The world wide web can be a magical place. You can connect with friends, watch movie trailers, order food, deposit checks, and so much more. But it can also be a scary place where your personal information, website, server, or computer is at risk.
To make the web a safer place, governments, search engines, and other authoritative bodies have begun implementing safety laws, protocols, and standards over the years, like the Cyber Intelligence Sharing And Protection Act (CISPA) and PCI Data Security Standard.
Another safety measure that’s been enacted is URL blacklisting. URL blacklisting is designed to prevent consumers from visiting malware or phishing sites. If you’ve ever clicked on a link and gotten a warning message that encouraged you to go back instead of proceeding to the site, then you’ve clicked on a site that’s been blacklisted.
In this post, we’ll define what a URL blacklist is, why a website might be blacklisted, and how to prevent your own site from getting blacklisted.
What is URL blacklist?
A URL blacklist is a list of websites that have engaged in malicious or suspicious behavior, and been deemed insecure or dangerous by a search engine, hosting provider, antivirus program provider, or another authoritative body.
If using Google Chrome, the user will be presented with a warning page explaining that the site they’re trying to access may be harmful. The warning may offer different messages, like “The site ahead contains malware” or “Deceptive site ahead,” depending on whether malware or phishing attacks have been detected.
While the user can still visit the site if they choose to, many will return to the search engine results page or previous site they were on. This warning page is therefore a simple but effective tool for protecting users online. Let’s take a closer look at Google’s blacklist below.
Note: Google doesn’t use the term blacklisting. Since May 2018, it’s attempted to remove and replace the term “blacklisting” in external user-facing instances and in its internal code. The section below will use its preferred term: blocklisting.
Google Blacklist
According to its Safe Browsing Advisory, Google uses automatic algorithms and user feedback to compile lists of potentially dangerous sites. There are three major types of sites on these lists:
- Social engineering pages: Social engineering pages — otherwise known as phishing and deceptive sites — attempt to trick users into doing something dangerous online, like providing personal or financial information or installing unwanted software.
- Malware pages: Malware pages are web pages that contain malicious code, which can download and install software on your computer without your consent. This software will attempt to steal your personal information or use your computer to do things you do not intend.
- Unwanted software pages: Unwanted software pages promote software that violates Google’s Software Principles and is potentially harmful to the user experience. It might deceptively advertise a value proposition that it does not meet, omit some of its principal and significant functions, collect private information without the user’s knowledge, and more.
Back in 2003, Google estimated that it blocklisted around 10,000 websites every day. This number has increased in recent years. Over the last year, Google has identified nearly 40,000 websites a week as potentially harmful. You can view these lists of potentially dangerous pages via Google’s Safe Browsing Service.
While the goal of Google’s safe browsing service is to protect users against phishing and malware, it can penalize businesses that aren’t aware their sites have been infected or hacked. The result can be a significant loss in traffic and revenue.
To avoid these losses on your site, let’s take a closer look at the reasons a site might be blocklisted.
Why would a site be blacklisted?
It’s important that both users and site owners understand why a site might be blacklisted. First, it will help users fully understand the risks of visiting a site that’s been marked as potentially harmful. Second, it will help site owners avoid having their sites blacklisted or, at least, help them resolve the issue and get back online as quickly as possible.
Below are some potential reasons a site might be blacklisted.
Malware Code
One of the most common reasons for a website being blacklisted is that malware code — or irregularities that seem like malware — have been detected. Malware can take on many forms, including trojan horses. A Trojan horse is a type of malicious code or software that looks legitimate in order to deceive users into loading and installing the malware on their device. Once installed, it can take control of your computer and perform the harmful action that it was designed to do. Other types of malware contain code that installs malicious software onto a user’s device without their knowledge.
Phishing schemes
Another common reason for a website being blacklisted is that it’s been reported or flagged for running phishing schemes. The site may simply contain links that redirect visitors to phishing sites or be set up as a phishing site. Phishing websites pretend to be legitimate in order to deceive users into sharing private information, like their username and password, social security number, and credit card information.
