My site is blacklisted. What next?

· Read in about 3 min · (496 Words)

Quttera's support team is being constantly contacted by website anti-malware monitoring customers whose website(s) were blacklisted. This post lists several (not all) blacklisting authorities and how to submit your site for (re)testing by them.

First, you should make sure your website no longer hosts malware, spam or any other potentially harmful content. You can do it by yourself or if you're ThreatSign customer you can simply let us do it for you.

To check by yourself, you can start with online scanning via VirusTotal and/or Quttera online scanner. When reviewing the reports make a list of vendors that detect your website.

For example in VirusTotal report:

2013-09-10-1.png

In detection ratio you can see the number of detected engines. Below, in the Analysis tab find URL scanners that mark your site as Malware site. Later we'll see hot to request a retesting by them.

In Quttera security report. In addition to the Blacklisting you see the file-by-file breakdown with all potentially suspicious content. Expand the Scanned files analysis tab and review the threat dump for each file. Go on and check manually each one of them on your server. Remove the threat and try to re-scan again.

2013-09-10-2.png

Once you're sure your website is clean you can continue to the next stage of the process - submit for review/ re-test.

Submit website for review by blacklisting authorities

First, it is important to mention that it is time-consuming and the results are not immediate. With Google, for example, it might take up to 3-4 days. So the key is to be patient. Below is the list that is not complete but will be a good start. We will update this post if will be required by readers/users.

1. Google Safe Browsing

The process is straight forward via Webmaster Tools and is described here:

2013-09-10-3.png

2. Sophos

We found these two ways to contact this vendor:

Reassessment Request - http://www.sophos.com/en-us/threat-center/ip-lookup.aspx#sthash.Uvzz5Bor.dpuf

2013-09-10-4.png

and

SophosLabs IP Address Classification Lookup - https://secure2.sophos.com/en-us/threat-center/reassessment-request.aspx

2013-09-10-5.png

2013-09-10-6.png

As stated by Sophos you will not be contacted automatically, but they assure that the request will be reviewed in a timely manner.

3. Fortinet

Submit review request as follows:

1. Enter your website URL hereand click lookup

2013-09-10-7.png

2. When the report is generated scroll fown to the Classification/Rating request and fill the form. Click submit. You can add screenshot as well.

2013-09-10-6.png

3. Bitdefender

The only way we found is to register in the Forum and ask for website review.

http://forum.bitdefender.com/index.php?showforum=138

2013-09-10-8.png

4. Scumware

We found just simple contact form http://www.scumware.org/contact.scumware

In the message section ask them to review your site.

2013-09-10-9.png

5. McAfee Site Advisor

In the User Feedback page fill in the form and choose the Type of inquiry as Submit a site for (re) testing.

2013-09-10-10.png

Summary

It is always a head-ache to get out of blacklists, so preventive measures and monitoring are essential steps to avoid this. Let us know if the info in post was helpful and share your experience. Read more about common pitfalls that make your website hacking easier here