Yes, You’re An Attack Site That Contains Malware, Now Here’s What To Do About It

SMS Text

Yes, You’ve Been Labeled An Attack Site, Now Here’s How To Fix the ProblemIt’s undeniable how powerful search traffic can be from Google. In addition, search marketers understand how important a specific listing can be in the SERPs. Even if you have high rankings, a poor title or meta description can really hurt your click through.

Now imagine someone messed with that listing (like Google) and injected one line saying something like “This site may harm your computer”. Now how would you feel? I know some search marketers that would blow a gasket over someone messing with their listing, let alone adding something scary about viruses and malware.

Let’s take a quick look at a potential scenario. Imagine you woke up one morning and noticed a drop in search traffic from Google. Your first move might be to check which categories and keywords were impacted. But upon further analysis, you notice a larger drop in traffic, and not just from search. Now you’re really concerned…

Then as you’re doing some test searches, you notice a new line in your listing (in the SERPs) and then a great interstitial page scaring potential visitors away. That’s when you realize what happened… you’ve been labeled an attack site by Google!

What Does That Actually Mean?

This doesn’t mean you’re a horrible person, that your staff suddenly became a freewheeling bunch of hackers overnight, or that your company’s master plan was to infect the world with malware.

It simply means that Google’s automated scanning system has flagged your site for containing malicious content (which doesn’t mean you put it there.) You can’t blame them right? They want to protect users and not be associated with evil things like malware. So, let’s take a closer look at what your potential visitors (or customers) are seeing.

The Manifestation of Being Labeled an Attack Site…It’s Not Pretty

First, when searching on Google, visitors might see a message in the SERPs notifying them that your site has been identified as an attack site and that it may harm their computer. {How’s that for generating high click through!}

Google warning about malware

Then, if you are lucky enough to have some brave Google users that day who actually decide to click through, they will be taken to an interstitial page further warning that your site is an attack site and could hold malware. {What do you think this does to your click through?}

Google warning about the malware

But it doesn’t stop there…to make things worse, Firefox 3.x users who are about to visit your website will also be taken to a specific page explaining that they might be visiting an attack site. In addition, this doesn’t have to be from a search listing. It’s a bright red page with warnings that your site has been identified as an attack site and can harm their computer.

FireFox message to warn about the malware

One piece of advice, don’t take this lightly and think many people aren’t seeing these messages. If you see it, don’t assume this is an anomaly. Denial won’t help your situation. It’s a problem that can seriously impact your business. Your goal at this point is to fix the problem and ensure Google and its partners know your site is free of malware.

Quick Note About the Firefox 3.x Warning

I saw this exact warning message last week, and I can tell you, I wasn’t about to click through to the site in question. Firefox receives a continuously updated list of websites labeled as attack sites and will warn users when they attempt to visit those sites.

Although I’m going to explain how to resolve attack site issues below, Firefox users may still receive that warning message after Google clears your site (due to caching). I’m not saying they will see that message forever, but there may be some lag between the site being cleared and the data that Firefox is using to flag attack sites. That’s even more reason to act quickly…

Will I Be Notified That I’m An Evil Attack Site?

Yes, you should be notified via Google Webmaster Tools (GWT) that your site has been flagged. If you don’t know what Google Webmaster Tools is, then visit the site and sign up today. In my opinion, it’s an absolute necessity for several reasons beyond the one covered in this post.

If you have already set up GWT and your website has been flagged as containing malicious content, you should receive a message from Google in your message center and see a warning on your overview page. To get to your overview page, you would click through to one of your websites listed on your GWT dashboard. Google should also identify which URL’s were flagged as containing malware.

Here is a sample message from Google (which was provided on their blog post about warnings for hackable sites):

Google message sent to hacked sites

Taking Action and Making Your Case

So what can you do if your site is labeled as an attack site? Simply put, target the root problem and move quickly. The Google Webmaster Central Blog has some great tips for sites that have been flagged.

I would identify the problematic URL’s via webmaster tools, track down the specific issues security-wise, and fix those problems as soon as possible. For example, is badware being downloaded from your website, are you linking to malware, do ads on your site link to malware, has your site been hacked, etc.

Once you determine the issues and fix the problems, you can request a review to determine if your site is clean. You can request a review from within Google Webmaster Tools (see screenshot below for the link.) Google will reevaluate your website relatively quickly, and if they determine your site is clean, the removal of malware messages could occur in a timely manner (even within 24 hours).

The scanning process is fully automated, so there are times your site can be scanned within a few hours (although that’s not guaranteed).

If you need to take down your site temporarily while fixing the problem, then make sure you return a 503 status code, which will prevent it from being crawled.

You can also visit to request a review. You can read more about stopbadware on their website, but they partner with Google’s anti-malware team to communicate information about websites that have been deemed a threat.

