Malware and Trojans and Google SEO

Have you recieved emails from Google on all possible email ids on your website suggesting that your site is potentially harmful to visitors ? Does a Google search result page show “This site may harm your computer” message ? We have seen a rise of this in the recent times , not only among some of our client sites , but also on various other famous and popular websites. This post is dedicated to discussing this issue and its remedies and afterthought.

To start with, it is better to specify that such a measure by Google and even Firefox which automatically adheres to such reports is commendable, no doubt. The notification comes when

• your website actually uses or embeds harmful content / virus / trojan or distributes them
• when your web pages have been coded insecurely – such as not checking for input validations
• Insecure file and folder permissions resulting in XSS injection and MySQL exploits etc
• Your website uses some code that Google does not trust , which could be affiliate tracking code, text link ads code and even Analytics softwares tracking code

While a lot can be written about XSS and MySQL vulnerabilities , that should be the scope of a more detailed post on that topic itself , we have recently come across a more dangerous scenario where websites are getting hackend into via loopholes in FTP. Uploading files to your web server – any web server typically happens through the File Transfer Protocol ( FTP), where the web designer or web site owner uploads files via FTP clients such as FileZilla , CuteFTP or even Adobe Dreamweaver using regular FTP mode. But recently a Trojan named Gumblar has effected thousands of websites and users spreading stolen FTP credentials.

Now if all these are the problems, what are the solutions ?

• The solutions to MySQL injection and XSS are to better coding .
• The insecure file and folder permission should be reviewed based on the applications requirements. Many server administrator and hosting companies also put in many server wide restrictions to disallow hacking attempts.
• To fight against trojans , it is also like fighting against viruses on PC . So probably a better way to protect your password from being leaked,you should think of using SecureFTP or SFTP mode. Almost all servers have this as it is , if it does not , ask your web host ( or host with us 😉 ) to enable SFTP and disable normal FTP.  Regular FTP mode stores the passwords in text mode , where as in SFTP mode the passwords get encrypted, thus preventing the leakage and future hacking or defacements of your website.

So , what happens when you have fixed the security loopholes on your website ? Does Google find about it automatically ? Not really . The following process is needed after you have updated your website with malware removed codes .

Login / create a a Webmaster Tools access and verify your domain ownership. Once you are validated, you will find a message / notification from Google specifying the same Warning for your domain . Just under it will be a button for Requesting a Review of your website from Google, which will happen within 1 week or sooner .  If Google finds no such malware on this reindex , your website shall get a clean chit on the search engine result pages as well . 🙂