An Increase in Security Warnings from Google and What to Do If You Think Your Site has been Compromised
Have you encountered an increased number of Deceptive site ahead Warnings in Google Chrome and Firefox or received emails from Google Search Console with the subject line Social engineering content detected on [website]?
Over the last week or so we have had a number of messages from Google Search Console titled Social engineering content detected on ……, like the email illustrated below.
The emails nearly all related to websites that were still retained in our Google Search Console Account, yet were not actively worked on or maintained by us. Typically, they were additional sites that our clients had developed, maybe for a project, purpose or new business idea, that were no longer core to them and we were no longer tasked to maintain or optimise them.
We have also seen a number of websites which have been listed as potentially deceptive by Google and have been blocked in Google Search Console and Firefox with a Deceptive site ahead warning (like the image below). These sites have also tended to be sites where not a lot of maintenance has been carried out or love has been given to them.
Google Search Console Security Issues
Google Search Console Security Issues is a new feature in the new Google Search Console that was introduced earlier this year, to keep webmasters better informed of issues that might affect the search engine visibility and search experience of their websites. The emails that they send out notify webmasters of the issues and give a brief outline of how to deal with the problems.
Google Search Console Social engineering content Detected
Deceptive Site Ahead Warnings in Google Chrome and Firefox
Deceptive Site Ahead Warnings were introduced in Google Chrome and Firefox a few years ago to warn people of dangerous websites and prevent users from being compromised. The warnings actively prevent users from visiting the site and a user has to click for details and then click a link to visit this unsafe site (if you understand the risks to your security).
With both warnings, the trigger can be actual issues but in some cases the risks are simply that the site owner has chosen not to install an SSL/run the site through HTTPS or has not updated software on the website. We have also seen cases where a false positive can trigger the warning.
What to do if you receive Social Engineering Content Warnings or if your site displays a Deceptive Site Ahead warning.
- Scan Your Website Server for Malicious Files, Malware or Threats
Hosting options vary but most hosting companies offer some form of anti-virus scanning. We installed Imunify360 from Imunify Security on our servers and found it to be excellent, though it also does throw up some false positives.
- Install a Security plugin on your site
There are some excellent security plugins that can monitor your site and deal with issues in real time such as Wordfence, Sucuri Security or All In One WP Security
- Install an SSL Certificate on your website Properly
If you do not have an SSL, make sure you install one as Google has been stressing the importance of this for a number of years. If you have installed one, make sure it is installed correctly as sometimes, Google Chrome will show the Deceptive Site warning if it is unable to communicate securely with the server. Google Chrome only accepts SSL Certificates from a CA/B Forum verified Certificate Authority, so you must only install trusted SSL Certificates like Comodo, GeoTrust, RapidSSL, Thawte, etc.
- 301 Redirect the Website from HTTP to HTTPS
Simply installing the SSL is not enough, you need to ensure you run your traffic through HTTPS, ie if someone clicks on a link to http://www..yourwebsite.com/page they are taken to https://www..yourwebsite.com/page, otherwise the warnings can still be generated from non-secure visits
- Remove Any Mixed Content on your pages
Once you have installed an SSL, you need to ensure that you change all of your links and resources to SSL or the browser will display a mixed content warning. Many websites install SSL then forget to update images or links to https, meaning that a user is exposed to potentially unsafe resources or places. As a result, Google Chrome and Firefox flag this as mixed content
- Update Your Software & Plugins
Content Management Systems like WordPress, Magento, Drupal, OpenCart, etc., are regularly updated and old versions often possess security vulnerabilities. Best security practise advised by Google and Security specialists like WordFence is to make sure you update your core platform and plugins to the latest version
- Update All of Your Passwords
Change the passwords to your server, website backend, email, Google Account and any relevant resources where there is a risk. Remove any non-essential admins on your server and website and check for any suspect users.
- Crawl your website to Identify any suspicious external links
Crawl your website with software like Screaming Frog or Xenu to identify any suspicious external links, check these out (safely) and remove the links if you are at all concerned.
- Review the website and perform a sense check
Can you see any obvious dodgy signs or requests to do things that you shouldn’t, e.g. download files, ask you for login details?
- What to do Next
When you are satisfied that everything is in order and your website is safe, secure and clean, then submit a Request Review in Google Search Console, detailing precisely what you have done to fix the issues and being sure to note everything and why.
And/or click the report a detection problem link on the Deceptive Site Ahead Warning and submit a Safe Browsing Report, again detailing what you have done to remedy the issue or potential issue that they flagged.
You then need to wait for Google to review the site and your processes and assess whether the risk has been dealt with. With the reviews we have done over the past week, we have seen a response within a few days. You will receive an email (like the one illustrated below) from Google Search Console notifying you of their decision and a message appearing in Google Search Console Security issues. Submitting the safebrowsing report takes a little longer from our experience and you need to monitor this, so using Search Console is our preferred method.
Summary
These warnings are significant and can result in a considerable loss of traffic, reputation and business. Our belief is that the increase in Deceptive Site Ahead or Social Engineering Content Warnings is triggered by an increased level of security within the latest Google Chrome version and increases in Google Search Console’s responsiveness. We also believe that Google has been warning site owners to implement https for a long time now, as it has been warning of the dangers of Out-of-date software and ensuring your site is well maintained and up to date and that this is does highlight the need to follow this advice and the risks of not doing so.
If you have anu questions about this or have been affected by this yourself, please get in touch, we’ll be happy to help.