Thousands of new malicious websites are detected every day by Google. Some of these badware websites are developed for malicious purposes, but most are legitimate business, academic, personal, and other sites that have been infected without even the knowledge of their owners.

If Google detects badware on your website, you or your visitors may see a warning saying, “This site may harm your computer.” If Google has detected malware on your site, it will furnish you with details about bad code their systems detected on your website. Google will typically send notification emails to the following addresses on your site:

  • administrator@
  • contact@
  • info@
  • abuse@
  • admin@
  • webmaster@
  • postmaster@
  • support@

The remaining part of this article will help webmasters remove website hacks and Google warnings allowing them to restore websites and reclaim visitors, revenue, and SEO rankings.

Review Warning Status

  • Recognize website security warnings

    Your website gets blacklisted because Google scanned your website and detected harmful behavior. Google is responsible for protecting its users from dangerous websites that show up in their search results. Websites that repeatedly get blacklisted for malicious behavior are limited to just one review every 30 days. The big red splash page including the warnings next to your website in Google's search results have been designed to prevent visitors from entering your website. Websites actually lose about 95% of their traffic when blacklisted by Google.

  • Review diagnostic pages

    All the red warning pages will link to another page that explains why the website is being blacklisted by Google. The main button on the page is for visitors, and mostly reads something like, Get me out of here or Back to safety. However, there is always another link for the website owner to find out more.

  • Scan for malware

    For efficient malware scanning, you can use Comodo cWatch – a web security tool capable of efficiently detecting malware, removing it and also preventing further malware attacks. our free tool, Comodo, to scan your site and find malicious payloads, malware locations, security issues, and blacklist status with major authorities.

Fix Blacklist Symptoms

  • Remove file infections

    To execute complete malware removal, you will have to edit files on your server. Get professionals to clean your website if you are not comfortable with this procedure.

  • Clean hacked database tables

    You can remove a malware infection from your website database by using your database admin panel to connect to the database. Follow the steps given below in order to manually remove a malware infection from your database tables:

    • Log into your database admin panel.
    • Create a backup of the database before executing changes.
    • Search for suspicious content.
    • Open the table containing the suspicious content.
    • Manually remove any suspicious content.
    • Test to confirm the website is still operational after changes.
    • Remove any database access tools that could have been uploaded by you.
  • Prevent reinfection

    Understand that hackers always leave a way to get back into your website. Malicious admin users, multiple backdoors, and overlooked vulnerabilities are constantly detected. To prevent reinfections, make sure not to overlook user accounts. Stolen passwords can enable hackers to get back into your website. To clean up your user accounts:

    • Confirm all website user accounts are valid:
    • FTP/SFTP/SSH users
    • CMS users
    • cPanel accounts
    • Hosting company logins
    • Database administration panels
    • Change all passwords for all users.
    • Enable two-factor-authentication if it is available.

Final Steps

  • Get Google Search Console

    To remove the blacklist warning you need to allow Google to know that you have entirely cleared the infection. To do this, you will need to have a Google Search Console account (formerly Webmaster Tools).

  • Request security review

    By failing to request a review you are actually allowing Google to assume that you have not completed the site cleanup. By requesting a review, you are indeed telling Google that you are ready for them to rescan your website.

  • Website protection

    You should also consider employing more steps to strengthen and protect your website. This includes maintaining a good website backup strategy, applying updates, implementing website security controls, and managing user privileges. This is website firewalls play a major role as they were developed to surround your website with a professional defense system. This entire concept of protecting your website and using a good website firewall can be successfully applied by installing a web security tool like Comodo cWatch. This tool is available with a web application firewall (WAF) that is capable of eliminating application vulnerabilities and protecting websites and web applications against advanced attacks like SQL Injection, Denial-of-Service (DDoS), and Cross-Site Scripting. This WAF provides strong security that is wholly managed for customers as part of the Comodo cWatch Web solution.

Benefits of using the Comodo WAF

  • Zero Day Immediate Response

    Provides regular updates of virtual patches for all websites under management and instant response to apply a patch for the zero day attacks when they become known to the public.

  • Stop Website Attacks and Hacks

    Protects vulnerable websites by detecting and removing malicious requests and stopping hack attempts. This WAF also focuses on application targeting attacks, for example, WordPress and plugins, Drupal, Joomla etc.

  • Malicious Bot and Brute Force Prevention

    The Comodo WAF blocks malicious bots and brute force attacks from websites. It provides protection of account registration forms and login pages from different attack vectors including protection from application denial of service, web scraping, and reconnaissance attacks.

  • Distributed Denial of Service Protection

    Globally-distributed Anycast network allows efficient distribution of traffic. It explicitly blocks all nonHTTP/HTTPS-based traffic, with a current network capacity in excess of 1 TB/s. Each PoP has multiple 10G and 100G ports, designed to scale and absorb extremely large attacks.

Other layers of protection offered by the cWatch web security tool include:

  • Malware Monitoring and Remediation:

    Detects malware, provides the methods and tools to remove it, and prevents future malware attacks.

  • Secure Content Delivery Network (CDN):

    A global system of distributed servers to enhance the performance of websites and web applications.

  • Security Information and Event Management (SIEM):

    Advanced intelligence that can leverage current events and data from 85M+ endpoints and 100M+ domains.

  • PCI Scanning:

    Allows service providers and merchants to stay in compliance with the Payment Card Industry Data Security Standard (PCI DSS).

  • Cyber Security Operations Center (CSOC):

    A team of always-on certified cybersecurity professionals providing 24x7x365 surveillance and remediation services.