SiteLock reported last week that search engines are not doing enough to protect users from navigating to infected sites.
In the second quarter of 2018, SiteLock employees processed over 6 million web pages. They found that of all the infected sites they discovered, only 17% were blacklisted by search engines. This means that every Internet user can easily become a victim of online scams by accidentally clicking on a seemingly safe link.
In Q1 2018, SiteLock published data from a similar study. The updated statistics indicate that there has been no action by search engines on malicious sites.
Jessica Ortega, Web Security Analyst at SiteLock, has her own explanation as to why search engines are in no hurry to blacklist sites. In her opinion, domain blacklisting often happens for the wrong reasons, and this harms the reputation of sites and their owners. Therefore, search engines are wary of adding blacklists and do not do this until they are certain that the content on the site contains a threat. It turns out that in many cases, search engines shift responsibility for user safety to the owners of web pages.
Average website is attacked 58 times a day on average
SiteLock also found that, on average, sites are attacked 58 times a day, with the majority of attacks being carried out by bots. Malicious bots account for 87% of traffic filtered by security applications. At the same time, Ortega explains that some bots are created not for fraudulent purposes, but to search for vulnerabilities in the protection of the site and determine scenarios for their potential use.
9% of sites monitored by the company have at least one vulnerability. According to early SiteLock research, more than 170 million pages of the World Wide Web can be identified as vulnerable.
WordPress and Drupal are the most frequent victims
The report also states that attacks are most often carried out on the open source CMS WordPress and Drupal, despite the fact that both services regularly provide updates. For example, previous versions of Drupal software revealed serious security threats, prompting the company to release several unplanned updates.
According to SiteLock, 77% of Drupal sites are still powered by older versions of the engine.
Ortega suggests that website owners who do not automatically install updates simply do not realize that they are putting their customers and their entire business at risk. According to her, there is a possibility that webmasters are confused about the large number of updates released in a short period of time - they forget to install something, but they simply neglect something.
The Topic of Article: SiteLock: Search Engines Do Not Protect You From Navigating To Dangerous Sites.