JBCR Virtual Solutions - Internet Business Developer Blog
Google's Security
Google has started an OnlineSecurity Blog.
Any of you who read my blog, or articles page at my site, know that I was hacked. The culprit was "Malware". Looking for information about this 'nasty' in a search today I came across: Google Online Security Blog at http://googleonlinesecurity.blogspot.com/
"To protect Google's users from this threat, we started an anti-malware effort about a year ago. As a result, we can warn you in our search results if we know of a site to be harmful and even prevent exploits from loading with Google Desktop Search." Ok, yes it is absolutely a great idea to warn potential visitors that the may be infected if they go to a website.
One thing that concerns me a "tad" is this:
Even after a site that was infected in the past, but is now clean has a cache of the old "bad" pages that can turn up in searches. How does a web owner clear that. If someone turns up an old page cached which contains a malicious script, who is responsible? Could this happen? We don't have a clear answer on this yet. When we do, we'll post it here... So as I saying the Goole security blog states: "If your site has been hackedTake the site offline in order to keep from putting your site's visitors and your customers at risk. Then remove all of the offending code and fix all underlying security vulnerabilities before putting your site back online."
Ok, (I say that too much don't I) so... Okay :-) I read on and they refer web masters to a link that says
"There are three basic steps to maintaining a clean site from Identifying badware on your site Removing badware from your site Preventing badware in the future "
Source: http://www.stopbadware.org/home/security The attack on us was a little different than a malware/badwrare scenario. We didn't have malware/badware put on our site. We were attacked at someone elses website BY malware that used our computer to upload objectional content to our site.
Even though we didn't have malware/badware on our site, we used many of the same suggested remedies as we would have for malware/badware.
It's been over month since we discovered our site had been compromised, and nearly a full month since we cleaned out the bad files. Our site is still impacted by this episode and suffering the backlash from Google searches showing results for these bad pages even though they were removed at the end of April...
Oh... As for Google's Matt Cutts - he has not, as of the date of this entry, responded to the message I left on his blog. Stay tuned!
Jan
Any of you who read my blog, or articles page at my site, know that I was hacked. The culprit was "Malware". Looking for information about this 'nasty' in a search today I came across: Google Online Security Blog at http://googleonlinesecurity.blogspot.com/
"To protect Google's users from this threat, we started an anti-malware effort about a year ago. As a result, we can warn you in our search results if we know of a site to be harmful and even prevent exploits from loading with Google Desktop Search." Ok, yes it is absolutely a great idea to warn potential visitors that the may be infected if they go to a website.
One thing that concerns me a "tad" is this:
Even after a site that was infected in the past, but is now clean has a cache of the old "bad" pages that can turn up in searches. How does a web owner clear that. If someone turns up an old page cached which contains a malicious script, who is responsible? Could this happen? We don't have a clear answer on this yet. When we do, we'll post it here... So as I saying the Goole security blog states: "If your site has been hackedTake the site offline in order to keep from putting your site's visitors and your customers at risk. Then remove all of the offending code and fix all underlying security vulnerabilities before putting your site back online."
Ok, (I say that too much don't I) so... Okay :-) I read on and they refer web masters to a link that says
"There are three basic steps to maintaining a clean site from Identifying badware on your site Removing badware from your site Preventing badware in the future "
Source: http://www.stopbadware.org/home/security The attack on us was a little different than a malware/badwrare scenario. We didn't have malware/badware put on our site. We were attacked at someone elses website BY malware that used our computer to upload objectional content to our site.
Even though we didn't have malware/badware on our site, we used many of the same suggested remedies as we would have for malware/badware.
It's been over month since we discovered our site had been compromised, and nearly a full month since we cleaned out the bad files. Our site is still impacted by this episode and suffering the backlash from Google searches showing results for these bad pages even though they were removed at the end of April...
Oh... As for Google's Matt Cutts - he has not, as of the date of this entry, responded to the message I left on his blog. Stay tuned!
Jan
Labels: Security
posted by Jan at
2:16 PM
We do not block googlebot on every busy customer site, only when it is demonstrated that it is causing artificial usage (a 10 page site does not require 5000 hits from googlebot to be indexed =) and when the alternative to blocking googlebot is disabling the entire domain. It is disingenuous to suggest that this refers to google simply indexing sites - I actually have been in direct with google engineers to help sort out the specific cases where by their their crawler was not performing as it should be."
