Frequently asked questions
- How did malicious code get on my site?
- Which site pages exactly are infected?
- How often are the checks performed?
- How do I find malicious client-side code on my site?
- I fixed everything. How do I remove the threat warning?
- Why should I register in Yandex.Webmaster?
- How do I protect my site from new infections?
- Why is the site marked as infected in the search results but there's no list of infected pages in Yandex.Webmaster?
- Why do I get many contradictory messages about infection on the site?
How did malicious code get on my site?
- By an attacker who gained access to the servers or to the content management system.
- By the site owner (for example, the banner system code, or web trackers) — third-party resources can be hacked.
- By a site user, if they can post messages or upload files.
Which site pages exactly are infected?
To view the list of pages where malicious code was detected, go to the Security and violations page in Yandex.Webmaster.
The list may be incomplete because the pages are checked selectively. Also, remember that infected code may be included in all pages — for example, if it is a page header or footer.
How often are the checks performed?
The intervals vary. This is why the information about infection can be updated with a delay.
Yandex always rechecks the sites where it found malicious content. If the recheck shows that the site is still infected, the the intervals between rechecks start to increase. The sooner the site is cured, the faster Yandex learns about it and removes the threat sign for users.
How do I find malicious client-side code on my site?
For details, see the How to cure an infected site section.
I fixed everything. How do I remove the threat warning?
The warning about the site posing a threat will be removed from search results if the Yandex robot does not detect an infection during the next scan. To speed up the recheck, open Yandex.Webmaster, go to the Security and violations page, and click I fixed it.
Why should I register in Yandex.Webmaster?
Yandex.Webmaster lists pages where Yandex detected malicious code, indicates the antivirus verdict for each page and shows infection chains. You can request a recheck in Yandex.Webmaster to speed up the removal of the threat warning in search results.
The site data is available only to the site owner and trusted persons. You have to register and confirm site management rights.
How do I protect my site from new infections?
For details, see the How to protect your site from infection section.
Why is the site marked as infected in the search results but there's no list of infected pages in Yandex.Webmaster?
Pages on different domains are checked independently. If different domains for one website (for example, www.example.com and example.com) aren't merged as mirrors by Yandex, the information in Yandex.Webmaster may be incomplete. It may be that the domain registered in Yandex.Webmaster isn't marked as dangerous, while the pages on the unregistered domain are infected.
Register the second domain in Yandex.Webmaster. You will be able to view information about both domains and request rechecks for each of them.
Why do I get many contradictory messages about infection on the site?
Usually such messages indicate that malicious code is trying to hide its activities from the scanning system. The code may be revealed with certain intervals or under certain conditions. For example, only when passing to the site from search engines or only in certain browsers.
Check all site files for infection.