is actually how I came to know of Sucuri, and how I now work for them as their Social Media Specialist. Have no fear, nothing has been changed; these are real names and events. No additional websites have been harmed during the writing process.
Early Warning Signs of Blacklisting
About 9 years ago, my wife and I started ShoeBox Romania, a social project that coordinates the donation, collection and distribution of personalized gifts that are placed inside shoe boxes, wrapped like gifts, and delivered at Christmas time to underprivileged children in Romania. Each year, at the end of September, I send out emails to our volunteers and partners to get ready for the campaign.
I remember clearly, it was about 4:00 AM and I was using Microsoft Outlook to send an email to my list of around 200 people from the only email account @shoebox.ro. The message was ready. I checked the email draft using itsnotspam.com to make sure that the message would be received by all ISPs, and then I sent it. Unfortunately, itsnotspam.com doesn’t check the IP of the sending domain.
I was used to emails like this taking their time to send out, especially when sending to so many people at once (we have since moved to a dedicated newsletter service). Imagine my surprise when I started seeing bounced emails after 15-20 seconds of the initial email being sent out. My first thought was “oh, the out-of-office replies from people on vacation are coming back,” and I wasn’t concerned. After more and more kept coming, I looked closer at the content, and the situation become suddenly very serious. My heart sank. There was nothing doubtful about warning such as:
551 Denied for Spam 554 Service unavailable; Client host  blocked using Barracuda Reputation 554 Your access to this mail system has been rejected due to the sending MTA’s poor reputation 554 Denied (Mode: normal) 550 5.7.1 Message rejected as spam by Content Filtering 571 spam source blocked – psmtp
Files That Send Email Spam From Your Website?
The first place I checked was the cPanel/WHM Mail Queue Manager, which when properly setup will show how each piece of email that the server sends out was generated. Was it a newsletter script? Was it your website forms? Or was a random file that is actually malware, specifically designed to send out spam from your environment?
And of course, there was a PHP file there, “l.php” which was the email generator for tens of thousands of emails being sent out with very explicit subject lines like “Buy Cheap Cialis Pills Online, Cialis No Prescription. Online …”. Looking at the queue, I was able to see that the emails started sending 3 days before, likely when the infection occurred.
What To Do When Your Website Gets Backlisted
Until that moment I hadn’t visited the website, as I was busy with preparing the newsletter and had been disconnected all weekend. This was early Monday morning… I went to load the website, and then it hit me:
It was obvious what had happened. The attackers loaded a file or more to my website. One of them, the “l.php” mentioned above, was sending out spam, and my website was consequently marked as an attack page. At the time, I did not have a dedicated security service to scan and notify of malware residing on my server. My website was down at a critical time, and as a non-profit organization we couldn’t afford to jeopardize our reputation with volunteers and sponsors.
My Website Got Blacklisted, Now What?
Web-based malware is often how everyday computers become compromised. Legitimate websites are often compromised by hackers in large numbers, and their stolen resources are used together to launch attacks on larger domains. For this reason, websites are often blacklisted by antivirus vendors (Norton, McAfee, Sophos, etc) and search engines (Google, Bing and Yandex). Interpreting Google blacklist warnings can often help to get an initial sense of the problem, but what are you supposed to do?
This can be catastrophic for website owners, especially those making a living with an online business. Your bottom line can be dramatically impacted when a big red flag shows to every customers trying to visit your homepage.
How Did My Website Get Blacklisted?
There is no “one rules fits all” answer to this question, however, based on our extensive experience with helping customers get removed from various blacklists, we can say that there are some common characteristics shared by websites that become blacklisted:
- Website redirects to a porn site, auto loan site, or some other variation
- Website is showing as possibly compromised on Google, Bing or any other number of search engines
- Your host has shut your website down or notified you that you are infected
- You see pharmaceutical references or any other unintentional reference on your website
- You see bank or financial institutions file or folder names on your server (i.e., eBay, PayPal, Chase, WellsFargo, etc..)
- Clients are complaining that desktop AV’s are blocking your website (i.e, McAfee, AVG, Microsoft, etc..)
- You see administrators or users in your website that you didn’t create or authorize
- Your website is flagged as part of a Phishing Lure campaign
Compound Website Blacklisting
What many don’t realize is that a lot of these blacklisting authorities leverage each others networks. This means if one of them sees something, it propagates through the entire network eventually. This is why it’s important you get to the source and engage with the original blacklisting authority.
Whether you’re already blacklisted or are looking at keeping your site from being blacklisted, we can help you regardless of your CMS (ex: WordPress, Joomla, Drupal, etc.) or hosting provider (ex: GoDaddy, Bluehost, Media Temple, etc.)
Life After Google Blacklist
Maintaining your website integrity and reputation is a big responsibility. One that we are happy to share the burden of! Our blacklist removal service will quickly have your website removed from blacklists and cleared of all malware and spam. Even more, we provide continuous website blacklist monitoring as a part of our plans. We keep an active watch on all reporting entities and make sure you know immediately if your website ever gets blacklisted. Furthermore, you can also help to keep your website off of blacklists by using our Web Application Firewall to protect your website from hackers.
After the cleanup, changing and using strong passwords for websites is important: admin panel, FTP, cPanel, DB, email – everything. Choose a responsible web hosting provider who is proactive about securing their servers and implementing policies that protect their networks and their customers. The We Stop Badware™ Web Host program recognizes some web hosting providers by allowing them to make a public commitment to addressing badware and acting as good Internet citizens. Sucuri is also a partner of the We Stop Badware™ project.
Once your website has recovered, it can take some time for traffic to return to normal. It depends on a lot of factors, including the size and type of business, and whether the problem went on long enough to affect your search ranking. Ultimately, Google does not discriminate against you specifically for having been hacked when it comes to search engine optimization, but user behavior is difficult to predict. In today’s online economy, establishing and maintaining the trust of your visitors is paramount to the success of your website.