Solutions for the hijacked websites problem

[Free CISSP Exam Study Guide] Get expert advice that will help you pass the CISSP exam: sample questions, summaries of all 8 CISSP domains and more!

According to a group of researchers from Google and University of California Berkeley, roughly 16,500 new sites get hijacked each week and start serving drive-by-malware or scam content.

Obviously, they need to be cleaned, and the research group attempted to find out which type of notification will spur webmasters to do so more quickly and more effectively.

They tried different combinations of browser, search, and direct webmaster notifications, and it should not come as a surprise that the last option is the most helpful and the less punitive for webmasters.

“One of the hardest steps on the road to recovery is first getting in contact with webmasters,” the researchers explained. “For webmasters who proactively registered their site with Search Console, we found that email communication led to 75% of webmasters re-securing their pages. When we didn’t know a webmaster’s email address, browser warnings and search warnings helped 54% and 43% of sites clean up respectively.”

Google's hijacked websites detection, notification, appeals and cleanup process

The email notifications are also very helpful because they actually include tips and samples of exactly which pages contained harmful content, so the webmaster can find and remedy the problem faster (62% faster compared to when the notification contains no tips).

But keeping those sites clean is also a problem.

“We monitored recently cleaned websites and found 12% were compromised again in 30 days. This illustrates the challenge involved in identifying the root cause of a breach versus dealing with the side-effects,” the researchers noted.

“As we work to make the web a safer place, we think it’s critical to empower webmasters and users to make good security decisions. It’s easy for the security community to be pessimistic about incident response being ‘too complex’ for victims, but as our findings demonstrate, even just starting a dialogue can significantly expedite recovery.”

They advise webmasters to register for security notifications through Google Analytics and the aforementioned Search Console, as well as keeping their site’s software up-to-date and using additional authentication.

Hosting providers, on the other hand, are urged to establish a reliable communication channel with their customers, and offer them help in cleaning compromised websites. After all, keeping the Internet clean of malware and scams benefits everybody.

More details about the research can be found in this paper.