For over a decade, Google has been playing an active role in keeping web surfers and website visitors safe from websites that intend to do them harm. It’s been called the “Safe Browsing Initiative”. Whether it’s a website that has been hacked and defaced, or a website that has been infected with a malicious virus, Google Search generates a warning to the visitor. If you’re using Chrome you’ve likely seen the big red screen saying “malicious script detected, are you sure you wish to continue”.
Google sends a notice to the website owner (through webmaster tools) to give the website owner a heads up. It’s then up to the webmaster to fix the site, and re-contact Google to state that the issue has been fixed. At that point, the warning is removed and life continues forward as usual.
Google Announcement via Their Blog On November 8th, 2016
“Sites in violation of Google’s Malware, Unwanted Software, Phishing, and Social Engineering Policies show warnings until Google verifies that the site is no longer harmful. The verification can be triggered automatically, or at the request of the webmaster via the Search Console. However, over time, we’ve observed that a small number of websites will cease harming users for long enough to have the warnings removed, and will then revert to harmful activity.”
You can read the full posting here: https://security.googleblog.com/2016/11/protecting-users-from-repeatedly_8.html
The announcement goes on to say that should a user violate the terms and policies specified by Google, Google will impose a 30-day punishment. We see webmasters all the time claim that “Google punished my website.” Usually, these claims are untrue and is just the perception of the website owner, but with this new change, there may be some grounds for concern.
The 30-day ban or punishment basically means that should your website be distributing malicious content, and your website visitors receive the red warning page just as normal. If you submit to Google that you have fixed the problem, and they re-detect it, you will be placed on a list where you can not re-request a Google review for a minimum of 30 days.
Help – I’ve Been Hacked and Punished By Google
As you can imagine, closing a business’s doors for 30 days could be detrimental to their business, especially online. It is imperative that webmasters and website owners are actively monitoring their website for such violations or they may quickly find themselves without a business to run.
Over the past few years we’ve received a number of requests from people who have had their website hacked and need help restoring or fixing a website. Having had experience in the web hosting world for over 17 years, I’ve dealt with my fair share of hack mitigation and investigation. It’s something I enjoy troubleshooting/fixing. Often the hack is a result of software/scripts on a website that were not updated (especially with Magento, Joomla and WordPress).
If you’re facing a hack on your website, or are receiving notices that your site contains malware, contact us, we can help.
Website Hacks May Not Receive The Penalty
Google has specifically stated that routine website hacks generally will not fall under the “Repeat Offender” rules, and the change in policy is directed mainly at websites that purposely try to skirt the rules;
“Please note that websites that are hacked will not be classified as Repeat Offenders; only sites that purposefully post harmful content will be subject to the policy.”
What do you think of the policy changes? Ignoring the section regarding “purposefully post harmful content” could your site be on Google’s radar? The big question that I have is why not include websites that are hacked, don’t fully patch a site, and get hacked again?
I’m sure it’s only a matter of time before Google removes the “purposefully” verbiage and addresses it for all sites.