Upload
sucuri
View
235
Download
0
Embed Size (px)
Citation preview
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
VALENTIN VESABrand Evangelist@adspedia
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
• Digital Marketing Manager at Sucuri• Data geek and cybersecurity enthusiast
ALYCIA MITCHELL
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
HOUSEKEEPING ITEMS● We want to hear from you
● Question tab in GoToWebinar● Tweet @SucuriSecurity using #AskSucuri● Questions will be answered at the end● All questions will receive a response
● Video and slides coming in a few days● Please share this content with other website owners
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Victoria, BC - Canada
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
My Animals• Loki – Blue Nose Pitbull• Moonshine – Lab• Mystic – Cat
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Overview of Sections
• What is the Google blacklist?• Why is your site blacklisted?• How to remove website blacklist warnings
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
What is the Google blacklist?
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
95%
Websites lose…
... of traffic when blacklisted
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
10,000
Google blacklists…
… websites per day
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Many website owners only find out their site has been blacklisted by Google when visitors or customers mention it…
A monitoring and alerting system will make sure you detect website hacks and security issues before Google does.
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Website Malware Warnings• These warnings appear on your site if:
• The website redirects to other malicious websites• Dangerous websites are sending traffic to the website.• Web spam or IOCs were found on the website.
• Malicious downloads can harm Google users:• Viruses• Spyware• Rootkits• Ransomware• etc.
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Deceptive Content Warnings• These warnings will be shown if:
• Fake pages trick users into entering passwords• Forgery of legitimate login or payment pages• Content that tricks users into disclosing information• Potentially unwanted downloads
• Any content that misleads users:• Phishing attempts• Spoofing of legitimate sites• Fake news and malicious pop-ups• Unwanted software • Malicious campaigns on ad networks
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Search Engine Results Page Warnings• These warnings will be shown if:
• SEO spam or pharma spam is present on the site• Malicious redirects are detected• Drive-by-downloads
• If there is no red warning page showing yet:
• Malicious scripts from third-party sites• Malicious iframes from third-party sites• Could be a precursor to blacklisting
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Blacklist Warning Messages• The website ahead contains malware• Danger malware ahead!• The site ahead contains harmful programs• The site ahead contains malware• Reported attack page• Suspected malware site• This website has been reported as unsafe• Deceptive site ahead• Suspected phishing site• Website request forgery• This site may be hacked• This site may harm your computer• Unwanted software
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Other Website Blacklists• There are over 100 other website blacklists.• Antivirus companies, search engines, and browsers.• We detect the top ten:
• Google SafeBrowsing• Norton SafeWeb• McAfee SiteAdvisor• Bing Blacklist• Yandex Blacklist• PhishTank• SpamHaus• BitDefender• ESET• Sucuri
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Why is your site blacklisted?
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Google Transparency Report
Click the Details link on your blacklist or go to:Google.com/transparencyreport/safebrowsing
1. Click Site Status2. Enter your website URL3. Click the magnifying glass icon to scan4. Review the Site Safety Details and Testing
Details
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Reading the Transparency Report Details
Site Safety Details• dangerous URLs to note• intermediary domains• redirect behavior• hosted malware• unwanted ads and apps
Testing Details• scan date• discovery date
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Scan Using Sucuri SiteCheck
Sitecheck.sucuri.net1. Enter your website URL2. Click Scan Website3. Note any malicious payloads 4. Note any malware locations5. Check the Blacklist Status tab
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
External Scanners vs. Server Side Scanners• Note:
A remote security scanner browses your site to detect malicious behavior - but does not have server access.
Some issues can not be detected in a browser (i.e., backdoors, phishing, and server-based scripts).
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Other Website Malware Detection MethodsFree Website Scans• SiteCheck• UnmaskParasites• VirusTotal• Redleg Aw-Snap• etc.
Free Webmaster Tools• Google Webmasters• Bing Webmaster Tools• Yandex Webmaster• Norton SafeWeb• etc.
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Review Google Search Console Warnings
1. Go to Google Webmasters Central: • google.com/webmasters
2. Click Search Console and sign in with your Google account.• Add and verify your site if needed
3. Check the Messages and Security Issues section for details.4. Note any malware locations or files flagged by Google.
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Check Recently Modified Files
1. Log into your server using an FTP client or SSH terminal.2. If using SSH, you can list all files modified in the last 15 days using this
command: • find ./ -type f -mtime -15
3. If using SFTP, review last modified date column for all files on the server.4. Note any files that have been recently modified.
Unfamiliar modifications in the last 7-30 days should be investigated for malware.
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Compare Core Files - Diff Command (SSH)
To check core file integrity with SSH commands:
1. $ mkdir clean2. $ cd clean3. $ wget https://official-CMS-example.org/your-cms-version.tar.gz4. $ tar -zxvf your-cms-version.tar.gz5. $ diff -r clean ./public_html
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
How to remove Google blacklist warnings
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
sucuri.net/guides
Step by step walkthroughs for popular
CMS platforms and website security issues.
Get Instructions
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Back Up First!
Before you start any cleanup process, take a complete backup of your site including:
• Server files• Database• Custom files• Log files
Get a professional to help if you have concerns.
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Remove Hacked Website Content• Do not overwrite database configuration or custom files.• Restore using fresh copies of your CMS and extensions.
• Use the exact same version of core files, themes, plugins, extensions, etc.
• Restore from a recent backup• Make sure it has not been hacked too
• Remove hacked content from database• Search for backdoors • Test site functionality
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Important Post Hack Steps
• Update all website software to patch any vulnerabilities• CMS version • Extensions, plugins, themes…• Server software such as cPanel and Apache
• Confirm all user accounts are valid and update with strong passwords
• CMS• FTP/SFTP/SSH server accounts• PHP admin panels, cPanel, DB configuration password
• Scan all users computers for viruses and malware infections.
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Request Review with Google1. Log in to Google Search Console:
• google.com/webmasters2. Go to the Security Issues tab. 3. Review the issues listed.4. Select I have fixed these issues.5. Click Request a Review.6. Type detailed information in the box.7. Click the Manual Actions section.8. Repeat steps 3-6.
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Waiting Period…•Wait period after submitting request.
• Most take a day or two• Some reviews can take up to two weeks.• Manual actions take longer to review
• Google is now limiting repeat offenders• Do not try to trick Google • Make sure your site is absolutely clean• One submission every 30 days
Note: Sucuri will submit blacklist review requests for you!
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Bonus Round: How to Prevent Blacklisting• Harden your website using official best practices for your platform
• File and folder permissions• Rules in custom .htacccess files• Security configurations
• Keep your website up to date!• Make regular backups of your site• Use strong passwords and limit permissions on all users• Stay aware of security news and security configuration options
• blog.sucuri.net • Use a file integrity monitoring service or extension
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Shared Server Access Can Be Dangerous
Cross-site contamination happens when one FTP account has access to multiple websites. One weak site is all it takes.
Ask your host if they isolate FTP and SSH accounts for each website on your server.
We recommend using a virtual private server (VPS) which isolates your server operating system.
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
Website Firewall
UNDERSTANDING AND FIXING GOOGLE BLACKLISTWEBINAR
Alycia Mitchell| @artdecotech #AskSucuri
WEBINAR
• Time for questions!• Tweet us any time with your questions @SucuriSecurity using #AskSucuri• Reach out to Alycia @artdecotech
THANK YOU