StopBadware and Google have been getting a lot of bad press from both bloggers and mainstream media outlets (such as CIO magazine) lately for flagging sites as containing malicious software when in fact these sites are harmless. The people at StopBadware are unsympathetic and various posts in their forum illustrate the fact that they do not consider themselves responsible for their actions. Hopefully this article will reach someone at Google and spark a change for the better. (Quote from http://www.adwarereport.com/mt/archives/000352.html)

I am writing about these sites blacklisted by Google and StopBadware.org:
rabbitresort.com
asiatrainingassociates.com
domainregn.com
imports4u.net
justthailadies.com
nursedoctor.net/
seabs.com
  
  
My name is Daniel and I am the CEO of Citec Asia Co. Ltd. / IO Wow Co. Ltd. which is a small web design company located in Northern Thailand. We are the developers and provide the hosting service for Rabbit Resort as well as for some 500 other customers around the world. Our team of just 5 programmers and graphic artists were alerted to a series of hacking attacks on sites we host on 18 September. We found the first attack occured on the 17th.
  
We spent the next 2 days checking all sites we host, cleaning all sites that were infected, resolving how the attacker got in and upgrading security. All sites were cleaned on the 19-20th September. I received complaints from site owner that Google had already blacklisted their web sites.
  
All sites were attacked a second time on 22nd September and we spent the next 3 days this time, cleaning all sites yet again and again upgrading security to an even higher level. All sites including www.rabbitresort.com were clean by the 25th September and we have spent time since then to spot check and make sure there were no further attacks.
  
Despite my request to review Rabbit Resort specifically and all the other affected sites, it is now a week since the second attack and these sites are still blacklisted.
  
I want to complain strongly about the action of blacklisting web sites in this way. I do think it adds insult to injury where the resort owners, the developers and the hosting service were not the cause of the problem.
  
We worked as quickly as we could to make sure sites were clean. With some 500 sites to clean up, the clean up was not something that took just 10 minutes. It genuinely took time to do properly and that does not include the time we spent dealing with upset clients, as well as working out how the hacker was able to get into our sites two times.
  
I am sure that Google and their partner company StopBadware.org that blacklists web sites, intended to use this service to alert innocent web customers to those web sites that maliciously intend to attack site visitors. In this case, there was no malicious intent on the part of the site owner, developer or hosting service.
  
This hacker has cost me and my company more than a week of total resource time which we will probably never recover. I cannot imagine what the blacklisting is costing Rabbit Resort with lost customers.
  
Rabbit Resort is a small tourism destination on the Andaman Coast of Thailand. The economic downturn of the last 12 months for all kinds of reasons including the Thai Government Coup, Bird Flu, low tourism numbers, the Tsunami and so on and so on, mean that almost all businesses in Thailand are having a very hard time.
  
I urge that Google and StopBadware.org re-think how proactive you are going to be when adding sites to the blacklist. What has happened implies to everyone that Rabbit Resort and the other sites deliberately set up web site to maliciously attack visitors, where as in fact we are all innocent victims of a hacker who deliberately attacked these sites not just once but twice.
  
All of what I write here about the hacker is supported with logs including the IP address of the hacker. I am more than happy to provide the logs of discussions between me and the hosting servers in the USA where we found the method of entry and an IP used by the attacker. The IP by the way is a Russian address.
  
The biggest issue for me personally is that this hacker was probably attacking our sites through this IP and the IP we found is not his/hers. I am at a complete loss how to deal with the hacker per se, but I know I cannot allow the consequence act of blacklisting innocent web sites go with out some comment.
  
I do hope that StopBadware.org and Google think a bit more about how and when sites should be blacklisted.More importantly, provide a simple way to delist sites that were inappropriately blacklisted or where effective action was undertaken to clean up sites that were attcked by a hacker. The damage done to Rabbit Resort by the act of blacklisting risks closing them down. I am sure this is not what they intended.
  
