When Dave Naylor first reported some issues with his blog, I fired up SERPGuard.com to check out his URL. Our tool interacts with Google’s API to find compromised sites which are listed on their malware or phishing blacklists. Dave’s pages were being dropped from Google’s SERPs, which raised my suspicions he had been blacklisted but the result was negative. You can check here manually (screenshot) and at StopBadWare’s clearing list.
What is the current listing status for www.davidnaylor.co.uk/?
This site is not currently listed as suspicious.
What happened when Google visited this site?
Of the 29 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 09/18/2008, and suspicious content was never found on this site within the past 90 days.
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, www.davidnaylor.co.uk/ did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
OK, so we assume Google did not see Dave’s site as compromised. This would explain why Dave did not get any warning messages from Webmaster Central. Both that system and SERPGuard work on the Google Safe Browsing API and without a positive listing of DaveNaylor.co.uk – neither would have reason to send out an alert.
According to Dave Naylor’s latest blog post, his site appears to have suffered a text-book hack.
While I was in the meeting Becky texted me to say they had found something Patrick at Blogstorm ( I’m not linking out just in case I pass bad karma) and Josh from JaeWeb, had spotted an issue. It was spot on, the server had been comprised and the site was cloaking links to google of antidepressant drugs and we had a fake adsense code injected into the blog.
Patrick Altoft discovered a useful way of detecting compromises in your blog, by setting up Google Alerts on key terms. I imagine one of these searches revealed the cloaked pages that Dave had unknowingly served to Google.
The real advantage of Patrick’s technique, is that it might be able to catch this kind of compromise before the site makes it onto Google’s blacklists. I’ve always assumed that SERP penalties would only be applied after the site is listed by Google as being compromised.
So the real question here is why would Google apply a penalty without first listing DaveNaylor.co.uk? Is this a case of the left hand not knowing what the right is doing? ie. are malware/phishing penalties applied irrespective of the Safe Browsing list? Or does Google not consider this incident malware/phishing related?
There are still a lot of unanswered questions for me with this incident. I look forward to Dave revealing more about the hack and any feedback Google can give on why he was penalised but not listed? If the Safe Browsing project is to have any use to webmasters, we should know it accurately reflects Google’s opinion of the site.