I don’t know how many webmasters have had to deal with this but Google just started listing Freethunk.net as “may be compromised” in its search listings. I’m up at 2 AM trying to figure out why?
I went through Google’s webmaster tools, per their instructions, and found no malware or other issues. No reports on why I was suspected in the first place.
Spam is covered by Askimet and those users that do get through are quickly deleted (comments have to be relevant to the site). I’ve reported the concern to my hosting company which has a good reputation (Hostgator) and a scan of my folders looks good.
Then I checked all my other sites and I believe I know what happened. Per this article on WordPress I may have triggered Google to notice changes I was making in order to prevent bot attacks:
After reading this article earlier in the week, I decided to delete my old default administrator account to get rid of the username “Admin” and replace it with a new administrator account with a new username. The reason you have to do this is because WordPress doesn’t allow you to change your admin username once your WordPress site/blog is set up. You literally have to delete the existing administrator account unless you want to play with the database (which I saw instructions on through another site, but wanted to avoid that headache and possibly that would have still caused Google problems).
I did this to two of my sites and ironically those sites are now flagged as being possibly compromised while the rest of my sites using WordPress defaults or no WordPress at all are considered clean. Is it possible that Google detected me deleting my admin user account and starting a new one in order to avoid the problem they now think is going on? That my site has been hacked or taken over?
I don’t know if this is a bug in Google’s detection system, but I wouldn’t be surprised. While it’s good of Google to warn users about hacked sites, apparently now it will take me several weeks to get off their list even if my site is fine. I’m finding, as someone who just likes to run a couple of sites for expressing my opinions and posting my artwork, that it is increasingly hard to deal with all of Google’s rules. They’re well intended, but…
UPDATE: It took approximately 5 days, but the “may be compromised” labeling was removed after submitting a request. I believe I was right in that changing my administrator username is what triggered Google to label me. It’s a shame that has to be the case because, while I understand Google has good intentions, it means for any changes to my WordPress setup I have to keep them in mind and how they’ll interpret what I do–and be concerned about WordPress attacks. Ultimately, the blame lays with the bastards who have nothing better to do then hijack websites and create malevolent bots. It’s easier to destroy than create.
UPDATE 5/17/2013: And now the “site may be compromised” label is back, apparently due to procedure? There’s an update that simply says to allow for several weeks to review the request. What a bunch of crap. On this site, while it’s nice to be indexed, I’ve stopped caring about Google. For the other site I have in the same boat, I just got an urgent request to remove some sold ads. Hmm, I wonder why. Thanks Google. How “several weeks” is acceptable in any situation involving a fast-paced Internet is beyond me? I can imagine the nightmare this must cost for business sites.