Please can we get these sites removed from your blacklist urgently and I do mean it is now critical.
  
sincerely
  
Daniel Peterson
  
ONLINE HELP DESK: http://www.support.iowow.com/pmos (or www.citecasia.com and select Online Help Desk.)

__________________________________________________
IO Wow Co. Ltd.
-- Instantly Online --
PO Box 159, Phra Singh, 50200 Thailand
Tel/Fax: +66 (053) 400909
Web: www.IO Wow.com
__________________________________________________
This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If this message is received in error please respect the confidentiality of the document and return to the sender immediately.
__________________________________________________

[Formatting fixed – Tony]

Dear Mr. Peterson,

It's actually Google, not StopBadware, that flagged your site. Google independently checks the web for badware and badware-linking code, and places warnings in its own search results. StopBadware comes in simply to help site owners who want to remove the warnings in learning about badware and getting the warnings removed.

Information to that effect is available on both StopBadware's and Google's websites (see the <a href="http://stopbadware.org/home/faq#partnerwarnings">StopBadware FAQ</a> and the <a href="http://www.google.com/support/webmasters/bin/answer.py?answer=45432">Google help topic</a> on its warnings, respectively).

I am uncertain from where you derive your claims that StopBadware is unresponsive or that our forum users are unfriendly. According to my records, you have never posted to our forums, and our first email contact from you was just yesterday. Before that email, you had already filed a request for review for rabbitresort.com via our Request for Review web form on Saturday 9/29, and yesterday 10/2 you should have received an email from us noting that your site had been found no longer to be distributing badware.

You can view the public review history for rabbitresort.com here:
http://stopbadware.org/home/appealhistory?reportmatch=485737

We have no record at StopBadware of review requests being filed for any of the other sites you mention. As our information on our website, our discussion forum, and our email auto-replies states, we only accept review requests via our <a href="http://stopbadware.org/home/review">Request for Review web form</a>. Presumably you are aware of the web form, since you have successfully filed a request for review for rabbitresort.com.

If you have filed requests for review for those other sites directly with Google using its Webmaster Tools, then please note that StopBadware is not in any way involved with those reviews, and so cannot provide you any information as to their status. However, logging back in to Google's Webmaster Tools should provide you with status information for those sites.

The AdwareReport and CIO news articles you site are many months old. We have found that in general, once people's misconceptions about Google's warnings are cleared up, most people understand the goals behind the warnings. For some more recent press about StopBadware, see these two newer articles:

<a href="http://www.pcworld.com/article/id,138002-c,onlinesafety/article.html">"Malware is Getting Sneakier: StopBadware.org warns that Web's 'dark corners' are everywhere, even on legitimate sites"</a> by Robert McMillan of IDG News Service

<a href="http://weblog.infoworld.com/zeroday/archives/2007/10/stopbadware_for.html?source=rss">"Stopbadware forwards malware trends, tips" by Matt Hines & Victor Garza of InfoWorld

When a website is hacked to cause it to distribute badware, that website becomes a potential danger to internet users who visit the site. Any user whose computer is not adequately protected against the exploit placed on the hacked site could be vulnerable to infection. Being infected with badware can mean anything from a computer that no longer performs well, to the user's private information like credit card and social security numbers being transmitted to criminal organizations.

For more information about Google's warnings, and why StopBadware is involved, please read our FAQ on the topic:
http://stopbadware.org/home/faq#partnerwarnings

Erica George
StopBadware staff

>> I want to complain strongly about the action of
>> blacklisting web sites in this way.

Here's how I see it (I don't work for Google, sadly)

Google as a search engine must serve its users first and upmost. And while I understand you may be annoyed (and I would if I were in your shoes) Google's responsibility is to provide safe websites to your users.

The fact that you've had two hacking attempts is most certainly a cause for Google and will probably be into consideration. How secure can your site be if after one successful attempt, it happens again?

In due course, Google will probably de-list your site from the Blacklist, and I wish you luck with that. But don't forget that Google's main priority is the security of its users computers.

I suggest using Google Webmaster Tools to complete a resubmission request.