---

New Google Search Console Security Issues - Check It Out

Google has rolled out the new search console to website owners across the globe. Previously known as Webmaster Tools, the new google search console helps those who maintain websites, analyze the site’s indexation on Google Search, view and check analytics, go through the inbound links, detect malware and also submit or remove content for crawling.

The google search console is a free service which is offered by google. It helps monitor, maintain and even troubleshoot the website’s presence in the google search results. The new google search console helps you get an idea and even improve the way, google sees your site.

Google launched a new version of the google search console in January 2018. This is a free platform which helps you and other website owners get an idea and monitor how google views your website and optimizes the organic presence. You get an idea on the referring domain, the mobile site performance; the rich search results, and even the highest traffic queries and pages.

The new search console brings transparency to google’s indexing, enhances two-way communication between google and the website owners, resolves issues and has a faster user-interface.

Issues faced by the new google search console: Sadly, the new google search console has its share of problems. Many website owners were seeing their pages drop out from the Google search index. These issues were visible on the google search console. This was the result of a technical issue at google, which has since been resolved.

All the affected URLs stand reprocessed. This is a stark reminder that website owners are still at the mercy of technical issues, bugs and glitches. Many problems with the new google search console stand unresolved.

The AMP crawl issue: Many users are facing problems when they check the google search console. This is due to the AMP crawl issue. A crawl issue is one where a search engine tries to reach your page on the website but fails. Google has acknowledged, this is a bug from their end and immediate action has been taken.

The accelerated mobile pages or AMP crawl issue negatively impacts mobile traffic and causes a drop in mobile rankings. Google has addressed this issue, though it continues to occur. Thankfully the frequency is low.

Mobile SEO is a crucial part of the search. Any issue damages rankings and the AMP crawl issue has resulted in hundreds of error reports hampering the user experience. Most of the issues can be resolved through the validation fix. More serious issues need assistance.

Check the google search console on an hourly basis to check if bugs on your site have been removed. Go for mobile optimization and update webpages which might be the cause of these issues. Serious issues need more assistance.

AMP optimizes the mobile user experience and makes pages more visible on smartphones. The AMP crawl issue on google search console shows the impact of crawl error on search traffic and the need for monitoring traffic very closely.

The google search console is a free app which helps identify, troubleshoot and resolve issues as google attempts to index your website page in the search results. The most powerful feature of the new google search console is the Index coverage report. This report gives a list of pages, google tried to crawl and index. Any errors encountered are also mentioned.

Indexing bug: The new google search console is still affected by the indexing bug. What is this indexing bug? Many website users have noticed that index coverage and enhancement reports in the google search console have not been updated recently. The URL inspection tool is returning data which is not reflective of the live status.

Google has stated that the URL inspection tool may still be used to resubmit pages. But, the status report may be incorrect. The indexing bug issue has been resolved for the search results. This means your pages are indexed even if the google search console doesn’t say so.

If you want to be sure that your pages have been indexed, use the ‘site:’ search. If there’s still an issue, its most likely specific to your site. Any site-specific issues can be resolved by submitting a thread to the google webmaster community message board.

How was the indexing bug issue resolved? On 4th April some site owners and SEOs reported a significant amount of site’s pages missing from the Google Index. Google confirmed there was a technical issue affecting the search index. By April 10th Google had resolved the issue in search results. On April 15th Google confirmed that the issue persists in the google search console. Google will soon resolve the indexing problems you face.

1. What is social engineering?

Social engineering is basically manipulating people to give up confidential information. Criminals seek access to your computer to secretly install malicious software. This gives them access to banking information and important passwords. Criminals can trick you into parting with crucial banking and financial information.

This method of cheating is called social engineering as criminals exploit trust to hack into your computer. Why do criminals use social engineering? Its easier to trick you into giving private confidential information, rather than hacking into your computer system.

Security is all about trust. You must know whom to trust and when to trust, the same holds true with online security. Do you trust the website you use to be legitimate?

Why is social engineering so successful? The biggest loophole in any security system is the human and his weakness to trust. No matter how much security you have, if you let the man who calls himself an electrician into your house, you are at risk to the threat he represents.

Types of social engineering:

Phishing:

A phisher sends an email, text message or a comment, which appears to come from a legitimate source. This could be a Company, school, bank or a financial institution.

