: Customer website got blacklisted by Google as Malware Unfortunately recently a customer's website has been reported as Suspicious by Google and blacklisted, Google webmaster tools does not show
Unfortunately recently a customer's website has been reported as Suspicious by Google and blacklisted, Google webmaster tools does not show any information on the infection or when it was detected, it just say that there is an unknown malware leading to a huge loss in income.
I've no idea on how to check if there is actually something malicious in the website, the code seems clean and there are no changes in the creation or modification times of the PHP source code files.
I've also done several anti-virus checks with many services included VirusTotal and ESET end point.
Any of you had a similar problem and can point me into the right direction?
Thank you all in advance.
EDIT:
The website has no CMS, is mostly custom PHP with content written in the template files, it had a link to Ammyy software since a lot and has been removed as it may be reported as Trojan from some antivirus softwares, still nothing changed from Google perspective.
EDIT 2:
Google lifted off the ban without explaining nothing actually.
The only information we got is that for Google a site that was linked to it had a link, again, to Ammy but it was removed as per 2015-12-18, even if the linked website was not marked as suspicious it required to be linked on Webmaster Tools for "Fetch as Google".
Hope that helps.
More posts by @Goswami781
2 Comments
Sorted by latest first Latest Oldest Best
There's a high chance someone messed up your server configuration so that users from certain IP addresses are redirected to something other than what is expected.
If your webpage serving software is apache, check all .htaccess files and httpd.conf (or other apache configuration files) to find any unusual entries. Look for some that reference IP addresses and remove anything unusual.
For example. If you see something like:
RewriteCond %{REMOTE_ADDR} ^xxx.xxx.xxx.xxx$ [NC]
RewriteRule ^(.*)$ example.com/hackedpage [R=301,L]
or even:
RewriteCond %{REMOTE_ADDR} ^xxx.xxx.xxx.xxx$ [NC]
RewriteRule ^(.*)$ /hackedscript.php [L]
where xxx represents each octet of an IP address, then remove such lines because they are designed to redirect computers having such IP address to a different page.
I won't be able to answer further on the configuration unless I see the configuration file.
Also, you may want to check the system firewall to see if it's redirecting users from certain IP addresses to other pages.
Online anti-virus options are not complete. You will want to make sure you use a anti-virus on your hard-drive or in the case of a shared web host, it is possible that one site effects another. You would need to talk to your host for a complete check if that is the case. Please understand that there are viruses that will effect a site from outside of the site. As well, you could have a trojan horse that has nothing to do with the website itself and cannot be seen by an online anti-virus. Also, make sure you are not using JavaScript that is causing a real or false hit. This is often missed. An anti-virus run against the hard-drive can determine this.
Various groups report sites to Google. As well, blacklists are checked often by Google.
Make sure that your site is not blacklisted. I like to use mxtoolbox.com/blacklists.aspx. There may be better options, however, this one is very good and gives details on how to clear your site from a list if you follow the links.
If your site is clean, then it is a matter of time before Google removes the suspicious tag. This is not a fast process, but also not too bad. If you are sure your site is clean, then all you can do is wait.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.