Attack Sites, Malware and Safe Browsing Diagnostic

Attack site FireFox warning Just had a new publisher apply into one of the affiliate programs we manage on the Google Affiliate Network. The affiliate’s website opened just fine in my Internet Explorer, but Mozilla Firefox gave me a warning a part of which you are seeing above.

Are you checking affiliate websites for malware prior to making your decision on an affiliate application to join your program?

A good way to do it is by seeing what Google’s Safe Browsing Diagnostic says about the website. Introduced back in May 2008, this free service is a great tool that affiliate program managers can (and should) use. Google wrote:

We’ve been protecting Google users from malicious web pages since 2006 by showing warning labels in Google’s search results and by publishing the data via the Safe Browsing API to client programs such as Firefox and Google Desktop Search. To create our data, we’ve built a large-scale infrastructure to automatically determine if web pages pose a risk to users. This system has proven to be highly accurate, but we’ve noted that it can sometimes be difficult for webmasters and users to verify our results, as attackers often use sophisticated obfuscation techniques or inject malicious payloads only under certain conditions. With that in mind, we’ve developed a Safe Browsing diagnostic page that will provide detailed information about our automatic investigations and findings.

Just go to google.com/safebrowsing/diagnostic?site=URLofWebsiteToCheck.com and you’ll know whether they’re kosher or not.

Here’s the report I have received about the affiliate that Firefox red flagged (highlighting mine):

Google Safe Browsing Diagnostic report

If you’re managing an affiliate program and are not yet using the Safe Browsing Diagnostic tool, you should be.

4 thoughts on “Attack Sites, Malware and Safe Browsing Diagnostic”

  1. Google also attempts to notify [email protected] e-mail to let you know your site was hacked plus a message in your Google Webmaster Tool account. I have dealt with infected sites in the past and I have to say that although Google is quick to tag your site as unsafe- they do a good job restoring it back once you fix the issue.

    I know many affiliates still shy from using Google Webmasters Tool so Google can’t “track” all your websites :). Personally Google had saved me on occasions and I highly recommend using Webmasters Tool- it cost you nothing and Google probably knows about your websites anyway 😉

  2. Exactly, Vlad. I’m keeping my fingers crossed that it always remains this way (all the useful tools that Google is now offering for free – always remain free).

    I didn’t know that they notify website owners of site hacks. Do they send the email to “webmaster@” or an email address listed on the Who Is database, or one that’s listed the hacked site?

  3. I think they still attempt to the “webmaster@hackeddomain”- it is really a wild guess on their part because that e-mail may not exist in 90% of the time. I doubt that they would bother with Who Is database since many website owners chose “domain privacy” and the contact details on Who Is are usually those of the web hosting provider.

    Since I am using the Webmaster tools they are notifying the address I am using for my Webmasters Tool account.

    Andy Beard recently described his nightmare- how his website was hacked and what he did to fix it – http://andybeard.eu/2210/google-stopbadware.html

    While Andy posts deals specifically with WordPress there are some good tips for any website owner.

    While this can happened just to about any one I have seen websites that were hacked for weeks- this of course raises some questions to whether or not person really cares about their site.

  4. Google offers an easy way for people to report malware sites at http://www.google.com/safebrowsing/report_badware/

    I get Google Alerts for my sites and a surprising number of the alerts I was getting last year were for scraped content used on malware auto download sites. They easily end up in Google’s top 3 or 4 organic search results for their targeted terms with pages full of unrelated nonsense scrapings. It used to be far more difficult to document and report those sites to Google than it is today. That activity tapered off a lot but has recently come up again.

Leave a Comment

Your email address will not be published. Required fields are marked *