Security issues report - Search Console Help (original) (raw)

If a Google evaluation determines that your site was hacked, or that it exhibits behavior that could potentially harm a visitor or their computer, the Security issues report will show Google's findings. Examples of harmful behavior include phishing attacks or installing malware or unwanted software on the user's computer.

Pages or sites affected by a security issue can appear with a warning label in search results or an interstitial warning page in the browser when a user tries to visit them.

Open the Security issues report

Security issues report in Search Console - Google Search Console Training

What are security issues?

Security issues reported here fall into the following categories:

• **Hacked content:**This is any content placed on your site without your permission because of security vulnerabilities in your site. In order to protect our users, Google tries its best to keep hacked content out of our search results. Learn more.
• Malware and unwanted software: This is software that is designed to harm a device or its users, that engages in deceptive or unexpected practices, or that negatively affects the user. Malware can be either installed by a hacker or the site owner. Learn more.
• Social engineering: This is content that tricks visitors into doing something dangerous, such as revealing confidential information or downloading software. Learn more.

Do I have security issues on my site?

If you have security issues, you'll see a count of all security issues on your site at the top of the report.

If your site has no security issues, you'll see a green check mark and an appropriate message.

But I just bought this site!

If you recently bought a site that had pre-existing security issues, fix the issues listed in the Security Issues report, then let us know in your reconsideration request that you recently acquired the site and that it now adheres to the spam policies for Google web search.

I can't reproduce the issue

Google SafeBrowsing displays warnings to users based on the browsing context. Therefore you may or may not be able to reproduce the warnings. However, you should rely on the Security Issues report as the source of truth to verify whether any security issues exist for your site, or if they have been fixed.

Which pages are affected?

Expand an issue description to see a list of sample affected URLs. This list is not necessarily complete, but just a sample of pages on your site affected by the selected issue. Occasionally you might have a security issue with no example URLs; this does not mean that no pages are affected, only that we could not generate samples for some reason.

The issue details show the date that the issue was first detected on your site, as well as a brief description and a link to learn more about the issue.

Fix the problem

To fix a security issue on your site:

1. Expand the issue description on the Security Issues report.
2. Read the description of the issue and follow its "Learn more" link for detailed information and steps to fix the issue. (The learn more links point to the descriptions below on this page.)
3. Use the sample of affected pages provided in the details section to troubleshoot and fix your issue. This list is not necessarily complete, but just a sample of pages on your site affected by this issue. You might have a security issue with no example URLs; this does not mean that no pages are affected, only that we could not generate samples for some reason.
4. Fix the issue throughout your site. Fixing the issue on just some pages will not earn you a partial return to search results.
5. If the report lists multiple security issues affecting your site, fix all of them.
6. Test your fixes.
7. When all issues listed in the report are fixed in all pages, select Request Review in the Security Issues report. In your reconsideration request, describe your fixes. A good request does three things:
   • Explains the exact quality issue on your site.
   • Describes the steps you’ve taken to fix the issue.
   • Documents the outcome of your efforts.
8. Reconsideration reviews can take some time (see below). You will be informed of progress by email. You will get a review confirmation message when you send your request, to inform you that the review is in progress; don't resubmit your request before you get a final decision on your outstanding request.

How long will my reconsideration review take?

Most reconsideration reviews can take several days or weeks, although in some cases, such as link-related reconsideration requests, it may take longer than usual to review your request. You will be informed by email when we receive your request, so you'll know it is active. You will also receive an email when the review is complete.

Please don't resubmit your request before you get a decision on any outstanding requests. Submitting a reconsideration request when the issue hasn't been fixed can cause longer turnaround time for the next request, or even get you marked as a repeat offender.

List of security issues

Here is a list of possible security issues, with information about how to fix each issue. Issues are classified as either errors or warnings .

Security issues explained - Google Search Console Training

Hacked: Malware

Your site has been infected by, or is hosting, malware from a malicious hacker. Malware is any software or mobile application specifically designed to harm a computer, a mobile device, the software it runs, or its users. Read more about malware.

1. Confirm the issue

Visit a few of the example URLs in a Chrome browser. You will probably see a Dangerous warning in the browser navigation bar, as well as a warning interstitial page something like this:

2. Decide if this is something you can fix

Fixing a malware issue on your site requires the ability to read and understand code, and possibly web server configurations for your site. If you think this is beyond your comfort zone, read Build a support team to learn about finding someone to help you fix this issue.

3. Diagnose and fix your malware issue

Read the malware fix section of the hacked guide on web.dev to learn how to identify the malware type and fix the issue. Note that your site might be infected more than one type of malware; be thorough in your diagnosis and site cleaning. Confirm the presence of the issue on one of the example URLs shown in the Security Issues report.

4. Request a review

When you confirm that the problem is fixed in your site, request a security review in the Security Issues report. A review can take from a few days to a few weeks to complete.

5. Follow best practices to keep your site safe

Read these guidelines on how to prevent your site from being hacked, and how to monitor your site's safety.

Hacked: Code injection

A hacker has compromised your site and is injecting malicious code in your pages. Examples include redirects to a malicious site or running cryptocurrency mining software on your browser while the page is open.

1. Decide if this is something you can fix

See Build a support team to get an idea of what it might take to fix this yourself, or how to find help you think this is beyond your skill set.

2. Confirm the issue

Confirm the presence of the issue on one of the example URLs given for this warning.

Avoid using a browser to directly view infected pages on your site.

Because malware often spreads by exploiting browser vulnerabilities, opening an infected malware page in a browser may damage your computer. Additionally, hackers might hide the spammy content using cloaking techniques to avoid detection by site owners.

Here are two alternate methods for viewing content more safely on your computer:

• Use the URL Inspection tool to view your page as Google sees it. This is useful since many hackers make changes that are visible only to Google machines. For example, they might add links from your site to theirs that are only rendered when the referrer is Google.
• Use cURL or Wget to perform HTTP requests (such as fetching a page) from the command-line. These freely available tools are helpful in diagnosing redirects and have the ability to specify referrer or user-agent information. Hackers often attack only specific user-agents or referrers to avoid detection and select better targets; using these tools enable you to mimic a target. Try using different referrer addresses (such as links from large websites, or different search engines) if your request doesn't elicit the spammy behavior. For example, to mimic a user following a link from Google Search results to www.example.com/page.html on a Windows machine, you would use cURL like this:
  $curl -v --referer "https://www.google.com" --user-agent "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FSL 7.0.7.01001)" http://www.example.com/page.html

The hacker may have injected the malicious code directly into your site's HTML files (for example, adding a JavaScript redirect) or into files that generate your site's content (for example, PHP files).

Fetch a compromised page listed in the report, and examine the reply. Hackers can use several different techniques to redirect visitors from your site to theirs; here are a few:

• Redirection:​
  • Header redirects: Hackers can redirect visitors by modifying your server's configuration file(s). Server configuration files commonly allow the site administrator to specify URL redirects for specific pages or directories on a website. For example, on Apache servers, this is the .htaccess file as well as httpd.conf.
    ...
    < HTTP/1.1 301 Moved Permanently
    < Date: Sun, 24 Feb 2013 21:06:45 GMT
    < Server: Apache
    < Location: http://<**_malware-site_**>/index.html
    < Content-Length: 253
  • JavaScript redirects: