Just Host Web Hosting Help

Google Flagged My Site as Malware

What is the warning?

Google puts this warning flag in its search results for pages where its automated web crawler was attacked by viruses or spyware when it visited the page. The purpose of the warning is to help protect less savy web surfers who are using Google search results by steering them away from malicious pages.

The warning is not a punishment or penalty and nor does it mean that Google, Yahoo, FireFox, or StopBadware think you designed a malicious site. They all know that the overwhelming majority of webmasters do not create malicious pages on purpose. But, they also don't want to send their customers to dangerous pages, all that is needed is some cleanup before they start referring visitors again.

Why is my site flagged?

Here are reasons why your website can be flagged with the "This site may harm your computer" warning in Google search results:

  1. Your site was hacked. This is the most common reason for the badware flag. If someone can trick your server into allowing them to modify files in your site, they can insert malicious code into your web pages or database tables, or they can alter your .htaccess or your HTML or JavaScript code so your site automatically redirects visitors to a malicious site.
  2. A site other than yours got hacked, but it is affecting the content on your pages. Let's say your pages have normally harmless iframes or JavaScript that are pulled into a visitor's browser from the other website by using the property (in the HTML code) "src=http://othersite", or they use PHP code that resides on another website but is included into your pages before being served, with a PHP include(). If the other website gets hacked, your pages can turn dangerous, too, if the content that the other site was supposed to be sending out (advertisements, hit counters, top 10 lists ...) gets replaced by viruses, spyware, or other bad things. Whenever you use content from another website on your pages, you are dependent on that other site staying clean.
  3. Your pages trigger the loading of Flash .swf files that are scripted to do malicious things or that are out of date and exploitable. Flash advertising is a common problem area.
  4. (Your site contains an outlink to another site that has badware on it.) This was once a major reason for being flagged. That might not be true anymore, but it is still worthwhile to check your outlinks to make sure you are not linking to malicious sites, or to a site that got hacked and has turned malicious.
StopBadware and Google describe the criteria they use to determine whether a website is contributing to the badware problem.

The Firefox 3.x and Chrome browsers use data from the Google Safe Browsing Service to warn users about suspected malicious sites. If your site is flagged in Google search results, Firefox 3 users are getting a warning that says, "Reported Attack Site!" and they are blocked from going there.

How to search your pages for malicious code

Discover which pages are flagged for malware and get clues about why they are flagged

  1. In any Google search box, enter:
    site:yoursite.com
  2. Note which pages have the warning flag. Usually, it is http://www.stopbadware.org/home/guidelines#website all of them, but sometimes it's only one section such as the forum or blog which tells you where to focus most of your attention.
  3. Click the search results link for one of your flagged pages. Instead of going to your site, it will take you to a Google "interstitial" warning page.
  4. On that page, follow the link to the "Safe Browsing diagnostic page" and study it. Another way to get to the Safe Browsing diagnostic page directly (you can check any website this way) is by entering this URL into your browser address bar. Replace
     EXAMPLE.COM
    with the address of the website you want to check:
     http://www.google.com/safebrowsing/diagnostic?site=EXAMPLE.COM
  5. Go to Webmaster Tools at Google Webmaster Central. If you don't have an account there, create one. It's free. They show the badware status of your site, help information, and a partial list of the pages they consider suspicious.
  6. Look up your site in the StopBadware Clearinghouse database.
  7. If Symantec's Norton Safe Web has found Malware, their report shows the locations (filenames) of the threats more completely than the Google and StopBadware reports.
  8. Scan pages of your website at UnmaskParasites to find hidden iframes.
  9. Scan pages of your website at Dasient.
  10. Do a web search on each of the domain names and IP addresses mentioned in your Google Safe Browsing Diagnostic report as being the sources or intermediaries of the malware on your pages. Some of these website names and IP addresses are associated with specific types of attacks. For example, if the domains mentioned are gumblar or martuz, it is certain that a virus on the PC of one of your site administrators stole the FTP login information and used it to hack the site, so you must do virus scans. On the other hand, if the domain is beladen, you are facing a server-wide compromise, not just an ordinary attack on your one website, so you must notify your webhost. These domain names can give you good clues about what is wrong and save you a lot of time if your search is successful.
Now that you have preliminary information about which pages are affected and what seems to be wrong with them, you can start searching for bad code.

Search your source code for badware

Whenever possible, view and search the source code of your pages on your server. This allows you to see ALL the code, even if it is only put on the pages sometimes.

Explanation: Some exploits put malicious code on pages only under certain conditions such as if the visitor is using Internet Explorer or if they came to your site from a Yahoo or Google search results page. Your particular viewing might not meet those conditions (such as if you're using Firefox or you went directly to the site without going through a search engine). If you examine pages with your browser's View Source command, you can think the page is clean even though at other times, or when other people view it, it's not.

Examining the source code on your server lets you see all the code that's there.

Knowledgebase Article 231,926 views bookmark tags: block blocking google malware


Was this resource helpful?

Did this resolve your issue?


Please add any other comments or suggestions about this content:





Recommended Help Content

Why is my site not the first result on Google or an other search engine?
Knowledgebase Article 138,121 views tags: bing engine google search seo yahoo

This article will explain why you see "Your WordPress site appears to be infected with malware. Please update to remedy this problem."
Knowledgebase Article 92,128 views tags: malware wordpress wordpresstools

Clients in China are unable to view my website. My website's content doesn't contain any objectionable material.

Related Help Content

What can I do to increase my Site Security while hosting with Just Host?
Knowledgebase Article 251,168 views tags: antivirus basic hacked keyloggers malware php security site

What is SEO and how can it help you
Knowledgebase Article 77,272 views tags: google rank seo site

This article will explain how to import email from your Just Host email accounts to a G Suite (formerly Google Apps) account.
Knowledgebase Article 49,903 views tags: G Suite apps google import

How do I use Google AdWords?
Knowledgebase Article 114,832 views tags: adwords campaign google marketing promotion seo

My Google AdWords offer is not working.
Knowledgebase Article 81,442 views tags: adwords code coupon google invalid

Why can I not send/receive certain types of attachment?
Knowledgebase Article 83,167 views tags: attachment block blocked email malware trojan virus

Explanation of the cause of the warning and how to remove it.
Knowledgebase Article 27,304 views tags: reseller root

How to increase your productivity with G Suite (formerly Google Apps for Work)
Knowledgebase Article 80,149 views tags: G Suite apps email faq gmail google