We created this Frequently Asked Questions (FAQ) page to answer some of the most common questions we have received. If you don’t see your question answered here, contact us!

What are blacklists?

• Blacklists contain names of websites which have engaged in malicious or annoying activities, such as distribution of malware, being an accomplice in a Phishing attempt, hosting annoying or dangerous advertisements or other reasons.
• A blacklist is usually lists the names or modified version of the name (such as a hash) of a website.

Why has my site been blacklisted by Google?

• As a public service, Google analyzes websites and determines if the website is distributing malware or has been reported as taking part in a phishing attempt. If your site is listed on Google’s Safe Browsing List, it might have been involved in the distribution of malware (harmful computer programs like viruses).

How do I fix it?

• Clean your website and remove any traces of malware [Detailed Instructions].
• Understand how malware was deposited on your benign website.
• Sign up for website monitoring to prevent it from re-occuring.
• Request a site review from Google.

How long will it take to get off the blacklist?

• It can take from a few hours to as many as 10 days to get off a blacklist. Some individuals have also reported longer time periods. If your website is on a blacklist, it is imperative that you identify the exact cause of the problem and remedy the situation correctly. A lot of webmasters cannot hunt down all traces of malware and hence stay on the blacklist for quite long.

How can Google do this to me?

• Google is not out to hurt websites and businesses. It is simply providing an public service to Internet users. It simply offers a warning about its opinion regarding the security of your website. A cleaner and safer Internet benefits all web surfers.

No one can access my website, my business is being destroyed!

• Modern browsers like Internet Explorer, Firefox, Opera, Safari all consult some form of blacklist before visiting a website. If your website is listed on a blacklist, chances are that your visitors are not able to get to your website. This may incur significant lost revenue for you and may degrade your reputation.

I did not upload any viruses, where did the malware come from?

• Your website has a vulnerability. Think of it as a open door in your house. The hacker has used this door to enter your website and deposit malicious computer code.
• Your web server has a vulnerability. If you do not host your website yourself, you need to make sure that the web server (computer) which is used to host your website is secure. Even large professional hosting companies have problems. Alternatively, If you host your own website, you can take action now by ordering a Vulnerability to Penetration Assessment.
• Your login credentials have been compromised. Hackers often install programs called keyloggers on computers. these programs analyze the keystrokes you are using to type in you password and username. Once the hacker gathers this information they can login to your website silently and wreak havoc. A Web Application Firewall (WAF) will not protect you from this kind of compromise. A website monitoring system will alert you of such a scenario, however.
• Third party software installations may have vulnerabilities. If your website uses an online shopping cart, blogging or forum sofware, from a third party, they may have introduced vulnerabilities into your website, which caused your site to get compromised.

I have Anti-virus on my computer, how could this happen to me?

• Your Anti-virus software protects your personal computer from threats. It cannot protect your website from attacks by a hacker.

How is your technology better than Anti-virus?

• Most Anti-virus systems use signature based mechanisms. Once a piece of malware has been reported as bad, they will be able to detect it on your computer. We take a different approach. We understand the behavior of a piece of malware and then create a profile for malicious computer code. This allows us to hunt down previously unseen pieces of malware. [Read More]

Why did a hacker do this to me?

• The chances are that your site was compromised using automated programs which are developed by hackers and sold on the underground black market. It is very rare that a hacker will take a personal interest in infecting a website.
• Automated hacking tools do not discriminate between small or large websites. It does not matter if you own a small business or a very large one, or even if you just host a blog or a personal website. All websites are fair game for these bad guys.

How can I prevent this from occurring again?

• You should subscribe to a website monitoring service in order to be notified in the case of a malware injection.
• You need to assess the security status of your website applications and web server.
• You need to improve the security of your website applications, such as your blogging software, online shopping cart (update applications).
• You need to improve the security of your web server (update server software or operating system).

Who can help me fix this?

• We, stopthehacker.com, can help you out!
• You may also find helpful volunteers on Google Webmaster Forum, Badwarebusters, and StopBadware.

Why is my hosting company clueless?

• Web hosting companies face a full gamut of issues they need to handle everyday. From customer complaints, billing issues, inquiries and much more. They are not always able to focus on security problems because they don’t have the time or lack the insight of focused security organizations. If you are facing issues and not getting help from your website hosting company, please send us a message, we may be able to get the priority of your case elevated.

Can advertisements on my website cause me to get blacklisted?

• Yes, they can. Hackers can even distribute malicious advertisements to advertisement distribution companies. These ads can find themselves circulated through the digital ecosystem to various benign websites which can cause good websites to get marked as malware distribution points.

My site is PCI certified, am I immune?

• PCI certification is a good first step towards securing your website. Unfortunately, being PCI certified does not ensure immunity to these attacks. PCI certification simply means that the website does follow some best practice guidelines. This does not ensure that a website is immune to code injection attacks, either.

My site has a SSL certificate, I can see a padlock sign, am I immune?

• No. SSL certificates have nothing to do with protection from malware attacks. SSL certificates simply prove that your site is the website it claims to be. It is a sign of a responsible business who wants to confirm their identity to the visitor.

My site has a trustmark, am I safe?

• No. Several companies sell trustmarks. Some trustmarks simply prove that you are a legitimate business, or that you will respect some privacy criteria. Most trustmarks are not related to the security of the website.

Why are my customers getting redirected to another website?

• Please try to check your .htaccess file on the webserver. A good resource for this can be found here.
• Also, note that the permissions on the .htaccess file should be 0640/0644. Do not leave this file accessible to everyone.
• A compromised .htaccess file usually has entries that look like:

  RewriteCond /home/sitename/public_html/mailer/incladd.php -f
  RewriteCond %{REQUEST_URI} !incladd.php$
  RewriteCond %{REQUEST_URI} !ca0272.php$
  RewriteRule ^.*\.(php[s345]?|[ p s]
  ?html?).*$ /mailer/incladd.php?file=%{SCRIPT_FILENAME}&%{QUERY_STRING} [NC,L]
  

How do I remove the malware?

1. Log into your website account using your ftp, sftp, ssh, scp, or cPanel password.
2. Once you have access to your website directory, navigate to the main directory where you should be able to see your HTML files (webpages).
3. Download all pages and folders to your local computer.
4. Use a program like grep, Wingrep, ScanFS, Grppola, or Total Commander to search all the downloaded files for malicious patterns.
5. Delete the malicious code. Remember to check your database, templates, .htaccess file and your backups for any copies of the malicious links or code.
6. Upload the cleaned files back to your account.
7. Then, request a review from Google.
8. Scan your local computer with multiple Anti-virus engines.
9. Ask your website hosting company for help with this issue, or point them to us.

Sign up for website monitoring and we can help you with this entire process!