What are some expected timelines when dealing with malware remediation?

When malware infects a website, it can often lead to the hosting account being suspended by the host, or the website blacklisted by security companies who monitor website reputation. In these situations, additional steps are required to get your website back online with a good reputation.

During the malware clean process, if there are additional infected website installations (whether they be addon domains, or improperly-stored backup or test installations), the malware clean may be delayed to accommodate the additional content. If these additional installations do delay the malware clean, a SiteLock Security Analyst will notify you of the delay by email.

Hosting Account Reactivation (Suspension)

Hosting Account Reactivation Timeline:

• Up to 48 hours after the clean

Once malware is detected by your hosting company, your account is suspended until ALL malware in the account has been addressed. This is done to contain the spread of malware and protect both your site visitors as well a other customers on the same server.

Your host will generate a file called malware.txt in the home/user folder. This malware.txt lists all files detected with malware in your hosting account, and all the files in listed will need to be addressed before the account can be reactivated by the host.

Once the malware clean has been completed, the SiteLock agent will review the malware.txt file to identify if there are additional website installations that will also need to be cleaned to get the account reactivated.

• If there are still infected website that need to be addressed, an email will be sent to you outlining what was cleaned and what still needs to happen before a request can be submitted to the host for reactivation. This typically includes adding SiteLock services to unprotected websites or removing website installations that are no longer needed.
• If the account is now clean and you are hosted by a SiteLock Partner, an email will be sent to the partner requesting account reactivation. This can take up to 48 hours to get the account reactivated. Once you have received the email notifying you that the account is clean, you can contact your host to request a new malware scan on the account to verify the malware has all been addressed. This can speed the reactivation process up.
• If the account is now clean and you are not hosted by a SiteLock Partner, we will notify you in the closing email that the account is now clean and you will need to reach out to your host to request a new malware scan directly.

Google Blacklist Removal and Re-Index Requests

Google Blacklist Removal Timeline

• Up to 5 business days after the clean is completed

When Google detects malware on a website they will blacklist the domain. A website blacklisted by Google will present a scary red warning screen to visitors in Google Chrome until the blacklist has been removed.

Once the malware clean has been completed, a SiteLock Security Analyst will log into the Google Search Central for your website and submit a request to Google to remove the blacklist. If you do not have your website setup in Google Search Central, we strongly recommend doing so, as as it allows you to receive live alerts from Google regarding your website. More information can be found on the official Google Search Central page. If you already have this setup, you may receive an alert for a new admin user when we log in to review and submit to Google. This is is okay, and you can remove the user once the clean has been completed without impacting any submissions made by the user.

Once a request has been submitted to Google for blacklist removal, it can take up to 5 days for the blacklist to be removed. There is nothing that can be done by SiteLock or you to speed this process up, as it is essentially just a request submitted to Google that the site is now clean and ready to be reviewed by Google bots. If this review fails for any reason, you will be notified only if you have an account setup through Google Search Central. If your website is blacklisted for longer than 5 business days after the malware clean has been completed, please contact SiteLock directly to investigate.

Google Re-Index Request Timeline

• Up to 4 weeks after the clean is completed

One common result of a malware attack is spam results unrelated to the website's true content in Google Search Results. This is often referred to as SERP Spam, where SERP stands for Search Engine Results Page.

When dealing with SERP Spam, once the site has been cleaned, a Re-Index Request is required. This is the request to Google that essentially states that the site is now malware-free, and Googlebot should now crawl the site to generate new, clean search engine results. When submitting a re-index request through the Google Search Center, it can take up to 4 weeks for the process to complete and replace all bad results in Google.

To speed this process up, your website admin can submit a sitemap directly to Google. A sitemap will help Google locate legitimate content for your website, which will reduce the time it takes to get clean results in Google. For more information on this process, please see the official Google Search Central documentation.

General Blacklisting Issues

• Up to 2 weeks after the clean

Although Google is the most common blacklisting company SiteLock interacts with, there are quite a few other blacklisting providers that may flag a malicious website. A particularly valuable resource to check your website's current reputation across many of the most reputable blacklists is VirusTotal, a Google-owned blacklist aggregator.

During the manual malware clean process, a SiteLock Security Analyst will submit a blacklist removal request to the following major blacklist companies if blacklisted at the time of the clean:

• BitDefender
• CRDF
• Fortinet
• Google
• McAfee
• Norton
• Sophos

Once a request has been submitted to the blacklist entity, we generally advise it can take up to 2 weeks to be removed from the blacklist. We recommend also submitting a request for your site so you receive any follow-up emails sent. This will not speed the process up, but does allow you to see responses.

If blacklisted by any other company, once the manual malware clean has completed, your website admin should submit a new blacklist removal request. This is typically done by Googling "<blacklist name> false positive submission" and following any steps provided.