I post at SearchCommander.com now, and this post was published 9 years 4 months 12 days ago. This industry changes FAST, so blindly following the advice here *may not* be a good idea! If you're at all unsure, feel free to hit me up on Twitter and ask.
With 100% certainty, I can say that Google Webmaster Tools Malware warnings are not arriving consistently, and there’s a breakdown in their system.
In the last two months, there have been three instances where although malware has been found, no malware notification message ever arrived in the message center at all, despite the fact that they ARE identifying malware.
Since a message never arrives in WMT message center, it never gets forwarded to an email notification you may have set up, so the only way you might find out you have malware is if you stumble across it in the SERPs, or worse, when you get phone calls or emails from your web visitors!
If you’re really on the ball, and you click into the link your domain, then you see the giant red warning, but it is NOT sending all of the malware notifications.
Today I got a message from a long time (6 yr) web hosting client that they could not get to their domain, and that “something is wrong” when they search for their name.
I tried typing in their domain, and saw a warning page in Chrome, which made me realize that it had been compromised in some way.
I know that it’s just an old Microsoft Front Page site, but rather than visit and get infected, I searched for their name, and there theres that ugly warning.
Well THAT really ticks be off, because coincidentally, they had a problem a long time ago, so their domain is in my own Webmaster Tools account, and I KNOW that I missed no email, NOR did Heather or Brad .
(Heather is our lead programmer, and Brad is my friend / cohort / employee. in fact, he’s the one that first showed me a Windows computer online with Prodigy in 1992, when I think I called it “an F-ing stupid waste of time” )
Malware Notifications in WMT Message Center
Here’s every message I’ve gotten in the past year in my Webmmaster Tools message center…
The message center is where you usually would see that there’s a problem, and I see that main screen frequently.
However, when I actually took the time to click INTO A DOMAIN inside Webmaster Tools, (something I might rarely do if I have no reason to), it was a completely different story, and CLEARLY there’s a critical problem!
The specific details of what was wrong don’t matter for this post, and I first wrote three years ago about how to get cleaned up, the point is that we are relying on notification, Google!
Malware Notification is Critical
In Gmail, we have filters set so that when one of these warnings DOES come, it gets CC’d to all the parties that need to know.
This is not the sort of email that you can afford to “miss” because you weren’t paying attention, and naturally, you want to know the very second something thats such a business killer gets discovered.
Do you REALLY need this happening to your vistors?
Just to be sure there wasn’t something i missed, I also looked in Gmail, and although the other one was there from September 12, this one was missing.
Anyway, we got it cleaned up, and all will be fine, but can you imagine how catastrophic this could be for a very busy site?
This shouldn’t be happening, Google
Are we supposed to assign someone to click into every domain every day, just to make sure we don’t have malware?
That could be 100’s or thousands a month for us, on several accounts, and it’s just impractical – Here’s just a snapshot of my own account !
Why can’t we depend on something as simple and critical as a malware notification?
*** Update Monday morning 9/20 – 3 Days Later********
No changes, so I’ve now submitted a reinclusion request, as opposed to “just” the malware review, so maybe this will help?:
We are showing a malware warning for visitors, but we received no warning message in Webmaster Tools message center.
In another note, there’s an ongoing problem with another site where someone’s Chrome browser is reportedly showing him a “Warning domainname.com contains elements of domain2.com which appears to host malware.
I’ve not seen it myself at that domain, and it loads fine for me, but that’s his screenshot above, so I know he’s not crazy!
I’ve verified that his domain is also showing no warning in Google Webmaster tools, and there’s nothing in the message center either, and his test at Unmask Parasites comes up clean too.
Interesting… Let’s see what happens next!