Safe Browsing Alerts for Network Administrators

Tuesday, September 28, 2010 1:30 PM



Google has been working hard to protect its users from malicious web pages, and also to help webmasters keep their websites clean. When we find malicious content on websites, we attempt to notify their webmasters via email about the bad URLs. There is even a Webmaster Tools feature that helps webmasters identify specific malicious content that has been surreptitiously added to their sites, so that they can clean up their site and help prevent it from being compromised in the future.

Today, we’re happy to announce Google Safe Browsing Alerts for Network Administrators -- an experimental tool which allows Autonomous System (AS) owners to receive early notifications for malicious content found on their networks. A single network or ISP can host hundreds or thousands of different websites. Although network administrators may not be responsible for running the websites themselves, they have an interest in the quality of the content being hosted on their networks. We’re hoping that with this additional level of information, administrators can help make the Internet safer by working with webmasters to remove malicious content and fix security vulnerabilities.

To get started, visit safebrowsingalerts.googlelabs.com.
The comments you read here belong only to the person who posted them. We do, however, reserve the right to remove off-topic comments.

16 comments:

界王 said...

Is there some information with more details? I visit the startbrowsingalerts.googlelabs.com but don't know what to do next.

Rob said...

Readers may be interested in our research on Malware Alerts. We presented this research at the past Black Hat USA and DefCon 18:

http://www.slideshare.net/rob.ragan/lord-of-the-bing-black-hat-usa-2010

More information at the project page:

http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/

Vytautas said...

Nice service. Unfortunately at the moment I am not able to register AS which is assigned by RIPE (resolved as ASN-BLKRIPEX) although the detailed information is present in the RIPE whois. Hopefully it will be resolved soon.

David said...

looks very useful but there are a lot of little isp which do not own an AS and host some hundred of web pages (because they just have rent a couple of servers in any datacenter) that would like to get this kind of alerts. Would be good to have this tool also available per given ip addresses

Timothy said...

Would be nice if Google additionally offered mediums of counsel to high profile webmasters so their s- doesn't simply get shut down.

Brent2 said...

Individual webmasters, even those with hundreds of domains, should use the existing e-mail alerts. Doing it via IP would be a problem for shared hosting providers, who may have hundreds to thousands of unrelated domains on 1 IP.

Brad said...

It would be really great if we could sign up for these alerts without using a Google account (e.g. just using the abuse handle for our AS). Personal Google accounts are tied to employees, who may not be affiliated with the AS's abuse desk forever.

Al Iverson said...

Brent: Yet, Google, has, twice now, listed a whole bunch of our client domains because of one false positive issue with one domain, because they're hosted on the same IP. So Google is clearly doing some part of this on an IP address basis. Maybe cross checking for other FQDNs hosted on the same IP address.

kewang said...

Yes, we notice the information missing problem for some RIPE ASNs, and made an improvement to our system. It is much better retrieving the AS information now. Please login and try again.

Thank you for using this tool and the comments.

Ryan G said...

Glad this had gone public. We have been using this for a few weeks and are loving it. It is great for ISPs!

androo said...

great, but how do you register an AS. your link takes me to an uninformative page that states:


Messages
You have no recent notification emails. Once you add and verify an AS, notifications will be sent over email and appear here.

Givindu said...

I received an email. The address was my Cousins email Address.But it had no name of the sender. The address was same but the only difference was The original Emails i received from my cousin had his name in it and the fake one had only the same email address but no name of sender or any signature. How can this happen?
What has happened in this situation?

Admin said...

looks very useful but there are a lot of little isp which do not own an AS and host some hundred of web pages (because they just have rent a couple of servers in any datacenter) that would like to get this kind of alerts. Would be good to have this tool also available per given ip addresses like Mobil Keluarga Ideal Terbaik Indonesia

Blweh said...

This is a great tool! What about a feature to alert administrators of network blocks that have been SWIP'd to them but don't operate an AS?

Turyana said...

great

pro said...

The RIPE data you're using are VERY outdated - so I can't receive the confirmation email because the email address you're using is not valid since many years