We live in some fearful times, with the recent wave of security breaches at Gawker, Twitter and Walgreens, worrying about intruders violating our online identities and hacking into our e-mail and personal info, while also being more apprehensive about accidentally visiting sites that may snatch that precious cargo. To help reassure us, Google has expanded its search results notifications to include the warning, "This site may be compromised" to websites deemed suspicious using "a variety of automated tools to detect common signs of a hacked site as quickly as possible."
An example of what the warning looks like is in the image above. By the way, Matt Cutts' blog appears to be fine. Looks like they just used the head of Google's Webspam team as an example; it wasn't really hacked (which would have been kind of embarrassing, don't you think?).
Clicking on the link for the warnings will lead you to the Web Search Help center, for more general information.
In the article on that page, Google explains:
To protect the safety of our users, we show this warning message for search results that we believe may have been hacked or otherwise compromised. If a site has been hacked, it typically means that a third party has taken control of the site without the owner’s permission. Hackers may change the content of a page, add new links on a page, or add new pages to the site. The intent can include phishing (tricking users into sharing personal and credit card information) or spamming (violating search engine quality guidelines to rank pages more highly than they should rank).
Good Samaritans can also be proactive and contact the site's webmaster to let them know their site has been flagged. Only those who like to play with fire should proceed onto the site itself, after seeing the warning. Google figures, you're grown (unless, of course, you're a kid and you're not) and can make an informed decision. They've done what they can to give you a heads-up. Also recommended, if you do decide to proceed at your own peril: make sure you have the most updated version of your browser, and ensure that other programs on your computer, such as Flash and Acrobat Reader, have the latest security updates.
Google already alerts its Gmail users if it detects suspicious access.
On its Webmaster Central Blog, Google explains that it will contact webmasters of sites suspected of being hacked via their Webmaster Tools account and any contact e-mail addresses provided on the website.
We hope webmasters will also appreciate these notices, because it will help you more quickly discover when someone may be abusing your site so you can correct the problem.
In the past, Google removed the offending site from its index, but now chooses to leave it in the index, with the warning. Cutts, the same guy used as a (fake) example above, responded to Webmaster World members about this on a forum discussion. They, like many webmasters, are concerned about the repercussions of Google's move to expose their sites' supposed vulnerability to the public.
The fact is, not everyone logs into Webmaster Tools obsessively to see if they have any messages. So we needed to find a way to surface this potential risk so that site owners would find out more quickly if they've been hacked.We now have two different responses for sites with malware vs. sites that we think may be hacked. When we detect malware, we try harder to let users know that they may be stepping into a dangerous part of the web (e.g. an interstitial so that users really need to be sure they want to visit that page).In contrast, a hacked site might not be immediately dangerous to users. But we still want to alert site owners, because if a site is hacked right now, in practice it's not too much harder for a bad actor to add malware to the hacked page.
A prime example of this seems to have played out on the blog's comments: "You couldn't have released this two weeks ago? My site was just hacked and stuffed full of keywords. I don't even know how long it was like that."
The comment after that carried a reprimand, which shows that the debate will continue about personal responsibility vs. Google's responsibility to webmasters and their sites: "That's on you friend. Whether Google provides this service or not, its your responsibility to have a secure site. While Google offers this service this does not mean you can now be a lazy webmaster. I'm sorry your site got hacked. Please try your best to keep your house in order."
Google knows having that flag will also probably deter many visitors from checking out those sites.
Of course, we also understand that webmasters may be concerned that these notices are impacting their traffic from search. Rest assured, once the problem has been fixed, the warning label will be automatically removed from our search results, usually in a matter of days. You can also request a review of your site to accelerate removal of the notice.
Webmasters are advised to act swiftly to repair the damage if their site has been hacked or infected with malware (kind of a duh, there, right?). Google suggests Removing Malware from Your Site for targeted help to the platform of the site (including WordPress, Joomla!, and Drupal.) It also recommends antiphishing.org.
In CDC-fashion, Google recommends this course of treatment upon diagnosis of an infection: quarantine (of the site), damage assessment, cleaning the site and asking Google for review.