Phishing performs a variety of functions like the extraction of login credentials or even bank account information from the victims.

Phishing relies on social engineering, and the use of social networks like Facebook, Twitter, and Linkedin to collect critical information on the intended victim's interest, habits and work history. Electronic communication methods like email, SMS text messages or even social networks are used to persuade the victim part with confidential information.

Deceptive content:

Deceptive content tricks you into doing something you would do, only for a trusted person or an entity. This could be calling up the tech support or sharing a password, downloading some software or even downloading or sharing content which contains an advertisement. Deceptive content also tricks you into downloading and installing unwanted software.

Insufficiently labelled third party services:

The third-party service operates a site on behalf of another person or entity. Make sure there’s a clear definition between the first party and the third party. Let's say you (the first party) run a charity event through your website. A donation management website (This is basically a third party website), manages this activity.

The third-party site must clearly state that it's action on behalf of the charity event (On your site) or this could be social engineering.

Embedded content:

These may be advertisements which prevent to look and feel like a very trusted entity. They give the look and feel of your own browser or website. A social engineering attack like embedded content, gives the look and feel of a trusted entity like a bank and tricks you into sharing critical information.

These could be bank passwords or login IDs. You might click on an ad link which leads to malicious content. You could be tricked into clicking on an image which says your software is out of date and asks you to click on the update button. There could be a survey button which tricks you into revealing personal information,

How to fix social engineering problems?

• Check your website in the google search console. There must be no new suspicious owners added.
• Check if your website is listed as having contained deceptive content.
• Make sure your website doesn’t have deceptive content. No ads, popups or links must redirect to suspicious third-party URLs.
• Make sure the ads, embedded third-party resources or images on your website are not deceptive.
• Ads could appear different in mobiles and desktops. Check out both mobile and desktop views using the URL inspection tool.
• You may be using third-party services like payment services on your site. Follow the requisite third-party service guidelines.
• You must remove all social engineering content on your website and then request for a security review, which could take several days.
• If you are using the services of a third-party site, make sure users understand this by placing the third party brand in such a way that users see it clearly.
• State the relationship between your website (first-party) and the third party by giving a link. Take this example: This service is hosted by ABC.com on behalf of XYZ.com.
• Always use industry standards third party for basic support services.
• Check every file on your website for anything suspicious.
• Never reply to any message which asks you to do so with personal or financial information. Its most probably a scam.
• Genuine companies never contact you offering help, especially if you never asked for it. If you get offers which say they will help you restore credit score or balance transfer your home loan, it’s a fake. Never entertain requests from a charity you have no relationship with. This will keep you safe from scams.
• Always set your spam filters on email programs high, to keep out spam. Periodically check the spam folder to see if genuine emails have been accidentally trapped.
• Install the latest anti-virus software, firewall and email filters on your computing devices, Make sure your smartphone automatically updates to stay up-to-date.

2. Malware infection type: Server configuration

What is malware infection type: “Server configuration”?

You must have noticed URLs with the malware infection type “Server Configuration” in your google search console. What does this mean?

This means your website has been compromised by hackers. The hackers are redirecting visitors from your site to a malware attack site. This is done by modifying your server configuration files. The site administrator can specify URL redirects for specific files/directories to server configuration files.

How to check “ Server configuration” malware type? 

• Never use a browser to view or take a look at the infected pages on your website. Malware exploits browser vulnerabilities to spread rapidly. If a page is infected by malware, it can damage your computer.
• Always login to your server through the terminal access. Make sure to review the necessary server configuration files. Hackers may have modified more than a single server configuration file. Look for redirects where hackers configure the site to make a redirect to malware attack sites.
• Check the entire file. Most times hackers add malicious code at the end of the files and this can be easily missed.
• Look for cron jobs which hackers create to continuously update the .htaccess file. They could be found at several locations, so look carefully for them.

How to fix the “Server Configuration” malware type?

You can easily clean up the site by replacing server configuration files. This can be done by using a good backup or deleting malicious codes on your existing files. You must then restart the web server so that the new configuration files can be made active.

