According to Google stats, there are more than 10 million harmful sites operating which are a source of scams and malware. Most of these sites are small business sites and personal blogs that have been compromised because of weak password security and use of outdated software. The Google Search protects users from these harmful websites by displaying “this site may harm your computer” whenever the user lands across an unsafe page. But this offers only a temporary solution. Unfortunately, most of the web masters don’t notice that there site is lacking security measures. Even if they do realize, they don’t have the expertise to do something about it.
To help webmasters with this mess, Google has teamed up with University of California, Berkeley to know the best way to reach webmasters quickly and help them with recovery. The full study which was represented at the International World Wide Web Conference can be read here.
Google says that by working directly with the webmasters, around 75% webmasters can be helped with re-securing their websites. The whole process takes 3 days on an average. Last year, Google detected that 800,000 websites had been compromised. Every week, around 16,500 new sites are added. To aid webmasters Google has come up with some effective measures:
- Contact the webmasters – Google puts it as the hardest step in the entire process. Google will use three channels (browser warnings, search and email) to contact the webmasters. With webmasters who have registered their websites with the Search Console, Google was able to help 75% of them to re-secure their websites.
- Sending tips and samples of compromised pages to the webmasters – Google emails tips and tricks to the webmasters on how they can avoid the traps and maintain the security of their website. This helps in expediting the clean up process by 62%.
- Ensure site stays clean post clean up – Google monitored the re-secured sites and found that 12% of them were again compromised in a month. Therefore, it is important to ensure that attackers don’t attack the site again.
- Security notifications and Search Console – Google insists that all the webmasters should register with Search Console and Google Analytics to reduce the risk.
- Use updated software and add additional authentication measures.