Frequently asked questions

How did malicious code get on my site?

Malicious code can be added to the site intentionally or accidentally:
  • By an attacker who gained access to the servers or to the content management system.
  • By the site owner (for example, the banner system code, or web trackers) — third-party resources can be hacked.
  • By a site user, if they can post messages or upload files.

Which site pages exactly are infected?

To view the list of pages where malicious code was detected, go to the Security and violations page in Yandex.Webmaster.

The list may be incomplete because the pages are checked selectively. Also, remember that infected code may be included in all pages — for example, if it is a page header or footer.

How often are the checks performed?

The intervals vary. This is why the information about infection can be updated with a delay.

Yandex always rechecks the sites where it found malicious content. If the recheck shows that the site is still infected, the the intervals between rechecks start to increase. The sooner the site is cured, the faster Yandex learns about it and removes the threat sign for users.

I fixed everything. How do I remove the threat warning?

The warning about the site posing a threat will be removed from search results if the Yandex robot does not detect an infection during the next scan. To speed up the recheck, open Yandex.Webmaster, go to the Security and violations page, and click I fixed it.

Why should I register in Yandex.Webmaster?

Yandex.Webmaster lists pages where Yandex detected malicious code, indicates the antivirus verdict for each page and shows infection chains. You can request a recheck in Yandex.Webmaster to speed up the removal of the threat warning in search results.

The site data is available only to the site owner and trusted persons. You have to register and confirm site management rights.

Why is the site marked as infected in the search results but there's no list of infected pages in Yandex.Webmaster?

Pages on different domains are checked independently. If different domains for one website (for example, and aren't merged as mirrors by Yandex, the information in Yandex.Webmaster may be incomplete. It may be that the domain registered in Yandex.Webmaster isn't marked as dangerous, while the pages on the unregistered domain are infected.

Register the second domain in Yandex.Webmaster. You will be able to view information about both domains and request rechecks for each of them.

Why do I get many contradictory messages about infection on the site?

Usually such messages indicate that malicious code is trying to hide its activities from the scanning system. The code may be revealed with certain intervals or under certain conditions. For example, only when passing to the site from search engines or only in certain browsers.

Check all site files for infection.

Tell us what your question is about so we can direct you to the right specialist:

In this case, read the recommendations in the Unwanted programs and dangerous files section. You can also contact support from that page.
If you see a message about another issue related to the site security, choose the violation type.