Techwag is no longer a Pariah in Google

Excellent way to start out the day, Google has lifted my “this site may harm your computer” badness last night and Google traffic is returning this morning.

Now comes damage control, and if you ever find yourself in a similar situation, here is techwag’s story, what we did, what tools we used, and what other things we did to “fix our site”.

What to do if you find yourself in a similar situation, this is going to happen to people along the way, and if you are banned in Google for serving malware, then yes there are things you need to do, software you can use that is free to help you work out what was happening, what they saw, and ways to help you fix it in the longer run.

If you are interested in what I did to reverse engineer the malware at the end of the link to determine just how bad it was - read my other blog here.

First of all, face it, traffic is going to go down, but your worries are not about traffic, you really need to be worried about people who are visiting your web site, customers and readers come first. These steps might help you in figuring out if you have a chunk of malware on your site, and how to find it.

Download any virtual machine software of your choice, and ramp up an image on it, if you can’t do this, then make sure your AV and Anti-spyware are up to date.

Download Search and Replace 32 from here. This handy little tool will help you find quickly information in files in a directory.

FTP your entire web site to your computer in a directory of your choice.
Get Firefox and load firebug, this will help you watch your page load, and how long it takes objects on your page to load.

Go to your site in Firefox using firebug and watch for any links that don’t look like your normal links, in my case links were by IP address, since the only link I have ever used that was IP only was for Wikileaks when it got taken off the net, this stood out like a sore thumb.

Use SR32 (Search and Replace 32) to hunt down where in your web site those bad links that you spotted with Firefox are, and remove them from everything that you find them in.

Now comes the fun part, if it is not your code that is bad, it could be injected links in your content, so you want to download a program called xenu. Xenu is an automated link checker program that will go through every link on your site, including those that are embedded in content. Look for anything unusual either by IP address or by DNS name, in our instance we noticed that there were two links in content that had a common directory /iframe/ so we were easily able to spot them and delete them out of content.

The good part is that like most hacks, the person who did us was a juvenile, they might have owned any number of computers, but made no attempt to mask what they were doing.

If you know your site well, malware or links to malware will stick out like a sore thumb, or show up as a broken link that Xenu will help you find easily.

Once you have deleted all malware or links to malware on your site, then comes the hard part, most likely you were busted by stopbadware.org and Google, you have to request a review by both sites to make good things happen and get the status of “this site will harm your computer” out of the Google index. Plan on waiting two weeks for Google, plan on waiting a week for StopBadware.org.

Our experience with StopBadWare was very positive because they helped us pinpoint the issue, what was happening and was actually helpful. Google—Enough said on that one, they might try, but they are also honest, it might take them two weeks to clear your internet pariah status.

It is also not going to be a bad idea to monitor your site using Xenu for a couple of weeks to make sure the badguys do not come back.

It is a very good idea to change all your administrative passwords to the site.

It is also time to get creative with getting alternative streams of traffic, Stumbleupon, digg, other bloggers, and the community will reach out to help you. That is one of the things that makes the blogosphere as much fun as it is, the cooler ones will help you in the longer run. This is always a good thing.

keywords: google, malware, stopbadware.org, techwag, pariah, web site, hacked, hacker, hacking