|
|
|
|
|
|
by gojomo
6202 days ago
|
|
|
Thanks for the response and link. The "could get worse" standard is a slippery slope, unless the evidence suggests a very specific serious compromise or foreign active content. (Exiling a site because a few evil links appear in its comment threads, for example, would put almost every site at risk of removal. Indeed, that standard risks gaming by a site's rivals, using comment forms rather than 'hacks'.) Also, looking at Carr's last comment, even though he's removed the bad links, he doesn't know what compromise allowed them to appear. So his site is still in the "can't be sure... won't soon become particularly malicious... [or] substantially compromised" category that justified its initial removal. Your deep and sensitive checks for problems are definitely a public service... as long as the standards are clear and communications effective. Maybe notification should occur via a site's own comment functionality in addition to email? No details for third parties to exploit -- just a "please check Google Webmaster Tools" note. |
|
|
I definitely hear you on the slippery-slope issue, and perhaps I could have worded my initial note more carefully. We have reasonably conservative heuristics in place to assess whether a site has been actually hacked vs. just someone adding, say, a link to a nasty site in a comment. Also, in our experience, once a site or server's been compromised, there's a good chance that, well, where there's smoke, there's fire.
Regarding giving more information... I believe we do generally show specific examples re: hacking and malware via our Webmaster Tools, though I can't say for sure what we presented in Nick's case. Generally, we've seen that webmasters are able to catch the root vulnerability (via their own unpatched software or via their server), which prevents the same problem from recurring. (and speaking of unpatched software... from my own spot checks, that seems to be one of the most major culprits!)
Lastly, re: your suggestion about notification on the site's comment functionality itself... that's a fascinating idea! I think that it'd be a bit challenging to implement, given the diverse array of registration requirements, captchas, etc. (our bots are smart, but not as smart as humans!), but I know that our team is looking into more ways that we can let webmasters know of issues more effectively. Thanks for the suggestion!