You would first want to search their database to see if your site was showing up as being flagged. If it was, you can click through to a report about your site, and then click “request a review” to have them check your site again. But don’t do this unless you are confident that your site is free of malware…

Some Final Tips:

  • Set up Google Webmaster Tools for all of your websites. It provides a wealth of information and tools that can benefit you as a website owner (and for SEO purposes.)
  • Check the Google safebrowsing diagnostics page for your website. You can use the following link and append your own URL to the querystring to see what Google’s automatic scanners have found. If your site has been flagged, check webmaster tools to identify the problematic URL’s.<site-name-here>
  • Be vigilant and analyze your websites frequently using your web analytics package. That might sound obvious to many of you, but ensure you know when traffic drops, which channels drop off, which keywords drop off, etc. For example, if you checked your analytics reporting for the previous day and saw a significant traffic drop, you might reveal that it was Google organic traffic, which typically led to a specific landing page. Then you could possibly begin to target a problem quickly.
  • Analyze new content hitting your site as much as possible (including advertising). For example, do you have a new content partner? Find out exactly where their content is coming from, are they scanning that content on a regular basis, and can they provide references you can actually speak to? For example, one call could save you days of headaches and lost traffic (and possibly revenue). i.e. “They were great other than that attack site problem last summer.” 🙂
  • Secure your website. Stopbadware has some excellent tips for cleaning and securing your website. Spend some time reading the information they provide. It could save you from dealing with a stressful malware situation…

So there you have it. If you wake up one morning and find out you have been labeled an attack site, you can get over the shock quickly and start to tackle the problem. I recommend that you bookmark this page and the pages I linked to from this post. They can get you moving in the right direction so you can clear your name in a timely manner. And that will be good for you, your company, your customers, and your job security. 🙂

If anyone has experienced other malware or attack site situations, please feel free to share them below. I’d love to hear how you tackled the situation and cleared your website!

Glenn Gabe is an online marketing consultant at G-Squared Interactive. He currently helps clients maximize their digital marketing efforts via SEO, SEM, Social Media, Viral Marketing and Web Analytics. You can read more of Glenn’s posts on his blog, The Internet Marketing Driver and you can follow him on Twitter to keep up with his latest projects, news, and updates.

Subscribe to SEJ!
Get our weekly newsletter from SEJ's Founder Loren Baker about the latest news in the industry!
  • Dan Nedelko

    Looks exactly like my post from a few weeks ago.

    Not that it’s a unique thing but the screenshots are almost identical 🙂

  • Glenn Gabe

    Hi Dan. Thanks for your comment (and the link to your post about wordpress injection attacks). I never saw your post before, and to be honest, there’s only 1 screenshot that’s the same (and it’s a standard image from Firefox!) 🙂

    I’m glad you tackled the problem from a wordpress standpoint. I think your post will save many wordpress bloggers time in the future (the ones that have to deal with this problem). My post focused on any website that is labeled as an attack site (like what I saw last week.)

  • Gerald Weber

    This is some great information. I have never personally had this problem but I have seen it happen to others and it could definitely be the kiss of death for search traffic. Now I know how to hanlde it if it ever comes up. Thanks for this great and important information.

  • Glenn Gabe

    Thanks @Gerald. I’m glad you liked my post. My goal was to prepare website owners for the worst. I’ve come across many people that didn’t know that this could even happen (warnings in the SERPs, interstitial pages, etc.)

    I’m glad you now feel prepared! 🙂

  • Dan Nedelko

    No Worries 🙂

    It’s all good, getting tagged as an attack site is nothing but a pain. Thankfully Google is relatively quick in their turn around time.

    Cheers mate.

  • Dawn Wentzell

    I’ve had this happen to a couple of clients recently after the servers they were on were hacked. Glad to know I was doing the right things to fix it!

  • منتديات سعودي

    It’s all good, getting tagged as an attack site is nothing but a pain. Thankfully Google is relatively quick in their turn around time

  • Russ

    I see this happen to a lot of Joomla sites.

  • Funny

    Had this happen on several sites. A prudent idea is to sign up with a host that will monitor exploits for your software. ( you have to let them know which ones you have installed and they will keep an eye out for you)

  • kuzey halı yıkama


  • pracas upreti

    the same problem that i faced before weeks, the main cause was , im unknown from where it came to my laptop, when i uploaded the template file of my website , it was inside my index.php file, so it was also uploaded. The site was built in joomla.

    I faced the problem , at first i was so panic that the website was not opening in firefox , and in google search result , it was showing , this site may harm your computer .

    I removed the file and replaced it , and send a review email to , on next day the site was ok ,

    well i googled a lot but was unable to found any help rather then google webmaster and stopbadware.

    thanks for it glenn , its very useful if someone has the same problem as mine , thanks a lot

  • Glenn Gabe

    @funny, I agree with you. Finding a hosting provider that will assist you is incredibly important. In my experience, that’s been a hard thing to find. It’s worth asking your current hosting provider asap (and when /if you are looking to move providers.)

  • Glenn Gabe

    Thanks @pracus, I’m glad you like my post and thank you for sharing your story. I’m also glad your site was cleared in less than a day. I’m sure it was a shocking experience to be labeled an attack site! I wish my post was up and running before it happened to you, though. 🙂

  • Margarita

    It just happened to me and I am still dealing with it. I have absolutely NO tech knowledge and so I need to rely on other people. My host (GoDaddy) says that they see no malware or hacker attacks and my developer cannot find any either. Still Google says I have malware. What do I do? I am getting really desperate here! My site went live (in Joomla) on May 25th and on May 29th this issue came up. Before that my site had no problems like these at all (and I’ve had the site for 5 years).

  • izmir halı yıkama

    Thank you for sharing a great site