Google To 20,000 Sites: You May Have Been Hacked

    April 16, 2012
    Chris Crum

Google has been sending out a lot of messages to webmasters lately. A lot have been getting them based on questionable links pointing to their sites, in relation to Google’s cracking down on paid blog/link networks.

Now, over 20,000 sites have received messages from Google for a very different reason: hacking (or the possibility of hacking). Matt Cutts tweeted the following today:

Is your site doing weird redirects? We just sent a “your site might be hacked” msg to 20K sites, e.g. 5 hours ago via Tweet Button ·  Reply ·  Retweet ·  Favorite · powered by @socialditto

Barry Schwartz at Search Engine Land claims to have seen some related activity. “I’ve personally seen a spike in the number of sites redirecting from their web site to a non-authorized site recently,” he writes. “The webmaster is typically unaware of this redirect because the redirects only occur when someone clicks from Google’s search results to the web site. Typically the site owner doesn’t go to Google to find his web site, the site owner goes directly to the site.”

It’s unclear if Google’s messages are related, but TheNextWeb recently reported on some hacking that was going on, on some sites, where the hacker was sneaking in and inserting backlinks to his/her own spammy content, and even messing with canonical link elements, tricking Google’s algorithm into thinking the hacker was the originator of content, even though he/she was simply scraping. They were even able to hijack +1’s in search results.

Google has a help center article in Webmaster Tools about what to do if your site has been hacked. That includes taking your site offline and cleaning it of malicious software, and requesting a malware review from Google.

“You can find out if your site has been identified as a site that may host or distribute malicious software (one type of ‘badware’) by checking the Webmaster Tools home page (Note: you need to verify site ownership to see this information.),” says Google.

Google sends out notices to affected sites at the following email addresses: abuse@, admin@, administrator@, contact@, info@, postmaster@, support@ and webmaster@.

Google bases its identifictions of “badware” on guidelines from, the company says, though it also uses its own criteria and tools to identify sites that host/distribute badware.

“In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message,” Google says in the help center. “If you feel your site has been mistakenly identified, or if you make changes to your site so that it no longer hosts or distributes malicious software and you secure your site so that it is no longer vulnerable to the insertion of badware, you can request that your site be reviewed.”

Google has instructions for cleaning your site here. This involves quarantining the site, assessing the damage, cleaning it up and asking for Google to review it.


Chris Crum
Chris Crum has been a part of the WebProNews team and the iEntry Network of B2B Publications since 2003. Follow Chris on Twitter, on StumbleUpon, on Pinterest and/or on Google: +Chris Crum.