Google finally opens up about the different types of security issues reported on by Search Console. In a new explainer video, Google goes over all the security issues reported on by Search Console. The video is another installment of Google’s Search Console Training video series on YouTube.
In their previous tutorial video, it was shown how to find and fix security issues using the reports in Search Console. And in the last video, Google goes into a detailed explanation about different types of security issues and the reasons behind them.
Their video goes over –
- The main types of security issues that may affect a website
- How to use the Search Console to find issues
- What to do after the errors are corrected
According to Search Consoles reports, security issues can be divided into two categories. They are – hacking and social engineering. Let’s read on to learn more about them.
The Security Issues
There are different types of hacking available, and the most common one is – URL injection. When hackers gain unauthorized access to a website through stolen credentials or outdated software, URL injection occurs.
With unauthorized access, hackers can do whatever they want. They can remove, modify, or add content, and steal user data or exploit the reputation of the website to fulfill their commercial purposes.
According to Google Search Console reports, there are three types of hacking. They are –
- Injection of URLs
Injection of URLs occurs when a hacker creates new pages on a site by including spammy links. These spammy links redirect viewers to other sites.
- Injection of Content:
This issue occurs when a hacker puts irrelevant content to a site’s pages by including spammy keywords or gibberish text.
- Injection of Code:
The hackers sometimes inject codes into a website to change its behavior by sending spammy emails. This is known as the injection of codes.
How hackers gain access and monitor everything?
After gaining access to an insecure directory on a server, hackers typically take control of a website in any of the above-discussed ways.
For example, there might be a directory with open permissions that you have forgotten about. A hacker takes advantage of the open permission and gains access to a site. They can also gain control of the site by exploiting a vulnerability in software, like CMS that runs on a site.
It typically occurs when a site owner uses the insecure version of a CMS. Another way hackers gain control over a site is by hacking third party applications like widgets or plugins. They also look for technical signals to see if a website is protected or not. If they find the website is running an outdated version, it becomes easier for them to hack the site and exploit a known vulnerability.
2. Social Engineering
Social engineering tricks users to do something dangerous online, like downloading malicious software or revealing confidential information. Phishing is the most common example of social engineering.
Google safe browsing warns its users before they visit a deceptive website or download harmful files. When Google safe browsing detects a website to be with deceptive content, the Chrome browser displays a “deceptive site ahead” warning to its users.
Search Console will alert the site owners through email if it detects any kind of malicious or social engineering content in the site.
Google advises checking the security issues report at least once to stay on a safe side.
Example of Social Engineering
Some of the most common examples of social engineering are –
- Deceptive content
The site tries to trick visitors into doing something that they would do only with trusted websites. For example, sharing a credit card number or a password.
- Deceptive ads
When visiting a site, the visitors find ads that falsely claim that they are using software that is out-of-date and prompts them to install unwanted software.
It is really difficult to distinguish deceptive content. Therefore, tricking users by making them believe that it is the original source and prompting them to share confidential data is quite easy. Deceptive content might also include fake download buttons that trick users into downloading malware.
Other security issues explained
Apart from hacking and social engineering, Google Search Console reports on a few other types of security issues.
3. Uncommon downloads:
A site might offer an unusual download that Google safe browsing is not familiar with. Chrome may warn visitors before downloading that it could be dangerous.
If Google safe browsing verifies the file and finds it to be safe, the warning is lifted automatically.
4. Harmful download
A site might offer users to download something that Google safe browsing thinks is either unwanted software or malware. For these types of downloads, Chrome may show a warning when anyone visits your site.
To remove the warning by Google safe browser, you have to remove the links to harmful sites.
5. Unclear mobile billing
When a site does not sufficiently inform users about mobile charges, Chrome displays a warning before a user loads a page that might incur mobile charges.
A site has been infected by malware or hosts malware from a hacker. This might include a mobile application, software, or a script, specially designed to harm devices when the users install it.
Final Advice by Google:
- Google advises paying attention to security issues report in Search Console. The reports may contain important information regarding the security of your site and users.
- Ad users should be aware of social engineering.
- Every user should pay attention to the warning by Google safe browsing or Chrome, and must not fall for deceptive content and harmful downloads.
Finding and fixing issues by Google Search Console
Whenever a security issue is detected, Google Search Console sends email alerts to its verified site owners. The alert contains a link with more information on how to solve the issue, which should be completed as soon as possible.
If you opted not to receive any email alerts from Search Console or if you miss it, you can always check for security issues by using the platform.
The Search Console’s Overview page notifies site owners if any security issues need to be addressed immediately.
If issues are detected, you can click on the alert to go to the Security issues report.
The Security issues report contains all the security related issues related to your website.
Fixing Security issues
While you are in the security issues report, you can expand any of the panels to learn more about a specific issue.
You will find a “learn more” link which will bring you to instructions on how to fix any of the detected issues. Google recommends fixing all errors listed in the security issues report.
Once all issues on all effected pages are fixed, all you need to do is to click on the Request Review button. When submitting a request for review, you would need to describe what was done to correct the security issues.
Some Important FAQs
- FAQ 1
What is website hacking?
Website hacking is the way of exploiting the vulnerability of a website to gain unauthorized advantages. A hacker might inject malicious code into pages to redirect users to another site.
- FAQ 2
What is the best way to submit a security review request to Google Search Console?
According to Google, a good request should include three things. It
- Explains the exact issue on your website
- Describes the steps you have already taken to fix the issue
- Documents the outcome of your issues
- FAQ 3
How long does Google take to complete security review requests?
There is no fixed time. It generally takes a few days to complete the review requests. However, sometimes it might take a week or two.