These steps should help fix the server configuration malware type problem:

• You must first back up the database and all site files. This is the backup of your entire server.
• You then download the backup files and thoroughly examine then.
• Make sure that public_html folder files are deleted.
• You must then reinstall WordPress. This sets you free from any hacked codes.
• Reset all passwords and permalinks. Contact a professional to make sure no malicious code has been left behind.
• You will have to reinstall plugins and themes. Do not upload old plugins and themes.
• You then upload the images from the backup. You will have to examine each year/month folder to make sure there are only image files. There must be no PHP or Javascript files. Only once you are sure, upload image files to the server.
• Scan the entire computer for any viruses or malware.
• Install and activate all security plugins. 

3. Malware infection type: SQL injection

i. What is malware infection type “SQL injection”?

If you see your pages in the google search console marked with malware infection type “SQL injection”, what could it mean? This definitely means your site's database is compromised. A hacker could have inserted malicious code into every record of the database table.

The server would load pages which need information from your database. Malicious code gets embedded into the content in the pages. Any visitor who visits the site is affected by the malicious code.

You have the in-band SQL injection where a hacker uses the same communication channel to simultaneously launch an attack and also gather information from the site.

In this malware infection, hackers insert malicious SQL codes by retrieving data through errors, conditions or time. In error-based SQL injection, hackers fetch table names and content from database errors, easily identified through the production servers. Whenever an SQL query fails, a part or even the entire website fails to load. A false condition would be inserted by the hacker into the SQL query. This is done to test the vulnerability of the website.

If your website loads normally, the hacker knows there are vulnerabilities to exploit. The hacker then puts a wrong query and if your website doesn’t work, as usual, you are subject to an SQL injection attack. You also have the SQL injection done through the time-based query. Hackers instruct your database to wait for sometime before responding. (Hackers may instruct the database to sleep for 5 seconds).

How to check malware infection type “SQL injection”?

This is a technique where hackers use SQL statements which are malicious to harm your website. This is dangerous as financial data, credit cards and even passwords are compromised.

• Scan your server for malicious infection type “SQL injection”.

Look out for PHP functions which can be easily exploited. Check for any unknown links or even iframes in your website. There would be redirect links and malicious iframes if your website is compromised. You can also check for SQL injection attack through database scanning using WordPress malware removal plugins.

How to fix malware infection type “SQL injection”?

• You must first investigate the cause of malware injection and remove all malicious code. Restore all infected files from the backup.
• Make sure to secure using plugins.
• Hide WP-Content uploads. This makes it hard for hackers to attack your site.
• Make sure the WP installation is up to date.
• Use a firewall. A firewall monitors incoming traffic and blocks a malware attack. There are plenty of cost-effective firewalls which can do the job.
• Make use of penetration testing to keep your website safe. This is a simulated attack which is performed against a web application or computer system. It checks for vulnerabilities and helps you fix them.

4. Malware infection type: Code injection:

1.What is malware infection type “ Code injection”?

When you see pages marked with malware infection type “ code injection” what does it mean? It means the pages on your website have been modified to include malicious code. This could be an iframe or even a malware attack site.

2. How to check malware infection type “Code injection”?

You must never use a browser to view the infected pages. Malware exploits browser vulnerabilities and this could damage your computer.

Check for harmful code on your site. You would have to search for words like an iframe. This helps find iframe code. Also look for keywords like script, eval and unescaped.

You can check with Google to see if they have found any issues with your website. Google site checker is a free tool which helps you do this. Use the “health” menu from the google console to check the health of your website.

Use the Sucuri site check to run a manual malware scan. You get an idea of spam and website defacement. Sucuri has automatic site recovery and even the ability to reset your (user) passwords. Use the SiteLock to scan your site for malware, code injections which are malicious, iframes, scripts and even backdoors. This gives an idea if your website has ever been blacklisted by ISPs.

3. How to fix malware infection type “Code injection”?

You have two ways to fix the problem. You can replace all the affected files on your website or remove spammy content and links from every page on your website. 

• You must first scan your site to locate the malware. Scan multiple websites on the same server.
• Confirm core file integrity. You can manually check files using SFTP.
• Check all recently modified files. To do this use terminal commands on Linux.
• Use google diagnostic tools to determine the security of your website.
• Make sure to clean all hacked website files. Clean all hacked database tables. Make sure to secure all user accounts.
• You would have to remove all hidden backdoors. Get rid of malware warnings.
• Make sure to update and reset all configuration settings. Reset passwords and generate new secret keys. You will have to harden the server (This makes it difficult for hackers to attack your website). Use backups as a safety net.