SEO Spam
SEO spam is an increasingly common form of attack that can lead to a site being blacklisted. In fact, SEO spam was found in 62% of the infected websites that Sucuri cleaned in 2019. With SEO spam, bad actors will gain access to a website and add spammy content to high-ranking and high-traffic pages in an attempt to sell counterfeit merchandise or illicit items. Since these injections of spammy keywords and pop-up ads can be hard for site owners to detect, it can be an effective black hat SEO technique.
Now that we understand the common causes of websites being blacklisted, let’s look at what steps you can take to prevent or avoid this fate for your site.
How to Avoid Being Blacklisted
- Pick a secure hosting provider.
- Use an automated cybersecurity service.
- Keep your software and third-party apps up-to-date.
- Require strong passwords.
- Limit login attempts.
- Replace broken links.
- Assign user roles and permissions.
A secure hosting provider that offers features like continuous monitoring, strong firewalls, and built-in server-side security can help detect vulnerabilities and prevent attacks and security breaches on your site. It can also notify you of any suspicious activity on your site, and help you get back online if your site has been infected.
Use an automated cybersecurity service.
The best way to avoid being blacklisted is to frequently scan your site for infections or threats. That way, you can detect any malicious activity on your site and implement solutions as quickly as possible. If your hosting provider doesn’t monitor and scan your site, then you can use a third-party cybersecurity service. Sucuri and SiteLock are two of the top service providers available that work for any website.
Keep your software and third-party apps up-to-date.
Hackers can use a backdoor, or insecure point of entry, to gain access to your website and insert malware, trojan horses, or spammy keywords. Since the most common backdoors are outdated software and plugins or apps, it’s essential to update your core software and third-party apps to keep your website secure.
Require strong passwords.
Malicious actors can gain access to your website through dictionary attacks. In this type of attack, the malicious actor will use a list of commonly used words to try to guess a user’s password and take over their account. You can combat this by requiring users to create strong passwords that contain both uppercase and lowercase letters, numbers, symbols, and so on. This step is particularly critical if you run a membership site, or have lots of users working in the backend of your website.
Limit login attempts.
Another way hackers will attempt to gain access to your site is through brute-force. In a brute-force attack, the hacker uses a bot to quickly run through billions of potential username-password combinations in the hopes of guessing the right credentials eventually. You can defend against these attacks by limiting login attempts. Requiring strong passwords will also help!
Replace broken links.
The most common cause of broken links is that the site you’ve linked to has been restructured and a redirect hasn’t been properly set up. These broken links will send visitors and web crawlers to a 404 page, which can negatively impact the user experience and your SEO rankings. However, sometimes broken links are a result of a website changing domain names. If that domain name is then bought by another website, then these links could redirect visitors and crawlers to a malware or phishing site. This can lead to your site being blacklisted.
You can avoid this worst case scenario by frequently auditing your site for broken links and replacing them. There are tools that can automate this process for you, like the Monsido Quality Assurance tool or W3 Link Checker plugin for WordPress.
Assign user roles and permissions.
If you have multiple users helping to run your website, assigning user roles and permissions can help secure your site from bad actors who gain access to one of the user accounts. If a hacker guesses the credentials of a site administrator, for example, then they can do serious damage to your site. But if they guess the credentials of a user with limited permissions, then they may be unable to install malicious software, popups, or phishing links.
Protecting Your Website and Your Visitors
Blacklisting is a common safety measure that’s been enacted by search engines, antivirus program providers, and other authoritative bodies, including Google, Bing, Norton Safe Web, McAfee SiteAdvisor. While blacklisting is designed to protect users online, it can hurt your website’s traffic, revenue, and reputation. To protect both your business goals and website visitors, it’s important to understand the common causes of blacklisting and how to avoid them.