8 reasons why is your website blacklisted

blog Z. Oualid todayApril 11, 2021

Background
share close

One of the most critical incident that could happen to a website owner, is to find his website blacklisted. According to some researches, this blacklisting leads to more than 90% of traffic decrease. So, what are the main reasons that push search engines to blacklist a website.

Here is 8 main reasons that leads to website blacklisting:

1.  Spammy or low-quality pages

If your website has any manual action, Google will not show some or all of the site in the search results. Here we will discuss how to fix if a website has any page affected by manual actions and request Google to review the changes.

Let’s first learn about manual action.

What is manual action?

If Google determines that a page on a website is not compliant with Google’s webmaster quality guidelines, it issues a manual action against the site. When a manual action affects a website, Google notifies you in the Search Console message center and the Manual Actions report.

Google introduced the manual actions because many website owners rank their sites on top of the result page. It’s not good for searchers because many relevant pages do not appear on the search page due to irrelevant results, and legitimate sites become harder to find. Google helps people find the solutions they are looking for and help legitimate sites get traffic from search.

Google’s algorithms are effective at detecting spams and removing them from the search results. Manual actions help Google to remove spam from the search result and protect the index quality.

How to find if there is any manual action against a website?

You can check it at the top on report if there is a manual action against your website. There will be a green checkmark with an appropriate message if there is no manual action.

How to fix the problem?

Here are some steps you can follow to fix the manual action problem on your website.

  1. For detailed information, expand the action description bar on the report.
  2. See what pages are affected by the manual action.
  3. Check the type and description of the problem and follow the “Learn more” link for the detailed steps to resolve the issue.
  4. Fix the problem on “all affected pages“. You will not return to the search result by fixing issues on some pages. If your website has multiple manual actions, you have to fix them all.
  5. Make sure that Google can reach all pages of your website. Pages affected by the manual action should not require a login or be blocked by a non-index directive or robots.txt.
  6. Select the Request Review button after fixing all the issues listed in the report.
  7. After sending a request, you will get a confirmation message. This process might take a few days or a week. Do not resubmit the request review before a final decision on your previous request.

2. Legal Reasons

Sometimes you see content on websites that you think are unauthorized or illegal. Google blacklists a site if it contains content that violates the law or users’ rights. It reviews the material and considers limiting, blocking, or removing access to it.

Google is concerned about the users’ security, so it helps them in the following ways.

Protect your information

Google aims to provide users with the privacy tools and strongest security. You can read Google’s Privacy Policy to learn ways to protect yourself and how Google uses your information. Moreover, Google’s safety center helps you stay safe online by protecting you from cybercrime.

Provides Transparency

Google says that transparency is its core value. It ensures to provide opportunities to users for raising concerns about negative impacts on their interests, rights, and opportunities. Google’s Transparency Report provides data on requests they receive from governments and copyright owners to remove information.

Apart from it, Google takes copyright issues seriously and provides a Copyright help center.

3. SafeSearch

If your website contains inappropriate or sensitive content, Google will block it. While using Google search at work or with children, SafeSearch helps you filter explicit content like pornography. When you turn on the SafeSearch from personal settings, you will get the filtered search results across videos, images, and websites. Although it’s not 100% accurate, it provides the most relevant results without inappropriate content.

Users can turn on SafeSearch for

  • Children’s supervised accounts and devices
  • School or workplace networks and devices
  • Personal browsers and accounts

Google blacklist a website due to inappropriate content to keep users safe while browsing. Sometimes explicit content like nudity or pornography makes it through even after turning on the SafeSearch filter. Apart from SafeSearch, Google provides a “Report inappropriate content” option to users. When a website gets reported several times, Google removes the content or blacklists the website.

4. Malware Infection

Google keeps track of websites to check if they host a malicious downloadable that can harm users. Security Issues reports give you a list of susceptible files hosted on a website.

Google may blacklist a website if it suspects that the site is spreading malware. When hackers attack your website they start to host some malware to continue spreading in the internet. therefore once your clients visit your website they get automatically infected by that malware. It alerts Google that a site might be a target of some pervasive malware campaign.

Before proceeding further, let’s first understand the concept of malware.

What is malware?

Malware is a type of malicious software or mobile app designed specifically to harm any programmable device, like computers, laptops, mobile phones, or tablets. It exhibits harmful behavior, such as installing software or downloading a file without user consent.

Mostly, website owners don’t even realize that the downloadable files on their sites are used to spread malware. Google protects the users from malicious downloads and links by blocking the pages or websites containing malware.

To keep the users safe, Google might display a warning when users visit a malicious website. If your website shows such a warning, start working on the Google blacklist removal.

How to remove a website from Google Blacklist due to malware infection?

Here are some steps you can follow to remove your website from Google Blacklist due to malware infection.

Checking for Infection

Google Search Console is the right place to start checking for malware infection. It will show you the reasons why your website was blacklisted. It may be due to SQL injection, viruses, or spam link injection. After identifying the reason, you can take steps to fix the issue based on the issue flagged by Google.

Cleaning Infection

Here are some steps for cleaning infections detected in the previous step.

