Is Your Website A Malicious Malware Haven?

Writing by Nick Stamoulis on Sunday, 26 of October , 2008 at 7:00 am

The Google Webmaster Central blog paints a vivid picture of an innocent website that gets mixed up in bad company and becomes the carrier of malicious malware. Could that happen to you?

Sure. I think it could, and if you don’t take precautionary measures it just might. Here’s a little snippet of what Google had to say:

The good news is that your grandmother is still kind and loves turtles. She isn’t trying to start a botnet or steal credit card numbers. The bad news is that her website or the server that it runs on probably has a security vulnerability, most likely from some out-of-date software. That vulnerability has been exploited and malicious code has been added to your grandmother’s website. It’s most likely an invisible script or iframe that pulls content from another website that tries to attack any computer that views the page. If the attack succeeds, then viruses, spyware, key loggers, botnets, and other nasty stuff will get installed.

That’s pretty gruesome. Your grandmother is a sweet old lady who wouldn’t harm a fly. Everyone knows that. And when your best friend Bob’s grandmother lands on your grandmother’s cooking website, well, things can get really nasty, and I’m not talking about bread dough falling flat. Is there protection for your grandmother? What can a webmaster do to prevent this type of hack from taking place on their site?

First, make sure that you don’t “hang out” in bad neighborhoods. Research the server that your site is located on and try to find out what other kinds of sites are on it. If possible, get a dedicated server, which is a server that your site and your site alone sits on. It’s more expensive, but you won’t have to worry about bad guys in your neck of the woods.

CMS systems are particularly vulnerable to attacks. They are easily hacked unless you go through the trouble to secure them properly. Make sure that you do. Better yet, code your site in HTML and CSS, if possible. Coded sites are less vulnerable to hacks.

You can also request a malware review of your website from Google. It’s best to do that if you think you may have been hacked or if you have just cleaned up your site and you want to be sure you got it all.

From time to time you probably want to search out your own sites on Google and see if you get the message “This site may harm your computer” associated with it. When you log into your Google Webmaster Tools account you should get a notification from Google that your site has been flagged. If you see one of those then it’s time to take action. Google will not give you advance warning so you need to take action as soon as you see the message. You will lose traffic if you don’t clean it up because if you’re seeing the message then it is appearing in the Google SERPs when people search for information that you provide.

Two sources you can go to for more information about bad malware are:

                      Category: Webmaster Tools                      
1 Comment

Comment by Oliver Fisher

Made Sunday, 26 of October , 2008 at 2:21 pm

All good advice. You should also monitor your domain’s sysadmin email addresses. Google usually sends email to those addresses when the malware warning label is applied: http://www.google.com/support/webmasters/bin/answer.py?answer=45432#2
Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Search Engine Optimization Journal is an SEO Blog that discusses Search Engine Marketing, Search Engine Ranking and Positioning for the new and advanced reader.
Learn more about this SEO blog.