I post at SearchCommander.com now, and this post was published 12 years 2 months 27 days ago. This industry changes FAST, so blindly following the advice here *may not* be a good idea! If you're at all unsure, feel free to hit me up on Twitter and ask.
I work with a company that produced a documentary about Keiko the whale, who was the star of the 1993 sensation, Free Willy. (Wow, has it really been 19 years?)
Over a week ago, we found out that their website got hacked, and although it was NOT reported in Webmaster Tools, the search results did show viewers that they “may be compromised”, warning away potential visitors.
They WERE compromised
We examined the site, and sure enough, their theme had the Tim Thumb vulnerability. Rather than clean it ourselves, I wanted the entire hosting account scanned, so we used ourΒ Sucuri protection service accountΒ have it Β fixed and thoroughly cleaned within an hour
After the repair
I tried to follow Google’s instructions to report that the site was cleaned, and this is what it says…
However, that was impossible
The reason it’s impossible, is because SINCE there has been no reported malware inside of Webmaster Tools, we are not offered the option – There IS no “Request a Review”.
How did I notify them?
At that point, I assumed that I we could get it quickly crawled again, so I used the Fetch as Google” tool for their index page and all of the pages they are linked to.
After Nearly Two Weeks
That was nearly two weeks ago, but today, the result still remains, (and there have still been no messages in Webmaster tools) and the client phoned me, justifiably upset.
First we’ve appeared incompetent by not knowing it was hacked in the first place (since there was no WMT message) and now, a week later, it’s still not fixed!
My only option (aside from this blog post) was to submit a reinclusion request, so I did this morning.
I know this still won’t work
This has happened before, and only time seems to heal these things. I already KNOW what Google’s irrelevant answer will be… something like this –
So what’s the problem, Google?
I think Google has a LEGAL RESPONSIBILITY here to notify site owners that their sites have been flagged. How can it be legal to WARN people away from our websites, and not even give site owner us notice, much less the opportunity to clean it up.
Stuff like this and Google’s failure to notify has been going on for yearsΒ butΒ there’s nobody holding them accountable.
What do you think?
If you agree, please Tweet this, Like it on Facebook, discuss itΒ on Google+ and let whomever you can, know that this is unacceptable and that I hope that Β a class action lawsuit develops…
Hey Scott, my blog has been hacked a few times and I have had a similar experience. That said, the reinclusion request worked every time once I had cleaned out the site, even if I had no malware notice from GOOG. It can take a few weeks though.
Pro Tip: Check your Image search indexing and if damaged, make sure you note in your reinclusion request to get reindexed by Google image search. And don’t forget about telling Bing too.
Thanks for the tip on the image search Andrew, (what’s Bing? jk π
At least YOU noticed it during maintenance, (good job) and not only after a client phone call!
Since you asked for thoughts, I think Google has the right, especially since it says, “This site MAY be compromised.” It does not say it IS compromised. In addition Google does not charge users to use its service, no does it charge companies for their organic listings.
While I do not feel there would be any legal backing, I believe Google should offer some type of Webmaster Tools Pro that gives you expedited service to fix possible issues. This of course would still have no bearing on your search ranking, but instead just access to a support representative for issues as they arise. (such as this)…
Just my thoughts.
Thanks for commenting Charlie, and yes I know it says “MAY” but that has an absolute detrimental economic affect on the website.
Yes I agree that it’s Google’s “right” to flag a suspicious page, but there’s no legitimate reason that the system can’t work as it’s supposed to – and theres CERTAINLY no reason for it to take weeks to clear up.
I feel like if they can take the time to flag the SERPs as a warning, then they can certainly notify in Webmaster Tools.
That said, I agree that having some “pro” support would be fine, where thousands of webmasters would gladly pay for things to work the way they are supposed to…
We have used https://www.de-hacking.com/ for a client and we were able to resolve the issue in less than a day.
Thanks Sean, but being hacked isn’t the problem – They are NOT hacked any more. It’s the lack of any available cleanup reporting offered by Google while we’re in their weird “unreported hack limbo” that’s the problem.
I agree with you Scott. Everyone is left in “limbo” as Google is either fixing it, or adding your submission to the queue. Google should do a smoother job of report/submit to reevaluate/messages from Google on what they are doing to update your page/site.
———————————–
They have a forum dedicated to this malware issues: http://productforums.google.com/forum/#!category-topic/webmasters/malware–hacked-sites/-NbOMOncbP4
SEOMoz talks about Malware and other negative SEO myths:
http://www.seomoz.org/blog/negative-seo-myths-realities-and-precautions-whiteboard-friday