Google last year recorded a 32 percent increase over 2015 in the number of websites that its search engine flagged as being hacked.
More than six in 10 of the webmasters of such sites, however, never received a notification from Google about their properties being infected because their sites had not been registered with Search Console, Google said in a review on its Webmaster Central Blog this week.
Search Console is a free Google service that lets website owners monitor how their site performs on Google Search. Web administrators can use the console to see originating site traffic, mobile traffic, what queries result in traffic being directed to their website and numerous other metrics. The console also provides a way for Google to notify owners of potential security problems with their websites.
When Google’s search algorithms determine that a website has been compromised and is being used to distribute spam or malware or to engage in some other malicious activity, the site gets demoted automatically or manually in search results or removed entirely from them.
In some cases, Google’s actions only impact specific URLs or portions of a website that Google might identify as being maliciously hacked. In other situations, the company might identify an entire site as being problematic. Google flags such sites as likely being hacked or unsafe in a bid to alert users.
The company then notifies site owners of the issue through Search Console. Website owners who remedy the identified issues can apply for reconsideration in Google Search.
In the post on the Google blog this week, two members of the company’s Webmaster Relations team, Wafa Alnasayan and Eric Kuan, said 84 percent of those who applied for reconsideration last year were successful in getting their sites reinstated.
“Sites often get affected in similar ways when hacked,” Alnasayan and Kuan said.
For example, many of the websites that Google’s search engine flagged last year were victims of what the company described as the gibberish hack. This is an attack where a threat actor inserts pages with nonsensical sentences filled with specific keywords into a site so they appear in Google Search. People following the hacked pages then end up getting redirected to porn sites and other malicious web pages.
Another common tactic is the Japanese keywords hack, where attackers create pages with Japanese text containing links to stores selling counterfeit goods that show up in Google Search.
A third type of attack that Google observed last year was the cloaked keyword attack involving malicious pages that appear at first glance to be part of the original site but contain hidden links to malicious content.
For each type of attack, Google this week released an online guide with tips for webmasters on how to mitigate their exposure to the hacks. The new documentation is in response to requests from webmasters for more help dealing with security issues on their websites, Alnasayan and Kuan said.
“We’ve been listening to your feedback to better understand how we can help webmasters with security issues,” the two Google employees said. “One of the top requests was easier to understand documentation about hacked sites.”