404 or 503 Malware Content ?

Saijo.George

Hi Folks

When it comes to malware , if I have a site that uses iframe to show content off 3rd party sites which at times gets infected. Would you recommend 404 or 503 ing those pages with the iframe till the issue is resolved ? ( I am inclined to use 503 .. )

Then take the 404/503 off and ask for a reindex ( from GWT malware section )

OR

Ask for a reindex as soon as the 404/503 goes up. ( I do understand we are asking to index as non existing page , but the malware warning gets removed )

---

PS : it makes sense for this business to showcase content using iframe on these special pages . I do understand these are not the best way to go about SEO.

Saijo.George

Thanks Peter, apologies for the delay was tied downed with some other things. Your help is much appreciated.

Dr-Pete

Sorry, I realized my comments about the 503 were kind of confusing. A 503 shouldn't serve a page for visitors, either - it's just a matter of 404s sometimes seeming a little more friendly, from the user perspective. It just depends on how you're set up.

My only other concern about the 503 is that it's generally intended for short-term use (at least it's been implemented that way). It's great if your site is down for a day and basically tells Google to come back later. If you leave one up for weeks or months, though, I'm honestly not sure what will happen. It's probably going to be treated like a 404, but it also could signal to Google that you have technical problems on the site. So, it may depend on the timeframe. The problem here is that you don't control the malware - it could be weeks before the 3rd party takes action.

Saijo.George

Come to think of it we don't get a lot of malware warning in GWT anymore , I am guessing that is because the framed pages are no longer indexed. ( We could have potentially got the warnings while they were still being de-indexed ?? )

I am worried about that since GWT used to warn us about these and if the pages are no longer indexed and Google no longer sends us notification , we might miss these pages with malware. I have to look in to some way of tracking this ( if you have come across any solution I would love to hear more about it ) .

Thanks a lot for your help Peter.

Serving up malware content to users was never an option. I think .. in our case it makes sense for us to go the 503 route . If anyone is wondering how we plan to handle it :

When we see a malware notification on the i-framed pages.

• We plan to disable the iframe and send a general page for visitors saying the content is temporarily disabled .
• We will send a 503 header response with this page to state that this is a temporary issue. ( for search engines )
• Ask the site owner to fix the issue .
• Once issue is resolved , remove the 503 and make the framed content live again.

This helped me make this decision : https://support.google.com/webmasters/answer/2600719?hl=en&ref_topic=2600715&rd=1

Dr-Pete

So, it's not indexed, but you're still get malware warnings? That's odd. Honestly, Google shouldn't even see something in a frame as directly being part of your site, in many cases. If you 404 those pages, you potentially kill them for visitors, too - on the other hand, you probably shouldn't be sending your visitors to frames with malware. If it's just a few, I'd probably 404 them temporarily - it'll protect your rankings and your visitors. I'm honestly not sure if the 503 is going to do much that the NOINDEX isn't doing.

Saijo.George

Hi Peter

The content used to be index, but I have added the noindex tag on there ( since I felt the same way about them being indexed as you did )  but we still get the GWT warning about malware from time to time. My initial concern was do I 503 or 404 the page till we fix the malware issue. I think 503 is the best way to go about it.

Dr-Pete

Is there any compelling reason to index this content? It's probably going to look thin to Google, at best (since it's mostly a wrapper around an outside site), and the search value is pretty minimal. In other words, it's good for your users and possibly conversion, but it doesn't have much value for search visitors. If the page is really just a wrapper around a demo site, then I'd consider using META NOINDEX on the frameset and just keep those out of your search results completely.

Saijo.George

Hi Peter

Thanks for looking in to this.

We sell templates and themes for various cms and we find that it's great if we can demo the content to users before they purchase them. Our content is created by the community and most of them often add updates to existing content. We find that its best to let our authors host their own files and we link to that content through an iframe.

At times some of the author's might get hacked / or some of their advertisement gets flagged as malware. We get notified by WMT when google see an malware on these iframed pages.

Dr-Pete

I tend to agree with Sorina - in a perfect world, it would be great if you could somehow vet that content and make sure it stays safe for your users (even crawl the sites offline if you need to). What content does the page have around the iFrame (if you can explain it generally without giving away private details)? I'm wondering if these pages should be indexed at all, malware or no, since they're mostly just re-displays of other people's content. META NOINDEX might be a better bet here.

SorinaDascalu

Probably you will not like my answer and you will give me the thumb down but:

Your main concern should be your visitors. You are displaying on your website content that, as you personally say, "at times" is dangerous to your visitors. Studies show the percentage of internet users that don't have any antivirus software or use outdated/expired software is somewhere around 50-60%. You should care more about your visitors and stop putting them in danger.

I don't know what content you are iframing on your website, but you should find a more trusted source that doesn't get infected at all.