Ridley Ruth is COO at Dropmysite, a cloud backup company.
Blacklisting is probably more common than you think. While Google eschews the term “blacklist,” the search giant has quarantined as many as 10,000 websites per day in recent years, typically because the sites have been infected with malware and expose unsuspecting visitors to malicious software that can cause harm to their computers and put sensitive personal information at risk.
What happens when a website is blacklisted? Too often, site owners panic and web hosting providers suffer disruptions to everyday business, as they scramble to help anxious customers clean up their sites and get back online.
Unfortunately, businesses that can’t afford to hire IT security specialists or install expensive monitoring tools are often slow to realize their website has been blacklisted. In fact, nearly half of business owners are alerted to a compromised website by a browser, search engine, or other warning when trying to visit their own websites. That’s when the fire drill begins. For blacklisted sites, time is the enemy. Every minute a website is blocked represents lost revenues, not to mention immediate—and sometimes lasting—damage to an organization’s reputation. This problem is particularly acute for startups and small and medium-sized businesses, which lack the infrastructure and deep pockets to weather an extended storm. Moreover, when a customer’s site is blacklisted, they stand to lose nearly all of its organic traffic from their marketing activities, which can have a devastating impact on sales.
The time required to remove malware and secure a site can range from hours to days, depending on the severity of the infection and whether the site is protected by a frequent and effective backup regimen. Removal of malware and site restoration is the first part of the fix. Once that process is complete, site owners still need to request a review from Google before blocking is removed. A recent study of 500 blacklist removals by SucuriLabs found that the average time for blocking removal was 10 hours and 23 minutes, with actual removal times ranging from 2 hours and 20 minutes to 23 hours.
For web hosting providers, blacklisted customer sites can be a real nightmare, putting a strain on operations and potentially undermining their credibility. Customers typically don’t understand why their site was blacklisted and will often unfairly blame their hosting provider for the problem. But regardless of where the fault actually lies in individual incidents, blacklisting isn’t going to go away anytime soon, and smart hosting providers will position themselves to help customers remediate the problem as quickly as possible. Providers that offer robust tools to get their clients through the process expediently will ultimately inspire enhanced confidence and loyalty; those that don’t are likely to squander significant resources on remediation support and lose customers in the process.
The good news is that blacklist remediation doesn’t have to be a nightmare or a lengthy ordeal, particularly if affected website owners are already using intelligent automated backup regimens and can easily restore the affected website files and functionality on their own with the appropriate tools.
To protect themselves, hosting providers should familiarize themselves with the following steps for remediation so they can implement them quickly and efficiently once a customer discovers their site has been blacklisted:
- Check for viruses on administrators’ systems by running reputable antivirus scanners or AV scanners on every computer used by an administrator to log in to the site. Then, you should check server logs for activity by the administrator who owns the infected computer.
- Change passwords for all site users and accounts, including logins for FTP, database access, system administrators and CMS accounts. Remember that strong passwords will combine letters and numbers and punctuation, and will exclude words or slang that might be found in a dictionary. The more sophisticated web hosting companies will allow customers to easily make these changes in a dashboard interface as part of a self-service automated backup offering.
- Educate customers to check that they have installed the latest versions of their operating system, CMS, blogging platform, apps, plug-ins, etc.
- Delete all new and modified files added to the server following the time when the issue was first detected, and then perform a complete system restore. If you offer a cloud-based automated backup and disaster recovery service to customers, it may be possible to complete the restoration with a single click. Otherwise, your customers will need to find and manually download the last clean versions of the each of the modified files.
- Request a review by Google to remove the blacklist flagging. The process for that is described by Google here, and keep in mind you will need to use Google Webmaster Tools to carry out the required steps.
How can webhosting provider’s best prepare for possible infections and blacklisting? Act now to control your own destiny. Assume the worst will happen, and then make sure you have access to tools that will get your customer’s site and data back online as quickly as possible
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.