Comment by irae
5 years ago
I am just guessing here, but in case the author had their service compromised, maybe he can't disclose the information. Feels like they know what they are doing, and at least to me, reading between the lines, it looks like they fixed their problem and they advice people to fix it too:
> If your site has actually been hacked, fix the issue (i.e. delete offending content or hacked pages) and then request a security review.
Author here. We didn't do anything other than request the flag to be reviewed.
The recommended steps for dealing with the issue listed in the article were not what we used, just a suggested process that I came up with when putting the article together. Clearly, if the report you receive from Google Search Console is correct and actually contains malware URLs, the correct way to deal with the situation is to fix the issue before submitting it for review.