Google has rolled out the new search console to website owners across the globe. Previously known as Webmaster Tools, the new google search console helps those who maintain websites, analyze the site’s indexation on Google Search, view and check analytics, go through the inbound links, detect malware and also submit or remove content for crawling.
The google search console is a free service which is offered by google. It helps monitor, maintain and even troubleshoot the website’s presence in the google search results. The new google search console helps you get an idea and even improve the way, google sees your site.
Google launched a new version of the google search console in January 2018. This is a free platform which helps you and other website owners get an idea and monitor how google views your website and optimizes the organic presence. You get an idea on the referring domain, the mobile site performance; the rich search results, and even the highest traffic queries and pages.
The new search console brings transparency to google’s indexing, enhances two-way communication between google and the website owners, resolves issues and has a faster user-interface.
Issues faced by the new google search console: Sadly, the new google search console has its share of problems. Many website owners were seeing their pages drop out from the Google search index. These issues were visible on the google search console. This was the result of a technical issue at google, which has since been resolved.
All the affected URLs stand reprocessed. This is a stark reminder that website owners are still at the mercy of technical issues, bugs and glitches. Many problems with the new google search console stand unresolved.
The AMP crawl issue: Many users are facing problems when they check the google search console. This is due to the AMP crawl issue. A crawl issue is one where a search engine tries to reach your page on the website but fails. Google has acknowledged, this is a bug from their end and immediate action has been taken.
The accelerated mobile pages or AMP crawl issue negatively impacts mobile traffic and causes a drop in mobile rankings. Google has addressed this issue, though it continues to occur. Thankfully the frequency is low.
Mobile SEO is a crucial part of the search. Any issue damages rankings and the AMP crawl issue has resulted in hundreds of error reports hampering the user experience. Most of the issues can be resolved through the validation fix. More serious issues need assistance.
Check the google search console on an hourly basis to check if bugs on your site have been removed. Go for mobile optimization and update webpages which might be the cause of these issues. Serious issues need more assistance.
AMP optimizes the mobile user experience and makes pages more visible on smartphones. The AMP crawl issue on google search console shows the impact of crawl error on search traffic and the need for monitoring traffic very closely.
The google search console is a free app which helps identify, troubleshoot and resolve issues as google attempts to index your website page in the search results. The most powerful feature of the new google search console is the Index coverage report. This report gives a list of pages, google tried to crawl and index. Any errors encountered are also mentioned.
Indexing bug: The new google search console is still affected by the indexing bug. What is this indexing bug? Many website users have noticed that index coverage and enhancement reports in the google search console have not been updated recently. The URL inspection tool is returning data which is not reflective of the live status.
Google has stated that the URL inspection tool may still be used to resubmit pages. But, the status report may be incorrect. The indexing bug issue has been resolved for the search results. This means your pages are indexed even if the google search console doesn’t say so.
If you want to be sure that your pages have been indexed, use the ‘site:’ search. If there’s still an issue, its most likely specific to your site. Any site-specific issues can be resolved by submitting a thread to the google webmaster community message board.
How was the indexing bug issue resolved? On 4th April some site owners and SEOs reported a significant amount of site’s pages missing from the Google Index. Google confirmed there was a technical issue affecting the search index. By April 10th Google had resolved the issue in search results. On April 15th Google confirmed that the issue persists in the google search console. Google will soon resolve the indexing problems you face.
Social engineering is basically manipulating people to give up confidential information. Criminals seek access to your computer to secretly install malicious software. This gives them access to banking information and important passwords. Criminals can trick you into parting with crucial banking and financial information.
This method of cheating is called social engineering as criminals exploit trust to hack into your computer. Why do criminals use social engineering? Its easier to trick you into giving private confidential information, rather than hacking into your computer system.
Security is all about trust. You must know whom to trust and when to trust, the same holds true with online security. Do you trust the website you use to be legitimate?
Why is social engineering so successful? The biggest loophole in any security system is the human and his weakness to trust. No matter how much security you have, if you let the man who calls himself an electrician into your house, you are at risk to the threat he represents.
A phisher sends an email, text message or a comment, which appears to come from a legitimate source. This could be a Company, school, bank or a financial institution.
Phishing performs a variety of functions like the extraction of login credentials or even bank account information from the victims.
Phishing relies on social engineering, and the use of social networks like Facebook, Twitter, and Linkedin to collect critical information on the intended victim's interest, habits and work history. Electronic communication methods like email, SMS text messages or even social networks are used to persuade the victim part with confidential information.
Deceptive content tricks you into doing something you would do, only for a trusted person or an entity. This could be calling up the tech support or sharing a password, downloading some software or even downloading or sharing content which contains an advertisement. Deceptive content also tricks you into downloading and installing unwanted software.
