Monday, September 24, 2012

When Google Shuts You Down

It was 8:30 on a Monday morning and I received a call from a client. After signing in and grabbing their first cup of coffee of the week, they were greeted by the following on their company website: "Warning: Visiting this site may harm your computer!" Yes, despite diligent efforts, websites can go down, and on rare occasions they're even hacked. The fix is usually straightforward and in short time things can be put back in order, but this was different. This site was blocked by Google.
Now, if your website goes down for a short time, how significantly is your business impacted? If you're in Ecommerce or your website drives your business, even a brief disruption could be a major blow, but that was not the case here. This was a basic informational website, what we call a brochure site. A problem on a brochure site is certainly not good for a company's reputation, but it doesn't generally impact the company's ability to continue doing business (unless they were blacklisted by Google).

"When Google decides that your website is a risk, all of your company's productivity systems can go down!"


But when Google detects that a website is a risk, they don't just block that website, they block the entire domain name. What does that mean and why should you care? Well, with more resources moving to the cloud, companies are now likely to have a collection of websites.
In addition to www.wintersolutions.com bringing you to the Winter Solutions website, I might have mail.wintersolutions.com for the Email system, crm.wintersolutions.com for the database platform, support.wintersolutions.com for your customer service platform, etc. That means when Google decides that your website is a risk, every one of your company's productivity systems can go down!
Your website might be hosted in a data center in Texas, your Email on an Exchange server in New England, and your database on the SalesForce.com cloud, but to Google, they're all one entity if they fall under the same domain name, and they're all liable to get blocked if Google decides any one of them is a risk.
Google's efforts to protect the world from the dangers of malware (viruses and other really bad stuff) are laudable. Perhaps as a reflection of the United States' traditional role as international peacekeeper of the world, Google is ever vigilant, crawling the Internet (while building it's search databases) and keeping an eagle eye out for the virtual IEDs and minefields that wreak havoc on our unsuspecting computers. More often than not, by the time the antivirus on our own computers detects that a website is infected, it's too late; our computer is infected. Once Google detects that a site is infected or otherwise compromised, the site is added to a blacklist and access to the site is effectively blocked by Google's Chrome web browser, Firefox and a myriad of other sources that subscribe to Google's lists. Visitors may be able click to proceed, but after being sterly warned away, most aren't even going to take the chance. (I'm certainly not inclined to). While Google is not the only provider working to secure the Internet, detection by Google is certainly one of the most impactful.
Well, that's great Dovid. Thanks for giving me yet another reason to be afraid of the Internet and think twice about moving to the cloud.
The good news is that there's a lot that can be done to minimize the risk of these problems.  Some of these strategies are new, but most we've been using for years with higher profile sites. The key change here is recognizing that your website may deserve more TLC than you previously thought: 
1. Ask your webmaster if your website is kept up to date - Just like your own computer, your website platform needs to be updated periodically.  While your hosting provider may do a great job of keeping the server itself up to date, content management systems (like WordPress or Joomla) and Ecommerce platforms also need maintenance. An up to date platform is a lot less vulnerable to hackers and malware infections.
2. Ask your webmaster about installing a web application firewall - Without much fuss, these tools can add an additional layer of protection by looking for and blocking malicious patterns of behavior, even limiting access to the regions you do business with.
3. Enroll in a website monitoring service - Services to watch your website and alert you when it's down have been around for years. Some can even be configured to watch your content and alert you if website has been hacked and defaced. Newer platforms will act like the antivirus on your computer and will scan your website for malware. If your website has a problem, you're going to want to know about it before Google and others do so it can be taken care of quickly (before it's blacklisted).
4. Backup, backup, backup - While your hosting provider may back up the site, these backups are oriented towards recovering failed hardware and may not capture the time of your incident. Most platforms offer options to easily backup both your website files and database. Ask your webmaster what the  easiest way is to back your own site up and backup frequently.
5. Alternate domain names - Most of our websites are on a .com (or .org for non-profits), but lots of us also have registered extra domain names that we haven't gotten around to using. It may be the .net, .biz, or .info version of our site or it may just be another form of our name. Ask your webmaster about keeping your public facing website on the .com or .org and configuring the alternate domain names for your other production systems. This way, if your public website is ever blacklisted, your other systems won't be affected. If a site is ever blacklisted, customers might also be advised to access the site on one of your backup domain names.

"While the issues were basically resolved within two hours, it took 24-48 hours before the alerts from Google and other blacklists full cleared."


Back to the story of my client in distress ... we were able to restore their website from a recent backup, patch the site and apply an application firewall to make it secure, enable an alternate domain for temporary access, notify Google and others that the site was clean and put a new monitoring system in place to ensure that problem doesn't recur. While the issues were basically resolved within two hours, it took 24-48 hours before the alerts from Google and other blacklists full cleared.
Ok, Dovid. Well you've pretty much just told me to call my webmaster. She already knows more than I do about my website, so can't I just trust that they're doing what needs to be done?
Of course that would be very nice and it would take much of the burden from you, but web developers focus on delivering projects and unless contracted for maintenance, they're unlikely to perform the necessary follow-up unless being specifically asked. While some platform updates may be easy to apply, sites that are heavily customized may entail considerable work each time a new update is deployed. A webmaster may have excellent design and development expertise, but that does not necessarily mean they have the skills needed to properly secure and maintain your site once it's deployed.  Be sure that your webmaster is in communication with your IT team. As one wise man former president once said, trust, but verify!

Dovid Winter is Principal Consultant of Winter Solutions and has been providing hands-on IT management services to small-business, non-profit and education since 1986. In addition to website development and hosting services, Winter Solutions' offers an array of managed IT services. Whether you are looking for assistance with a single project or to outsource your entire IT department, Winter Solutions has a solution to meet your needs. Contact us at 781 821-0000.