What To Do if Google Says 'Your Website May Be Compromised'
If you're a webmaster, five words you never want to find on the search results for your website on Google are, "This site may be compromised." The fact that hackers and crackers are making a picnic lunch out of your website pretty much means your immediate future has already been planned for you. Anything else you had scheduled for the day is now on the back burner, thank you very much.
If this warning from Google pops up, you don't have to feel like the Lone Ranger. Misfits are always targeting Web pages like yours. And because it's such a frequent event, Google has created a new notification that helps webmasters discover if their site has been altered by an unauthorized third party.
In short, Google has expanded it search results notifications to ensure searchers who visit compromised sites via Google won't be plagued by spam, malware or other dangerous activity. Google attempts to detect signs of a hacked site as soon as possible through the use of a number of automated tools. It then alerts the webmaster -- if that person or your company has a Google Webmaster Tools account -- to the problem as soon as possible.
Note: If you do not have a Google Webmaster Tools account, go get one, NOW!
The good news for webmasters is that as soon as the problem is corrected, Google says it can remove the warning notice automatically. The bad news is, that can take several days (however, webmasters can request a review of their site post-cleanup, and that, according to Google, will speed up the process).If you see the notification "This site may be compromised" on your site's listings, here's how you can begin to clean up the wreckage:
- Quarantine your site: Take your site down immediately and contact your Web host. Change the passwords for everyone who uses the site as well as all accounts.
- Assess the damage: Visit Google's diagnostics page at http://www.google.com/safebrowsing/diagnostic?site=www.example.com (you must replace "example" with your URL) to see what Google's scanners discovered. Scan all your content, and if your site has been infected with malware, check the malware page in Google's Webmaster Tools. Also on that page is a URL Removal tool to remove hacked pages or URLs. Report phishing pages to the Google team and be sure to read What to Do If Your Website Has Been Hacked by Phishers.
- Clean up your site: If you have backups of your content, replace it. If you can access your server, you should update any software packages to the latest version and reinstall your operating system (but only from a trusted source). Then, change your passwords and get your system back online.
- Get a Google review of your site: Once you've confirmed that your site is clean, you can ask Google to review it in order to expedite removal of the warning from your site's Google's search results. Without such a request, removal can take several days. Just sign into Webmaster Tools with your Google account and ask for a review of your site.
Complete directions are available from Google Webmaster Central by visiting http://www.google.com/support/webmasters/bin/answer.py?answer=163634.