  • Review the unknown modification on your site and manually remove them.
  • Check for the files hackers prefer infecting the website. These include index file, .htaccess file, and functions & wp-config.
  • Check key database tables.
  • Ask Google for the blacklist removal review.

5. Unwanted Software

Google blacklists the websites that host malicious software and affect site visitors. Unwanted software is an executable file that engages in deceptive or unexpected behaviors and negatively impacts the user’s computing and browsing experience.

If you install unwanted software on your system and run it, it will switch your browser or homepage settings to ones you do not want. Google helps protect users from installing unwanted software by blacklisting the websites that contain them.

How to avoid your website from Google blacklisting?

If you want to keep your website safe, do not violate Google’s Unwanted Software Policy. Although the list is not comprehensive, these actions can cause websites and applications to display warnings to users. In the Security Issues Report, you can see a list of suspected files hosted on the website.

Here are some tips you can follow to keep your website safe from attackers.

  • Do not misrepresent your tools and services. Tell users exactly what you are providing. For example, do not add a “Play” button to download something.
  • Your website should be clear about a program’s intentions and functionality.
  • Clearly explain to users what system or browser changes will occur by installing the software.
  • Do not use other’s services in an unauthorized way to endorse or legitimize a product.
  • Come with proper software guidelines.

6. Hacked Content

If Google detects that a page on your website has been hacked manually, it will remove your site from the search results. In case of manual hacking, the website’s owner needs to request reinclusion. If the hacking is detected programmatically, Google will reinclude it when the content is detected as clean during a legitimate recrawl.

Hackers take control of websites and use them to distribute harmful content. After taking control of a website, they can change the content or add additional pages to it. The added content can trick the visitors into providing personal information, such as social security numbers (SSN), PINs, passwords, and credit card numbers.

Google provides security to its users. If a website contains hacked content, Google will blacklist it from the search result. To avoid your website from blocking, check the Security Issues report regularly.

Let’s see some examples of hacking.

  • Injected content_ When hackers attacked a website, they inject malicious content into its pages. It takes the form of malicious JavaScript injected into the sites or iframes.
  • Hidden content_ Hackers may also try to manipulate your website’s existing pages. They add such content that search engines can see but harder for you to spot. For example, adding hidden text or links to a website using HTML or CSS.
  • Added content_ Hackers can also add new pages to a website containing malicious or spammy content due to security flaws.
  • Redirects_ Hackers may also inject malicious scripts to a website that redirect users to spammy or harmful pages. For example, when you click a link in the Google search result, it can redirect you to malicious pages.

7. Phishing or social engineering websites

Social engineering content traps visitors into doing suspicious things, such as downloading malicious files or software or revealing confidential information. The browser may show a “Deceptive site ahead” warning to users if Google detects a website containing social engineering content.

Types of social engineering attacks

There are three types of social engineering attacks discussed in this article.

  1. Phishing_ It’s when a website tricks users into providing personal information, such as passwords, credit card information, or phone numbers. The content seems to come from a trusted entity, like a browser, operating system, government, or bank.
  2. Deceptive content_ The content traps you into doing some things you would do only for the authorized entity, such as sharing a password, downloading software, or calling tech support.
  3. Insufficiently labeled Third-party services_ When you operate a website on behalf of some other party without making a clear relationship, it may flag as social engineering.

Google Safe Browsing protects users by showing them warnings when they visit pages that are consistently engaged in social engineering.

Fix the Problem

If your website contains social engineering content, follow these steps to fix the problem.

  • From the Search Console, verify that you own your website and no suspicious owner has been added. See the security issue report to check if your website is listed for containing deceptive content.
  • Remove the deceptive content and make sure that no pages on your website contain it. Report a page if Safe Browsing shows an error in it.
  • Ensure that any images, videos, files, ads, or third-party resources on your website are not deceptive.
  • After removing all social engineering content, you can request a security review which can take a few days to complete.

8. Google policy Violation

Google omits a page from the search result if it contains sensitive information, such as leaked financial account details or some explicit photos uploaded without consent. The person who owns this information can either contact the website owner to remove the content. If the site owner does not take action against the user request, Google will remove certain sensitive information from the website.

Personal Information that Google removes

If you are unable to remove content from your website, Google may remove content that can create significant risks of financial fraud, identity theft, or other suspicious actions. Here are common types of content that Google removes from the search results.

  • Intimate or non-consensual explicit images
  • Involuntary fake pornography
  • Financial, national, and medical identity information
  • Doxxing content (content that exposes personal information with an intent to harm)

Google may also remove content for legal reasons, such as Google policy violation, DMCA copyright violation, and child sexual abuse imager.

Written by: Z. Oualid

Rate it

About the author
Avatar

Z. Oualid

I am a Cyber Security Expert, I have worked with many companies around the globe to secure their applications and their networks. I am certified OSCP and OSCE which are the most recognized and hard technical certifications in the industry of cybersecurity. I am also a Certifed Ethical hacker (CEH). I hope you enjoy my articles :).


Previous post

Similar posts

Post comments (0)

Leave a reply

Your email address will not be published. Required fields are marked *