Submit a Malware, Phishing, Spam Review Request to Google

Note! It looks like your domain is currently flagged by Google. You can verify the current status by checking the Diagnostic Page. If your site is flagged once you clean it up, you MUST request a malware review to have the warning removed. Aw Snap has information on finding and cleaning up many types of hacks. Your site has been flagged for "unwanted software"

SEE: More Visible Protection Against Unwanted Software. If you are having problems finding the hack,don't struggle with it, go over to the Google Webmaster Help Forum and ask for advice!


Another Note! Your site is flagged under the category "unwanted" which means adware/adinjectors or other potentially unwanted programs are being downloaded from your site. About 99.9% of the time it is going to be adware coming from one of your 3rd party ad providers and the other .1% is going to be adware coming from one of the ads included in the "free" widgets you are using. On video sites about 99.9% of the time it is going to be ads served by one or more your "video provider(s)".


Submit a Malware Review Request to Google

In the unfortunate event that you find Google has flagged your site as Dangerous you MUST submit a Review Request to Google to get the warning removed. Check the Safe Browsing Site Status, enter your site and if reads Dangerous You can delete your entire site, scrub every file off the server and Google is still not going to remove the warning until you submit.



A Review request is submitted in the Search Console (aka Webmaster Tools) Account for the site, Google Search Console, if you do not currently have an account you will need to create one. Login to your Search Console Account and go the the dashboard for the site you are going to submit the request on. Click on the Security Issues link on the left side of the screen and it should bring up a screen similar to the image below.



When possible Google is going to provide some information about the hack which can be very helpful in finding the problems. Google will describe the type of hack and provide some sample URLs where they detected the problems. These are samples and there could be additional infected URLs on the site.



However in many cases Google is not able to provide any info and you will see something like this.



Malware vs. Unwanted Software

Starting somewhere around mid July 2015 Google started flagging websites for "unwanted software" as defined (vaguely) in this ref. Unwanted Software Policy. On the vast majority of the sites I have seen flagged so far the "unwanted software" has been adware/ad injectors downloaded from ads provided by 3rd party ad providers. In a handful of sites it has been "potentially unwanted programs/software" (PUPs). "Free" toolbars, registry cleaners, etc. Pretty much anything that messes with the users browser or computer is going to get flagged.

Todate I have not seen anything in Google's warnings that distinguish between a malware warning or unwanted software warning your just flagged. If you scan your site with the File Viewer Tool it will warn you the site is flagged for unwanted software. Or, you can use this simple utility Is Flagged? to check. The process for submitting a review is the same for both Malware and Unwanted Software.

To submit you will need to click the box I have fixed these issues (more on that later). When you click the box you will get a pop-up



This should be brief but you need to show Google what you did - I found and removed a redirect in the .htaccess file.

Click the Request a Review button. Once the request has been received by Google you will see notices as shown on the screen below (may take a few minutes). I regularly see posts on Google's Forum saying this form flat out does not work in some older versions of Internet Explorer, the request never goes through, so use another browser to submit the request if you do not get the review pending message.



The review process is automated and on average will take about 10-12 hours to run, although in rare cases it may take 24 hours or more. Google does not provide any other acknowledgement, no email etc that the review process has started, completed and so on. About all you can do is keeping checking your Search Console to see if the review is still in process, still pending.

The site MUST be online for Google to scan and clear the warning. If you have taken the site offline while cleaning get it back online before you request a review, I frequently see delays in getting a site cleared the site is returning - HTTP/1.1 503 Service Temporarily Unavailable instead of HTTP status 200 Success. Google will clear a parked domain but it does take longer for the review to complete and the warning to be removed.

From time to time I see site owners agonize over checking the I fixed the issues box, "How can I tell if I fixed everything?" "Will my site be penalized if Google still finds malware?" No you will not be penalized, the process is automated, some computer at Google is going to scan the files again and if it does not detect anything the warnings will be removed, if it detects something they will stay. Make a good faith effort to clean things up and submit, if you find something clean it up but don't spend days/weeks looking for something else. In the unfortunate event that something is still there Google is going to tell you.


This site may be hacked - spam hacks

Typically a this site may be hacked warning is going to be some sort of spam hack, not malicious content. You should check under Security Issues and Search Traffic -> Manual Actions to be sure, but, Typically a this site may be hacked warning is going to be algorithmic, not manual, so a site owner will not see any notice in Search Console and will not be able to request any sort of review. It is not real common but some spam hacks do lead to a Security Issues/Manual Action so it is important to check, and then check again every few hours.

If Google does hit your site with a Manual Action under Manual Actions you would see something like this -



Once you have cleaned up the spam you want to go ahead and submit a Review Request. Hopefully in a couple of days you will see something like this, if not you still have some more cleaning to do.



The response from Google has a reminder to check Security Issues but don't wait for the Manual Action response. Once you have checked Manual Actions and dealt with that portion check Security Issues. If you see something like this -



again as soon as you have everything cleaned up submit the Review Request.

If you do not see anything under Security Issues/Manual Actions (keep checking) - Google has said something like "the warning will be removed automatically as we re-crawl the site and find it is clean" However, depending how frequently the site is being crawled, that can take awhile, a couple of things the site owner can try to speed things up a bit --

  • Submit (or resubmit) your "search engine" sitemap, the XML sitemap. If you do not have one you should create one.
  • Use the Fetch as Googlebot utility in Search Console to fetch your homepage. After a successful fetch click the Submit URL and linked pages to index. That should trigger a re-crawl of the site.


Remove a Google Phishing / Deceptive Site warning

When Google flags a site for Phishing you/your users will be blocked with the "red screen of death" but, the diagnostic page for your site MAY not show anything and it is pretty common for there not to be any info in your Search Console. Google is currently labeling both sites flagged for phishing and sites flagged for Deceptive Content with the Phishing label and it can be tough to determine which one Google is flagging you for. If your site has been flagged for Deceptive Content you will use the Search Console -> Security Issues process described above to get a review for your site. If Google has flagged the site for phishing once you have cleaned up your site the form at Report Incorrect Phishing Warning is used to notify Google.



You need to submit the specific URL(s) that Google currently has flagged, http://yourdomain/wp-content/boa/login.php. If Google has not provided you with the specific URL(s) they can be tough to find. Ther are some tips on locating Phishing URLs on your site at Remove a phishing or web forgery warning. Once you have located the specific URL(s) submit the individual URL(s) and your homepage.