Keeping an eye on your domain reputation - Plesk Tips

Keeping an eye on your domain reputation

We usually consider domain reputation in the context of mailing services – a reputation score. Like when a mail transfer agent assesses how safe it is to accept emails from a server or domain. Then check them for spam or malware. But in fact, the term domain reputation is much broader. Generally, it’s a stamp of confidence in the website’s security.

 A good reputation means the website’s safe, while a “blacklisted” status by antiviruses warns visitors about possible security threats. There’s a vast amount of antivirus services that manage websites’ blacklisting databases. Those noticed in viruses’ distribution, phishing, hidden redirects or “drive-by” attacks.

The most authoritative sources to verify site reputation

  • Google Safe Browsing
  • VirusTotal
  • PhishTank

Let’s take a closer look.

  1. Google Safe Browsing (GSB)

Google maintains a service based on a database of suspicious and dangerous domains, using a special malware-scanning bot. The Malware Scanner checks websites for security issues or visitor attacks. Ones such as phishing / social engineering pages, hidden search and mobile redirects, malware downloads, and so on. Once detected, it blacklists and penalizes the domain, before storing it in a GSB database.

Now, a blacklisted domain doesn’t necessarily mean the website is malicious. Because, for example, one day compromised and infected legitimate e-commerce resources could start threatening visitors and get blacklisted in antivirus services. Including Google Safe Browsing.

By the way, if a website is under Google Console, it will notify a webmaster about the security issues and penalties. So, we strongly recommend you add your websites under Google Console as soon as possible.

OK, so then what comes after a domain gets blacklisted? The GSB is the source for domain reputation verification in Google Chrome, Safari, Mozilla Firefox, android mobile browsers and more online resources. Which means all those browsers and services start blocking access to the website. Or warn visitors as soon as it gets blacklisted. And that’s sad, right?

Revisium about domain reputation

2. VirusTotal

VirusTotal clusters over 60 antivirus services together, including ESET, Trustwave, Kaspersky, Comodo, CleanMX, and Phishlab. These services export their malicious domain databases to Virustotal as feeds. Once the domain gets blacklisted by an antivirus, everyone learns about the threat via the aggregator.

Domain reputation - VirusTotal

Therefore, it’s probably good practice to use Virustotal to verify domains on a regular basis. Because it helps identify security issues at the earliest stage. And not only that – it takes the appropriate measures.

3. Phishtank

This service is an aggregator of the resources caught in social engineering and scam. It basically exposes a database as a feed. So, any online service can check their domain against phishing. And if the results are positive, they’ll either restrict access to it, or notify the user about the danger.

What happens when your website gets blacklisted?

Domain reputation - website blacklisted

The main problem is that visitors get an access-restriction to a website. And consequently, there will be a sharp decline in web traffic. In some cases, it may result in search engine penalties and loss of the leading SERP position.
Find out more about the SEO Toolkit that can help you fix your SEO issues.

Effects of Blacklisting

Domain reputation - blacklist inclusion
  1. A website experiences security issues and a search engine flags it as “malicious” on a search engine result page. So, the users see the website may threaten them, and hence, will obviously not click the link.Sad truth: Flagged websites usually lose about 80-90% of their visitors.
  2. Users on popular browsers (Google Chrome, Mozilla Firefox, Opera and Safari) usually experience another type of access issue. These browsers rely on Google Safe Browsing API in order to check domain reputation. Once Google blacklists a domain, the browsers start blocking access to it. Or it warns users about the deceptive site ahead. This also results in up to 90% traffic loss. Tragic.
  3. And finally, imagine a website makes it on the listed of the malicious database of some desktop antivirus. Then all visitors get blocked by that antivirus. In this case, traffic loss depends on how popular the antivirus is.

Domain reputation risk

So far, we’ve been talking about the technical issues. But let’s also consider the reputational risks. You know the feels when you’re opening a website and you get Google-flags like “Deceptive site ahead” or “Phishing website”, or virus alerts popping from.

Effects of Blacklisting

revisium-and-plesk-talk-about-domain-reputation-5-deceptive-site-ahead

These alerts leave visitors with a bad taste in their mouth about both the website and the company. So, in order to start avoiding it, let’s find out the cause.

Why does a site get blacklisted?

  • Website compromise and infection

A hacker or bot can infiltrate a website to upload or inject a payload into the legitimate scripts. In other words, inject a phishing page, hidden redirect or malicious piece of code. As soon as a website starts threatening visitors, it gets blacklisted by antiviruses or a search engine.

  • Visitor’s complain

If a visitor finds illegal content, deceitful advertising or any evidence of security threat, he can submit a request to an antivirus service. Reporting the dangerous resource. And if the threat’s confirmed by a malware analyst, then submitted domain gets banned.

  • Blocked for spam

When a website starts sending out spam, its IP or domain gets blacklisted by antispam services such as SpamCop or SpamHaus. This may cause problems in delivering emails or flagging them as spam.

But remember that spam doesn’t necessarily mean the website has been hacked. The root cause may be a feedback form or user registration process which produces tons of outgoing emails. Particularly during spam registrations by spam bots.

Another reason is vulnerable scripts, which allow unregistered user sending emails to an arbitrary receiver. Remember the vulnerable VirtueMart recommendatory component in Joomla 2.5.

What happens after a domain reputation gets damaged?

If a domain reputation is damaged, it usually takes up to several weeks to remove it from the list, depending on the service you use. But the fastest blacklist removal process is for Google. It’s a couple of days for automatic penalties, but you need it to resolve the issue tentatively. For example, removing a malware or phishing page from the website before submitting a report to Google Console.

As for the antivirus services – some of them are completely inert and it may take up to a month or even longer to complete requested de-listing.  Usually you can submit a form and mark a “false positive” or “false negative” as a reason, then website URL and contact details. After that – just wait for a resolution.

How to avoid breaking your domain reputation

OK, now we’ve learnt why the blacklisting happens and how. But how do you avoid this? Or at least, how do you reduce a bad impact or the probable incoming issues we mentioned? The solution is website security monitoring.

The main reason to monitor is to identify the problem at the earliest stage and to mitigate it. In case of a prompt detection, a web specialist can quickly solve the problem. For example, removing a phishing page or a hidden redirect. So the security issue won’t be found and the domain gets to save face.

But surely there’s a more reliable option? Like preventing website security risks in advance? One that lets you take technical precautions like web application firewalls and server hardening. And organizational measures, like developing safety guidelines for web-administrators. The good news is that there is such a simple and effective solution – installing Revisium Antivirus for Plesk.

How to avoid domain reputation issues?

It will scan your websites for malware and check your domain reputation. The free version has no limitations regarding the number of websites you can check. And it also has no trial period. Meanwhile, the more elite Premium version enables automatic malware cleanup and scheduled scanning with email notifications.

It will scan once per day/week/month, depending on your user settings. And it will notify the site administrator on files infection or domain blacklisting via email. If this sounds like something you’re missing, better click below to find out how you can benefit.

About

Greg Zemskov
Founder & Senior Malware Researcher at Revisium, with 9 years experience in site security and malware cleanup. You might have met him speaking at WordCamps, Positive Hack Days, JoomlaDays and more IT and WebDev conferences.
    Comments
    • Web Rifer Technologies
      Reply

      Thanks to the author for sharing this impressive blog. Really glad to read this article. This site has lots of information and it is useful for us. – digital marketing agency, internet marketing services

    Leave a Comment

    Start typing and press Enter to search