5. Malware infection type: Error Template:

What is malware infection type: Error template?

In this type of malware infection, the template which is used for error messages like the 404 File not Found is configured to make sure malware is distributed. This helps attackers launch attacks on the URLs which don’t even exist on your website.

How to check malware infection type “Error Template”?

Do remember the age-old rule. Opening infected pages on a browser can damage your computer. Use cURL and Wget for  HTML requests. They confirm if you have been subjected to a malware attack. Go online to use these tools. cURL and Wget return 404 status code and also the source code used to distribute the malicious malware code.

You will have to log-in to the server to investigate your server configuration file for any error page directive. 

How to fix malware infection type “Error Template”?

You would have to replace .htaccess files with a good backup. You could even delete unwanted Error Document directives. Clean all actual error files. Restart the web server so that all the changes made take effect.

Check: Htaccess Redirect Generator

6. Cross-site malware warnings

What is cross-site malware warnings?

When you visit any web page, Chrome check (a type of browser checks the content. The purpose is to check if stuff is potentially dangerous. If any dangerous malicious code is detected, the browser sends a warning alerting users. The site is flagged “malicious” which alerts the webmaster. This helps protect potential users and keep their computers safe.

Sometimes the currently viewed site is not flagged on the safe browsing list. You might still see a warning on the browser. This is because the site might have attempted to load some content from a different browser. Malicious code could be present and this is a cross-site warning. You could see a browser interstitial with the following graphic.

How to check cross-site malware warnings?

The first thing you must do to check cross-site malware warnings is to locate and remove the reference to your domain, which is triggering the browser warning. You get a warning of questionable content. Remove content from the domain and the warning stops. You could all find details in the security issues section of the google search console.

However, if any page on your website is including any content from a flagged site, and this is happening without your knowledge, the problem is serious. Your site has been compromised. Use Help for Hacked Sites recovery protocol to quarantine the site. This helps access damage and cleans up the site.

How to fix cross-site malware warnings?

XSS or cross-site scripting is a client-side code injection attack. The hacker injects malicious code in a legitimate website. When a victim visits the webpage, the malicious code attacks your browser. The webpage serves as a vehicle to deliver the malicious code to your browser. The forums, message boards, and web pages which allow comments are used for cross-site scripting attacks.

The best way to stay safe from cross-site scripting attacks is to sanitize all your inputs. Your application code receives inputs which it converts to output data. Make sure this doesn’t happen without checking for malicious codes.

The easiest way to protect your data from cross-site scripting is to pass all external data through a filter. This removes dangerous keywords like <SCRIPT> tag, CSS styles, and Javascript commands. Use a library which has been tested to keep your data safe.

Choose a library which has been regularly maintained by a very reliable source. Update your filters regularly so that you are safe from XSS attacks. Use XSS protect to stay safe from HTML code attacks. Use HTML purifier to keep your data safe.

Use escaping from XSS. In this technique, you tell the browser that the data you are sending must be treated and interpreted as data and not anything else. Even if there is a script put on your page by a hacker, it doesn’t affect you if the escaping technique is done in the right manner. The browser will not execute the malicious script.

You can escape dangerous characters in HTML by using &# sequences, followed by the requisite character code. This is character escaping. Take a look at the common escaping libraries: They are ESAPI and AntiXSS offered by Microsoft. Don’t try escaping everything. Your own HTML  markup and scripts will not work. This will render your page useless. This is when you must use ESAPI and AntiXSS libraries.

• Use HTML escaping when untrusted data has been inserted between HTML opening and closing tags.
• Use javascript escaping when untrusted data has been inserted inside one or more of your scripts.

7. Hacked Type: Content Injection:

What is a content injection?

When a hacker adds spammy links to your webpage, you are subject to content injection. Injected content could be pharmaceutical terms or any other spam which is basically unrelated to your site.

If you have left a directory with open permissions by mistake, (basically an insecure directory), hackers gain access to your website. There could be vulnerabilities in the content management system or CMS, which is exploited by hackers.