Insufficiently labelled third party services:
The third-party service operates a site on behalf of another person or entity. Make sure there’s a clear definition between the first party and the third party. Let's say you (the first party) run a charity event through your website. A donation management website (This is basically a third party website), manages this activity.
The third-party site must clearly state that it's action on behalf of the charity event (On your site) or this could be social engineering.
These may be advertisements which prevent to look and feel like a very trusted entity. They give the look and feel of your own browser or website. A social engineering attack like embedded content, gives the look and feel of a trusted entity like a bank and tricks you into sharing critical information.
These could be bank passwords or login IDs. You might click on an ad link which leads to malicious content. You could be tricked into clicking on an image which says your software is out of date and asks you to click on the update button. There could be a survey button which tricks you into revealing personal information,
What is malware infection type: “Server configuration”?
You must have noticed URLs with the malware infection type “Server Configuration” in your google search console. What does this mean?
This means your website has been compromised by hackers. The hackers are redirecting visitors from your site to a malware attack site. This is done by modifying your server configuration files. The site administrator can specify URL redirects for specific files/directories to server configuration files.
How to check “ Server configuration” malware type?
How to fix the “Server Configuration” malware type?
You can easily clean up the site by replacing server configuration files. This can be done by using a good backup or deleting malicious codes on your existing files. You must then restart the web server so that the new configuration files can be made active.
These steps should help fix the server configuration malware type problem:
i. What is malware infection type “SQL injection”?
If you see your pages in the google search console marked with malware infection type “SQL injection”, what could it mean? This definitely means your site's database is compromised. A hacker could have inserted malicious code into every record of the database table.
The server would load pages which need information from your database. Malicious code gets embedded into the content in the pages. Any visitor who visits the site is affected by the malicious code.
You have the in-band SQL injection where a hacker uses the same communication channel to simultaneously launch an attack and also gather information from the site.
In this malware infection, hackers insert malicious SQL codes by retrieving data through errors, conditions or time. In error-based SQL injection, hackers fetch table names and content from database errors, easily identified through the production servers. Whenever an SQL query fails, a part or even the entire website fails to load. A false condition would be inserted by the hacker into the SQL query. This is done to test the vulnerability of the website.
If your website loads normally, the hacker knows there are vulnerabilities to exploit. The hacker then puts a wrong query and if your website doesn’t work, as usual, you are subject to an SQL injection attack. You also have the SQL injection done through the time-based query. Hackers instruct your database to wait for sometime before responding. (Hackers may instruct the database to sleep for 5 seconds).
How to check malware infection type “SQL injection”?
This is a technique where hackers use SQL statements which are malicious to harm your website. This is dangerous as financial data, credit cards and even passwords are compromised.
Look out for PHP functions which can be easily exploited. Check for any unknown links or even iframes in your website. There would be redirect links and malicious iframes if your website is compromised. You can also check for SQL injection attack through database scanning using WordPress malware removal plugins.
How to fix malware infection type “SQL injection”?
1.What is malware infection type “ Code injection”?
When you see pages marked with malware infection type “ code injection” what does it mean? It means the pages on your website have been modified to include malicious code. This could be an iframe or even a malware attack site.
2. How to check malware infection type “Code injection”?
You must never use a browser to view the infected pages. Malware exploits browser vulnerabilities and this could damage your computer.
Check for harmful code on your site. You would have to search for words like an iframe. This helps find iframe code. Also look for keywords like script, eval and unescaped.
You can check with Google to see if they have found any issues with your website. Google site checker is a free tool which helps you do this. Use the “health” menu from the google console to check the health of your website.
Use the Sucuri site check to run a manual malware scan. You get an idea of spam and website defacement. Sucuri has automatic site recovery and even the ability to reset your (user) passwords. Use the SiteLock to scan your site for malware, code injections which are malicious, iframes, scripts and even backdoors. This gives an idea if your website has ever been blacklisted by ISPs.
3. How to fix malware infection type “Code injection”?
You have two ways to fix the problem. You can replace all the affected files on your website or remove spammy content and links from every page on your website.
What is malware infection type: Error template?
In this type of malware infection, the template which is used for error messages like the 404 File not Found is configured to make sure malware is distributed. This helps attackers launch attacks on the URLs which don’t even exist on your website.
How to check malware infection type “Error Template”?
Do remember the age-old rule. Opening infected pages on a browser can damage your computer. Use cURL and Wget for HTML requests. They confirm if you have been subjected to a malware attack. Go online to use these tools. cURL and Wget return 404 status code and also the source code used to distribute the malicious malware code.
You will have to log-in to the server to investigate your server configuration file for any error page directive.
How to fix malware infection type “Error Template”?
You would have to replace .htaccess files with a good backup. You could even delete unwanted Error Document directives. Clean all actual error files. Restart the web server so that all the changes made take effect.
Check: Htaccess Redirect Generator
What is cross-site malware warnings?
