How To Avoid Getting Your Search Rankings Trashed By Malware

As if SEOs don’t have enough things to worry about already, add malware to the list. Why does malware matter to SEOs? If the site you are working on gets infected, its search traffic will plummet. Search engines attempt to remove infected pages from their search results, or they label them with an ominous warning, such as This site may damage your computer.

Back in 2008 Google reported that malware infected pages had increased to more than 1% of all search results. Google posted a malware statistics update last week. Malware infections have more than doubled since April 2009. Search results containing a url labeled as harmful have remained level in the range of 0.5% to 0.9%, an improvement. While the web as a whole has become more dangerous, Google’s been doing an even better job clearing their search results.

I know one reason why there’s been a dramatic rise in malware on the Web since April. A nasty malware attack has been targeting web developers to steal their passwords. Stolen passwords are used by the bad guys to automatically deploy iframe injection attacks to innocent web page.

If you access web sites via File Transfer Protocol (FTP) or Secure File Transfer Protocol (SFTP), this attack is targeting you. All you need to do is browse an infected page using an insecure browser. Badware will be deployed to your machine, and it will find the files used by FileZilla, or possibly other FTP programs to store passwords, and silently send those files back to a server in China. Then an automated bot attack will use FTP to edit your web pages, infecting them with malware. Then your sites will drop out of the search results. Can you image the uncomfortable conversations when all your sites get hacked at once and you have to admit responsibility?

What can be done to reduce this risk of search Armageddon?

  1. Use a more secure browser such as Chrome or Firefox with the NoScript add on for routine browsing.
  2. Don’t use any FTP program that stores passwords locally in plaintext, such as FileZilla. To date, Dreamweaver has not been reported to have been compromised. Dreamweaver encrypts passwords and stores them in the Windows registry.
  3. Consider using a Mac or Linux instead of Windows. As the most popular operating system, Windows is the most popular target for attacks.
  4. Make sure your machine and server are fully updated and patched. Turn off unnecessary services and software to reduce the attack surface.
  5. Register your site with Google Webmaster Tools and Bing Webmaster Center. Check regularly to see if there are any malware reports (or other issues) with your sites.
  6. If you suspect a malware infection, check Unmask Parasites,
  7. View your site’s reputation at McAfee SiteAdvisor.
  8. Reduce the number of people and computers that have access to your web server.
  9. Keep a backup copy of your web pages. In case of infection, it’s a race to see if you can fix the site before search engines (and users) discover the problem and dump you.
  10. Choose the hosting provider that has the quickest response time, not the cheapest price. If your site gets hacked, you may need their help to change all the passwords.

As the web becomes more dangerous, customers become more suspicious, reducing opportunities for everyone. Please do your part to make the web safer, and to reduce your risks.

Opinions expressed in the article are those of the guest author and not necessarily Search Engine Land.

Related Topics: Channel: SEO | Google: Security | How To: SEO | Search Features: Safety


About The Author: has two degrees in computer science from Yale University and is a founder of Hochman Consultants, an internet marketing company, and CodeGuard, a computer security service.

Connect with the author via: Email | Twitter | Google+ | LinkedIn


Get all the top search stories emailed daily!  


Other ways to share:

Read before commenting! We welcome constructive comments and allow any that meet our common sense criteria. This means being respectful and polite to others. It means providing helpful information that contributes to a story or discussion. It means leaving links only that substantially add further to a discussion. Comments using foul language, being disrespectful to others or otherwise violating what we believe are common sense standards of discussion will be deleted. Comments may also be removed if they are posted from anonymous accounts. You can read more about our comments policy here.
  • WeWatch

    There are 3 other ways this virus can steal passwords, other than finding the file that stores the saved credentials.

    First, it has been seen as a keyboard logger as well. So even people who don’t store their passwords, it can be stolen.

    Second, the virus is also a sniffer. It snifs the outbound FTP traffic and since FTP transmits all data, including username and password, in plain text, it’s easy for the virus to capture the login credentials.

    Third, the virus injects the malscript directly into the outbound FTP stream as it leaves the PC and is headed toward the website. This leaves no out of the ordinary log file entries as all you see is FTP traffic from a legitimate IP address.

    One other comment. The stolen FTP credentials are not only sent to China, we’ve seen cases where the data was sent to servers in the UK, Russia, Korea and Brazil.

  • Bizmeds

    Interesting, i recieved this from a client just today.

    “My rankings are one day on page 1 then nowhere. If you do a in google you will see the pages that google says link to the site – no other search engines show any links. If you look at the pages the common denominator is a link to abpanama – so google is (or was, it might have been corrected but I don’t know for sure) somehow being redirected to the utilities site. I have checked all the files (htaccess, robot and all others) and can’t find anything. I also downloaded all the files from the server and searched the code in dreamweaver for utilities and found nothing. Is there any way there could be a hidden file somewhere?”

    I suspected a malware infection so ran the site through Unmask Parasites and came up clean is there an easy way of sourcing out the problem?

  • pauly99

    Thanks for the tips. My website was attacked which made me switch over to Linux for more security.

Get Our News, Everywhere!

Daily Email:

Follow Search Engine Land on Twitter @sengineland Like Search Engine Land on Facebook Follow Search Engine Land on Google+ Get the Search Engine Land Feed Connect with Search Engine Land on LinkedIn Check out our Tumblr! See us on Pinterest


Click to watch SMX conference video

Join us at one of our SMX or MarTech events:

United States


Australia & China

Learn more about: SMX | MarTech

Free Daily Search News Recap!

SearchCap is a once-per-day newsletter update - sign up below and get the news delivered to you!



Search Engine Land Periodic Table of SEO Success Factors

Get Your Copy
Read The Full SEO Guide