Google Blocks My Blog And Warns Visitors?

Thanks for being patient with me. I haven’t posted in a while because of some­thing that hap­pened last week.

You see, my blog was hacked (not by a per­son but with mali­cious code that creeped into my blog), and as a result I was blocked by Google. I’m sure you’ve heard about it, as peo­ple talked about the news.

How did it get blocked?

When­ever my site(s) came up in Google, there was a “this site may harm your com­puter” warn­ing. And when peo­ple clicked on my link, it lead them to a Google error page pre­vent­ing peo­ple from access­ing my site.

Appar­ently, Google checks its indexed pages against a data­base of “known offend­ers” (at Stop​Bad​ware​.org, which is sim­i­lar to many IP black­lists for spam), and turned all my list­ings on Google to unreachable.

So my site wasn’t banned. But the worse part was, Google not only blocked my site but also dis­played a dire warn­ing that my site was mali­cious! (You can only imag­ine what kind of dam­age this can cause to someone’s reputation.)

But that’s not all…

To fix this, I had to jump through sev­eral hoops. Of course, the first of which was to remove the hacked or “mali­cious” code.

But this wasn’t an easy task.

The prob­lem was, since I used a plu­gin called “Bad Behav­ior” with my Word­Press blog, the plu­gin, which iden­ti­fied it on IP black­lists as well, pre­vented me from access­ing my own site — includ­ing my admin con­trol panel!

So, not only I couldn’t make the changes I had to make to get rein­stated, but also I couldn’t dis­able the bad behav­ior plu­gin to allow myself access to my own admin panel.

It’s all straight­ened out now, thank good­ness! But it took me and my staff sev­eral days, and a lot of back and forth with the pow­ers that be, to get unlisted from IP black­lists and such.

(Thanks for wait­ing for me.)

Here’s how I resolved it.

First of all, I had to dis­able the plu­g­ins using php­MyAd­min, which gave me direct access to my data­base. Then, I had to man­u­ally upload via FTP the files that were “cleaned” of the mali­cious code.

After that, I had to upgrade my blog to the lat­est ver­sion of Word­Press (i.e., ver­sion 2.3.1), and update and reac­ti­vate all my plu­g­ins, too. (I also had to re-​​customize a lot of the code that was tai­lored for my blog.)

Next, I had to sub­mit a man­ual review request to Stop​Bad​ware​.org. Prob­lem is, it doesn’t block entire domains like Google does. I had to man­u­ally sub­mit a review request for each and every page that was blacklisted!

(Since the code appeared on my side­bar, well, you can do the math.)

Then, I went to Google’s Web­mas­ter Tools.

Web­mas­ter Tools is a fan­tas­tic ser­vice, which allows you to man­u­ally sub­mit sitemaps to be crawled. What’s neat, though, is the fact that this ser­vice comes with tuto­ri­als, and, of course, dis­plays any warn­ings about your site.

In fact, there’s a fea­ture that allows web­mas­ters to request man­ual reviews by Google. In my case, I used it to ask Google to ver­ify that my site was clean, to unblock it from its search engine results, and to remove the warnings.

In about 48 hours, every­thing went back to nor­mal. Whew!

Now, some peo­ple have told me there’s quite some con­tro­versy about this, includ­ing talk on a blog by Google’s own Matt Cutts, where a lot of peo­ple are com­plain­ing of false positives.

Per­son­ally, I think this is a great fea­ture because I hate vis­it­ing black­hat sites that cause havoc on my com­puter. Prob­lem is, it’s still rel­a­tively new (about a year now).

Per­haps my site was a false pos­i­tive, too. I don’t know. Your guess is as good as mine.

But here’s what seems weird in all this…

The code that had any sem­blance of being mali­cious (accord­ing to some exam­ples on Matt Cutt’s blog) was javascript code for dis­play­ing ads with links.

(I wasn’t sell­ing links. The links were from a non-​​PPC ad net­work, which I’m told did not vio­late Google’s guidelines.)

What I’m not sure about is, was the code itself the cul­prit or frowned upon by Google? Or was the code used to hack the blog and ended up being truly mali­cious after all?

I’ll prob­a­bly never know.

But since the code was from an ad ven­dor, which dis­played paid links on my blog, the ques­tion is, was the vio­la­tion based on the pre­sump­tion that I was sell­ing links?

Here’s why I ask myself this question.

When I checked with Stop​Bad​ware​.org, the black­list site against which Google made its deter­mi­na­tion, the man­ual review process asked that you enter a state­ment, which said some­thing to the effect of…

“I have removed the code, and links to other sites, that vio­late StopBadware’s guide­lines. I believe that my site no longer hosts mal­ware or links to sites that vio­late these guidelines.”

What caught me by sur­prise was the state­ment, “links to other sites.”

What sur­prised me even more was that I received a warn­ing about my site being blocked, directly from Google, only 24 hours later. Funny though, because once I could access my site, and while I was still being blocked by Google, my blog was still dis­play­ing Google AdSense ads.

(Again, I don’t know. Per­haps my friend blog expert Andy Beard may have some clues or some­thing to say about this.)

For now, here’s my sug­ges­tion to you…

If you’re run­ning any older ver­sions of Word­Press, upgrade to 2.3.1 as soon as pos­si­ble. Sec­ond, if you’re going to use javascript in your blog, try to make it pull from an exter­nal file — like a .js file — instead of actual script code.

And don’t use Bad Behav­ior. Stick with Akismet or SpamKarma plu­g­ins. Accord­ing to my host engi­neer, the Bad Behav­ior script is still very buggy.

To be can­did, this dis­ap­pointed me, because I loved Bad Behav­ior. It stopped spam and hack attempts from bots. And I vir­tu­ally had any com­ment spam or spam­mers try­ing to reg­is­ter as blog users.

But appar­ently, the script has its flaws, too.

Finally, do have a Google Web­mas­ter Tools account to sub­mit your sitemaps. Sure, you don’t really need it. But it’s good to have, even if it’s just to know when errors are pre­vent­ing the Google­bot from crawl­ing your site.

Above all, don’t be shy to ask for a man­ual review when you need to.

By the way, a HUGE “thank you!” to all the peo­ple who noti­fied me about this, helped me with screen­shots and such, and given me some of the point­ers and steps I listed above. You know who you are.

About the Author

Last 5 Posts By Michel Fortin

• How to Capture and Captivate Attention
• The Real Problem With The Flaw of Attraction
• Two Shining Stars in an Age of Darkness
• Changes, Relaunches, and Extreme Makeovers
• Superior Value Equals Superior Sales

Other Related Posts

• WordPress Plugins Used On The Michel Fortin Blog
• The Seven Deadly Sins of Website Copy
• You Need "Actions" To Take Action
• Write Magnetic Headlines With These 7 Tips
• WordPress, Trademarks And Apologies