Removing Blacklisting Warning from your Website

Removing Google Blacklisting Warning

from your Website

Warning of Google blacklist on your website? Don’t panic. There are thousand of websites that Google blacklist daily. Let’s see how to fix it.

Step 1

IDENTIFY

If you have been blacklisted the first thing to know is the type of warning. Then Review the Diagnostic page and scan for Malware.

Step 2

FIX

How to fix the problem removing file infections from your website, cleaning the database and prevent reinfection with specific actions

Step 3 

REQUEST REVIEW

Once you are sure your site is clean, you must Request a Security Review and wait and be sure of protecting your brand and website, blog or e-commerce

Step 1: IDENTIFY WARNINGS

If you see security warnings when trying to reach your website, the first thing to do is identify the type of warning. This warning message on your site is the key to understand what Google is telling you about the type the security issues on your site. The specific message depends on the virus or browser you are using. The right column lists all the types of warning messages that can appear on your site.

Review Diagnostic Pages

Every warning message on your browser will link to another page that describes why the website has been blacklisted by Google. The main button on the page  is for user visitors with messages like Get me out of here, but usually there is a link for the website, blog or e-commerce owner.

So, what you must do is:

  1. Visit the Google Transparency Report
  2. Enter your website URL
  3. Review the Site Safety Details and Testing Details

You find important info in the report, as malicious content is being detected on your site. And you will need these URLs when you remove the malware from your site.

In addition, some malicious domains that are on your site could be a hidden iframe, external script, or unauthorized redirect. Note these domain names to scan for them in the following section. The important things to look for are:

  • Scan date: how recently Google scanned your site
  • Discovery date: when the suspicious content was originally detected

 Scan your site or sites

Now is time to find any malicious payloads, security issues, malware locations, and blacklist status with major authorities. If you have more than website on your server, scan them all.

Using any of WeSecur’s plans you scan automatically your site so you will already have this info. Although if you don’t have any security maintenance you use any free website scanner as virustotal.

Type of Warning Messages

  • The website ahead contains malware
  • Danger malware ahead
  • Reported attack page
  • Suspected malware site
  • The site ahead contains malware
  • This website has been reported as unsafe
  • Deceptive site ahead
  • Suspected phishing site
  • Website request forgery
  • This site may be hacked
  • This site may harm your computer

Step 2: FIX BLACKLIST ISSUES

Remove File Infections

To remove malware from your site you should be edit files on your server. If you are not comfortable with this, ask for professional help. First of all, you must backup your website.

Files

You can replace infected files if you use a CMS such as WordPress or Joomla. You can use copies of your core files and extensions directly from the official repositories. And with fresh non infected backup copies, you can replace custom files.

Malicious Domains

If the Diagnostic Page indicates any malicious domain or payload, then you can start looking for those files on your server.

Hackers change malicious sites to avoid detection. So, maybe you can not found on your site as they have already been replaced with other domains.

How to Remove a Malware Infection from your Website files

  1. Log into your server via SFTP or SSH.
  2. Create a backup of the site.
  3. Search your files for any reference to malicious domains or payloads.
  4. Identify suspicious or recently changed files.
  5. Restore infected files with copies from the official repository or a clean backup.
  6. Replicate any customizations made to your files.
  7. Test to verify the site is still operational after changes.

 Clean Hacked Database

Usually hosting providers offer PHPMyAdmin to manage your database. If you do not have any tool, you can use Adminer or MySQL Workbench.

How to  remove a malware infection from your database tables

  1. Log into your database admin panel
  2. Make a backup of the database
  3. Search for suspicious content ( as suspicious links)
  4. Open the table that contains suspicious content
  5. Manually remove any suspicious content
  6. Test to verify the site is still operational after changes

Prevent Reinfection

Hackers always leave a way to get back into your site. More often than not, we find multiple backdoors, malicious admin users, and overlooked vulnerabilities.

Start with your computer

We always recommend you to manage your site from a secure terminal. So be sure to have an antivirus program installed. All the people that access to your website, blog or e-commerce must be secure.

There are several free antivirus solutions as Avira or Avast, or paid as Kaspersky or Sophos.

User Accounts

Another important step is to change and clean up your user accounts. To do so:

  1. Confirm all website user accounts are valid:
    • CMS users
    • FTP/SFTP/SSH users
    • Database administration panels (PHPMyAdmin, etc.)
    • cPanel accounts
    • Hosting company logins
  2. Change all passwords for all users.
  3. Enable two-factor-authentication if it is available.

Patch Vulnerabilities

It is crucial to update all the elements of your website. We know it takes time, but worth it. So, make sure to update:

Backdoors

This can be one of the main reasons for reinfection. If you don’t close all backdoors your site will be reinfected. So, look for files named similar to CMS core files but located in the wrong directory.

Usually backdoors include this PHP functions: base64, str_rot13, gzuncompress, eval, exec, create_function, system, assert, stripslashes, preg_replace (with /e/), move_uploaded_file

Step 3: GOOGLE REVIEW

Get Google Search Console

You must have a Google Search Console account to review the warnings on the messages section.

Other Blacklists

To be noted, if you have any WeSecur plan you have seen that there are more blacklist authorities. It is important to check them all. Other popular blacklist authorities are McAfee SiteAdvisor, ESET, Bing Blacklist, Norton SafeWeb, PhishTank, SpamHaus, BitDefender. If you have any WeSecur plan we explain you the process of removing from a blacklist for most of these authorities.

Request Security Review

Once you have finished your clean up it’s important to request a Google review to scan your site. If you do not do so, Google doesn’t know that you have finished your site cleanup. Be sure to have your site ready when requesting as Google is limiting the times you ask for a review monthly.

To request a security issue review from Google

  1. Go to the Security Issues tab in Search Console.
  2. Review the issues and check the box to confirm I have fixed these issues.
  3. Click Request a Review.
  4. Fill in the information about what was cleaned.

To request a spam review from Google

  1. Navigate to the Search Traffic tab in Search Console.
  2. Click the Manual Actions section and review the issues to confirm all have been cleaned.
  3. Click Request a Review.
  4. Fill in the information about what was cleaned.

The process will be similar for other blacklists such as McAfee or Norton.

Wait and Protect your Brand

Once you have submitted the blacklist removal request it can take a few days for Google to review your site.

Google Recrawling Your Site

Furthermore, if you want Google to crawl some of the pages of your clean site asap, you could force it.

  1. Navigate to the Crawl tab in Search Console.
  2. Click the Fetch as Google section.
  3. Enter your homepage or leave the field blank.
  4. Click the Fetch button.
  5. Click the Submit to Index button below confirming I am not a robot.
  6. Choose the option to Crawl this URL and its direct links.
  7. Click Go.

Remove Spam URLs

If spam pages were removed from your site, you must remove them as they have been indexed by Google already. This option below helps after you have removed spam pages so that Google knows they are not actually part of your site. To remove spam URLs causing 404 errors:

  1. Go to the Google Index tab in Search Console.
  2. Click the Remove URLs section.
  3. Click the Temporarily Hide button.
  4. Enter the URLs of spam pages that have been removed.
  5. Click Continue.

All plans

If you want us to scan, DETECT and CLEAN your site continuously

If you want us to CLEAN malware and PROTECT your site from attacks continuously

If you want that we FIX and SECURE your site after a infection or hack attack