When you visit any web page, Chrome check (a type of browser checks the content. The purpose is to check if stuff is potentially dangerous. If any dangerous malicious code is detected, the browser sends a warning alerting users. The site is flagged “malicious” which alerts the webmaster. This helps protect potential users and keep their computers safe.
Sometimes the currently viewed site is not flagged on the safe browsing list. You might still see a warning on the browser. This is because the site might have attempted to load some content from a different browser. Malicious code could be present and this is a cross-site warning. You could see a browser interstitial with the following graphic.
How to check cross-site malware warnings?
The first thing you must do to check cross-site malware warnings is to locate and remove the reference to your domain, which is triggering the browser warning. You get a warning of questionable content. Remove content from the domain and the warning stops. You could all find details in the security issues section of the google search console.
However, if any page on your website is including any content from a flagged site, and this is happening without your knowledge, the problem is serious. Your site has been compromised. Use Help for Hacked Sites recovery protocol to quarantine the site. This helps access damage and cleans up the site.
How to fix cross-site malware warnings?
XSS or cross-site scripting is a client-side code injection attack. The hacker injects malicious code in a legitimate website. When a victim visits the webpage, the malicious code attacks your browser. The webpage serves as a vehicle to deliver the malicious code to your browser. The forums, message boards, and web pages which allow comments are used for cross-site scripting attacks.
The best way to stay safe from cross-site scripting attacks is to sanitize all your inputs. Your application code receives inputs which it converts to output data. Make sure this doesn’t happen without checking for malicious codes.
Choose a library which has been regularly maintained by a very reliable source. Update your filters regularly so that you are safe from XSS attacks. Use XSS protect to stay safe from HTML code attacks. Use HTML purifier to keep your data safe.
Use escaping from XSS. In this technique, you tell the browser that the data you are sending must be treated and interpreted as data and not anything else. Even if there is a script put on your page by a hacker, it doesn’t affect you if the escaping technique is done in the right manner. The browser will not execute the malicious script.
You can escape dangerous characters in HTML by using &# sequences, followed by the requisite character code. This is character escaping. Take a look at the common escaping libraries: They are ESAPI and AntiXSS offered by Microsoft. Don’t try escaping everything. Your own HTML markup and scripts will not work. This will render your page useless. This is when you must use ESAPI and AntiXSS libraries.
What is a content injection?
When a hacker adds spammy links to your webpage, you are subject to content injection. Injected content could be pharmaceutical terms or any other spam which is basically unrelated to your site.
If you have left a directory with open permissions by mistake, (basically an insecure directory), hackers gain access to your website. There could be vulnerabilities in the content management system or CMS, which is exploited by hackers.
Let's say you are running an older version of Wordpress, vulnerable to hacking. You might be using third-party plugins on your website. This makes you vulnerable to content injection.
How to check content injection?
You may check the browser quite often, but there’s no evidence of hacking, this is because hackers use cloaking techniques to hide spammy content. These are some of the methods which say you’re hacked.
How to fix content injection?
You must replace affected sites with a good backup or remove spammy content from each page. Check for pages which are hacked using “site”. Use the fetch feature to confirm that the changes made, fix the hacking. Update any software which is running on your site. This could be an old WordPress installation.
Enable automatic updates on your websites. Use the latest versions to stay protected from the content injection. Use WordPress protection services to stay protected from malware attacks. Use validation, sanitation and escaping to stay safe from XSS attacks.
What is URL injection?
A malicious individual could attack your website with dangerous code. This makes it look like you are giving credit to a detrimental site. Wordpress runs on a database-backed platform. It executes many PHP server-side-scripts. This makes it vulnerable to attacks. This could be a URL injection or even malicious link insertion.
You could face URL injections when a hacker attempts to manipulate the online database through commands sent by the URL. New pages could be created throughout the website by the attackers.
Dangerous bits of spam and code could be inserted in your website, which makes it a potential threat to visitors. The malicious code redirects your visitors to dangerous places. Hackers gain access to your site by exploiting vulnerabilities in older software versions, hacking third-party plugins and manipulating unsecure directories.
How to check URL injection?
You can confirm that new pages are added to your site, even if you are offline.
How to fix URL injection?
Day by day many sites getting hacked and makes harmful to the visitors. These harmful sites will significantly drop in organic search results and business owner lose their revenue overnight. To avoid these kind of attacks, the website should be updated with the growing technologies with more security.
Here are the Certain Guidelines to Improve Website Security,
2) If they using any CMS (Content Management System) like WordPress, Joomla, and other technologies, make sure it is be updated regularly along with addons.
3) Buy and Install SSL certificate from the hosting provide and make your site secure with 'https'. If you are unable to purchase the SSL, then use the free SSL certificate called 'Let's Encrypt' and make your site secure.
4) Regularly clean-up the unwanted codes and improve the code structure to avoid security attacks. So hire a freelance developer in case you don't have time to do it.
Security Tools: Google Malware Checker