Google is informing website operators and administrator to sign up for its security notifications after a study of 760,935 hijacked websites revealed the difficulties in cleaning up infections/viruses that expose visitors to malware.
Google announced its findings in a study that was conducted with the University of California, Berkeley, which looked at the hijacked websites it found in an 11-month period to June 2014.
The sites were identified through Google Safe Browsing, which notifies browser users of a potentially harmful site, and Search Quality, which flags risky sites in search results.
The study found the most effective way to communicate the issue to website operators, and whether operators had the technical knowhow to resolve it.
The researchers found that website operators who’d registered their site with Search Console, and would thus receive an email directly from Google, performed best, with 75 percent recovering a compromised webpage after notification.
Browser and search warnings alone led respectively to 54 percent and 43 percent of sites being cleaned up.
The researchers also found that 80 percent of site operators had removed attack code from their sites after the first appeal from Google to have the site un-flagged as potentially malicious.
Kurt Thomas and Yuan Niu of Google’s Spam & Abuse Research said the company conducted the research to find out how best to balance the safety of Google search users with the experience of site operators.
“While browser and search warnings help protect visitors from harm, these warnings can at times feel punitive to webmasters who learn only after-the-fact that their site was compromised,” the pair noted in a blog post.
As the researchers note in the paper, webmasters often find the experience of having their site hijacked to be traumatic, which is exacerbated by in-browser warnings that block access to a site and have the potential to drive visitors away.
However, the researchers counter that the warnings serve as a “side-channels” to spur remediation.
“Some webmasters requested that any site-level hijacking flag not take effect until one week after notification. However, such an approach both requires a direct notification channel, thus ruling out interstitials or search warnings, and also puts visitors at risk in the interim,” the researchers note.
About 50 percent of hijacked websites in the study were running on WordPress, followed by Joomla, Drupal, Typo3, and Vbulletine (open source softwares).
Previous research found that sites running on WordPress, Joomla, and Drupal faced a higher risk of compromise because hackers focused on platforms with the largest marketshare.
The study also found that sites that are compromised and redirect visitors to another malicious site were the most difficult to fix, with only 12 percent of sites recovering within 60 days.
Edited by: Afaque