Google To 20,000 Sites: You May Have Been Hacked

    April 16, 2012
    Chris Crum
    Comments are off for this post.

Google has been sending out a lot of messages to webmasters lately. A lot have been getting them based on questionable links pointing to their sites, in relation to Google’s cracking down on paid blog/link networks.

Now, over 20,000 sites have received messages from Google for a very different reason: hacking (or the possibility of hacking). Matt Cutts tweeted the following today:

Is your site doing weird redirects? We just sent a “your site might be hacked” msg to 20K sites, e.g. http://t.co/r9jOkiOm 5 hours ago via Tweet Button ·  Reply ·  Retweet ·  Favorite · powered by @socialditto

Barry Schwartz at Search Engine Land claims to have seen some related activity. “I’ve personally seen a spike in the number of sites redirecting from their web site to a non-authorized site recently,” he writes. “The webmaster is typically unaware of this redirect because the redirects only occur when someone clicks from Google’s search results to the web site. Typically the site owner doesn’t go to Google to find his web site, the site owner goes directly to the site.”

It’s unclear if Google’s messages are related, but TheNextWeb recently reported on some hacking that was going on, on some sites, where the hacker was sneaking in and inserting backlinks to his/her own spammy content, and even messing with canonical link elements, tricking Google’s algorithm into thinking the hacker was the originator of content, even though he/she was simply scraping. They were even able to hijack +1’s in search results.

Google has a help center article in Webmaster Tools about what to do if your site has been hacked. That includes taking your site offline and cleaning it of malicious software, and requesting a malware review from Google.

“You can find out if your site has been identified as a site that may host or distribute malicious software (one type of ‘badware’) by checking the Webmaster Tools home page (Note: you need to verify site ownership to see this information.),” says Google.

Google sends out notices to affected sites at the following email addresses: abuse@, admin@, administrator@, contact@, info@, postmaster@, support@ and webmaster@.

Google bases its identifictions of “badware” on guidelines from StopBadware.org, the company says, though it also uses its own criteria and tools to identify sites that host/distribute badware.

“In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message,” Google says in the help center. “If you feel your site has been mistakenly identified, or if you make changes to your site so that it no longer hosts or distributes malicious software and you secure your site so that it is no longer vulnerable to the insertion of badware, you can request that your site be reviewed.”

Google has instructions for cleaning your site here. This involves quarantining the site, assessing the damage, cleaning it up and asking for Google to review it.

  • http://www.found.co.uk Keith H

    Dodgy, I guess it pas to check webmaster tools regularly and make sure wordpress and other items are are up to date.

  • http://tryworkfromhome.com Tony Rehor

    I have been warned by Google lately about a problem with one of my sites. I had to pay to have it cleaned. Now I have had no more warnings and I’m still indexed where I was originally.

  • http://www.tipsinablog.com Daniel

    There has been some quite nasty stuff going on in the past, and this still continues today, whereby you get redirected to some really strange pages(sites). Sometimes it is then hard to get out of the page(s), and can become a nightmare…(you get redirected back and forth between different locations/pages).

    They can even stop you from closing your browser(the page/site) will not close up, which can be quite annoying, as you then have to go into your task manager to do so.

    Sadly many sites that are legit, are now going for the “hard sell” and using a number of methods to keep you on their sites, and pushing for a sale…

    Many big(top level) sites, do the same thing, where you are constantly closing popups(sometimes full page) and/or having ads(music) blasting off in the background with out you doing anything.