Let's say you are running an older version of Wordpress, vulnerable to hacking. You might be using third-party plugins on your website. This makes you vulnerable to content injection.

How to check content injection?

You may check the browser quite often, but there’s no evidence of hacking, this is because hackers use cloaking techniques to hide spammy content. These are some of the methods which say you’re hacked.

• Google free search console has a feature called “Fetch as Google” Use this feature to see pages on your website, just as google machines see them. Many hackers make changes to your site, which are visible only to google machines. This feature could be really handy.
• Make use of cURL and Wget to fetch pages on your website. You can check the source of your page, just as seen by a search engine. You also enjoy the flexibility to include a referrer. Hackers serve spammy content only to users with referrers. This helps them to operate undetected.
• Check for any suspicious content in the cURL and Wget output. Search for links which should not be there.

How to fix content injection?

You must replace affected sites with a good backup or remove spammy content from each page. Check for pages which are hacked using “site”. Use the fetch feature to confirm that the changes made, fix the hacking. Update any software which is running on your site. This could be an old WordPress installation.

Enable automatic updates on your websites. Use the latest versions to stay protected from the content injection. Use WordPress protection services to stay protected from malware attacks. Use validation, sanitation and escaping to stay safe from XSS attacks.

8. Hacked Type: URL injection

What is URL injection?

A malicious individual could attack your website with dangerous code. This makes it look like you are giving credit to a detrimental site. Wordpress runs on a database-backed platform. It executes many PHP server-side-scripts. This makes it vulnerable to attacks. This could be a URL injection or even malicious link insertion.

You could face URL injections when a hacker attempts to manipulate the online database through commands sent by the URL. New pages could be created throughout the website by the attackers.

Dangerous bits of spam and code could be inserted in your website, which makes it a potential threat to visitors. The malicious code redirects your visitors to dangerous places. Hackers gain access to your site by exploiting vulnerabilities in older software versions, hacking third-party plugins and manipulating unsecure directories.

How to check URL injection?

You can confirm that new pages are added to your site, even if you are offline.

• Do a “site:” search in Google. Do note that there must be no space between the site: operator and the name of your domain. With this query, you can easily check if there are any pages not added by you.
• Don’t use a browser to view these new pages. Malware present may exploit any weaknesses in your browser.
• You have webmaster tools and you can use “Fetch as Google” from google’s free search console. Many hackers make changes which are visible only to Google machines. Links could be added to your site when google is the referrer.
• You have cURL and Wget which can easily fetch pages. The source of a page can easily be viewed (The page is viewed the same way as a search engine). From the output of cURL and Wget, you can easily see any newly-added content, which looks suspicious.

How to fix URL injection?

• Remove new, URLs which are user-visible using the Remove URLs feature in the new google search console.
• Clean up the site and use the backup created, before the site was hacked.
• Remove all unnecessary software. These could be widgets, apps or plugins.
• Clean all servers by performing a clean installation and not just the upgrade.
• Update software and have automated backups of the site.
• Create strong passwords and all devices used to log in to the machine, must be secure. Know security practices of third-party software and plugins before making installation on the server as this affects the safety of your site.
• After the cleanup is complete, make sure the job is done. Finally, bring the site online.

Conclusion

Day by day many sites getting hacked and makes harmful to the visitors. These harmful sites will significantly drop in organic search results and business owner lose their revenue overnight. To avoid these kind of attacks, the website should be updated with the growing technologies with more security.

Here are the Certain Guidelines to Improve Website Security,

1) Suppose your website built with JavaScript, or PHP or .ASP or any other technologies, consult any web technology company or hire any freelancer to fix security issues or ask them to upgrade to Content Management System.

2) If they using any CMS (Content Management System) like WordPress, Joomla, and other technologies, make sure it is be updated regularly along with addons.

3) Buy and Install SSL certificate from the hosting provide and make your site secure with 'https'. If you are unable to purchase the SSL, then use the free SSL certificate called 'Let's Encrypt' and make your site secure.

4) Regularly clean-up the unwanted codes and improve the code structure to avoid security attacks. So hire a freelance developer in case you don't have time to do it.

Security Tools: Google Malware Checker