April 19, 2008

Banning by Computer, Repairing by Hand, Google KOs TechWag

For many blogs, Google traffic sends the overwhelming majority of visitors. TechWag, a technology blog authored by Dan Morrill, claims Google constitutes upwards of 80 percent of traffic. Or it did... because earlier this week, Google identified his site as harmful, and instead of sending people to his site, would-be visitors are instead warned that by visiting TechWag, their computer could be harmed (See why). As a result, traffic has, as you would expect, evaporated.

Dan walked through his site, contacted his hosting company, and resolved the issue, before April 16th. But by the 19th, the issues still have not been resolved. As he writes in a post today (We are not a Malware Site), "Google is going to take its own sweet time cleaning up the disaster in their index. It does not matter how fast you clean it up... what matters is how fast Google can clear an erroneous flag in their database."

Google Warns Visitors to TechWag.com

Dan estimates it took five hours for Google to block his site, and another five hours to resolve the initial issue. But Google's Webmaster tools claim resolving the block will take "several weeks", and they "unfortunately ... can't reply individually to each request."

Google's not being evil, and was well-intended to steer would-be victims from what could have been seen as untrusted code. But the disparity of time taken to block and that taken to fix is going to have a real toll on Dan and his site. And while I may not be the biggest fan of ads on blogs, Dan does have them, and if he was looking to get any kind of paycheck off this week's activity, he's going to be sorely disappointed.

After Clicking the Link in Google...

As he writes, "Come on Google, if you are going to kill off a web site, at least have the courtesy to respond at Internet speed. Taking two weeks to check to see if we are “ok” is absolutely unacceptable."

Why can I read his site? Because I trust him and TechWag. It's a great blog. (Also I use a Mac, so I'm not too worried...) Too bad most visitors from Google are likely going to be scared away. I dare you to take the risk. Go to www.techwag.com and sign up for his RSS feed. It won't hurt. I promise.


  1. While I can't say exactly what happened, I did write about how Wordpress blogs -- and other sites *not* running Wordpress -- have been compromised, with scripts being secretly added, invisible code added to templates and a whole bunch extra.

    Its possible that Techwag's security has been compromised and they may not even realize it.


    Secondly, as someone who's own blog was compromised and dropped from the index, I can corroborate that the time it takes to re-instate it is absolutely glacial.

    t @ dji

  2. this is even worse in Firefox 3

    if you try to get to the site, it blocks with the only options being "get me out of here" or "explain" with no passthrough option.

    essentially if you are on ff3, that site is not available to you.

  3. Your comments apply to a blog or other web site that have been somehow compromised by a third party.

    Suppose someone intentionally sets up a web site to spread malware? Should such a site be taken off the list within hours of removing the offending code?

    One has to ask if there was malicious intent on the part of the operator, or was it incompetence, or was the operator fully innocent. How do you automate the answering of those questions?

  4. May be the solution to this would be to have a paid fast line: you do no pay -> 2+weeks. You pay $300.00 and your request gets reviews in less than 2 days. This would at least offer the choice to the site owner.

  5. Google is the main path to my Blogging door. It's amazing the kind of power "search engines" have nowadays...

  6. Live by the Google, Die by the Google. You simply can't have it both ways.

  7. Thank you for the write up, Interesting ideas from the commenters, and there are some valid points.

    I have about 20 years in information security, so I was very aware of the hidden links, so I used firebug to load the site and used pharos to ensure that firebug didn't miss anything on the hidden links bit.

    The issue was with a bad backup from the hosting company, their global.config file had a link injected, so everyone on that server has the same issue, some 2000 sites when I checked.

    This makes for some very interesting reading, when you tear apart what was on the other side of the link (also at ittoolbox) the badware was old, most everyone with a semi-modern browser would never have gotten infected. Anyone with working AV would never even have seen it.

    The idea of subverting blogs and the interlinked connections of blogs as well did provide fodder for my other blog at ITToolbox because this can be a very neat thing to accomplish, and if we can think about it, that means that people are already doing it.

    I would pay google 300 dollars to wax their malware link.

    thanks for the write up, I do appreciate it.


  8. @JASG -- can you contact me if you have a minute?

    I'd love to do a follow up story on Wordpress security and wanted to ask a few questions.

    anthony {dot} hung {at} gmail {dot} com ... many thanks.

    tony hung