: Google alert on native search page: The site may be compromised While searching for our company name, we get (in the native results page) a message that claims: Webmaster tools does not tell

@Hamaas447

As the page linked by Al Everett says (emphasis mine):


"To be clear, when our malware detection system classifies a site as potentially hosting malware, we show a "This site may harm your computer" message. When we believe a site may be hacked or compromised but have not detected malware, we display "This site may be compromised" as an alert."


So the bad news is, your site has almost certainly been hacked. The good news is that it doesn't (so far) appear to be actively distributing malware to your visitors, but simply feeding your pagerank to spam domains.

The reason you don't see anything wrong when you visit the site is almost certainly that the malicious code injected into your site is set to only run when visited from Google's IP addresses. (It could also be checking the User-Agent string, but in that case you should be able to trigger it by changing your browser's User-Agent string manually to match Googlebot's; I just tried that myself, and got nothing suspicious back.) That's why the spam only shows up in Google's search results and through "fetch as Googlebot".

To get rid of it, you'll want to both remove the existing infection (preferably by restoring to a known-to-be-good backup, to make sure no backdoors are left in place) and update your software to keep it from happening again. (The most common way such spam infections happen is through known vulnerabilities in old versions of CMSes or other widely used software.) For details, see e.g. these instructions from Google or these more general tips from StopBadware.

Vote Up Vote Down