We help IT Professionals succeed at work.

Why is my site showing "Deceptive site ahead"

Sheldon Livingston
on
18 Views
Last Modified: 2020-05-29
All of a sudden my BlueHosted site is being flagged as deceptive.

How can I check into why?
Comment
Watch Question

David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
There is no easy answer for this.

Provide the actual URL of your site for testing.
CERTIFIED EXPERT

Commented:
What's the exact message shown?

Check your site's certificate.  Is it using an outdated key?  Sha-1?  Is it self-signed? 512 bits instead of 2048?

Did it get put on a blacklist?  Were you hacked?
Sheldon LivingstonConsultant

Author

Commented:
vslcomputers.com
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
What plug-kbs, addons do you have on the browser?
Try another browser, do you get the same message?
I.e. Is it in your side, or from the host?
Sheldon LivingstonConsultant

Author

Commented:
It's the site... had multiple friends try.

CERTIFIED EXPERT

Commented:
Try a different browser.  Google is blocking the site through Chrome.
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Sheldon LivingstonConsultant

Author

Commented:
arnold... no deceptive site notice? The configuration at BlueHost?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
The notice as serialband pointed out is from google chrome.
"Google Safe Browsing recently detected phishing on www.vslcomputers.com. Phishing sites pretend to be other websites to trick you.

You can report a detection problem or, if you understand the risks to your security, visit this unsafe site."

This might be the result of other sites on the host side that originate, seen coming from the same IP as the site, or mass mailings that google saw which concluded .....

Only way to resolve this issue, is to reach out to google, though they do not provide a mechanism up front, to get this issue resolved.

This is the full description of the error and how they came about marking sites...
https://www.google.com/chrome/privacy/whitepaper.html?hl=en-US#extendedreport
Sheldon LivingstonConsultant

Author

Commented:
If I am understanding you correctly, the IP address may be and issue as the site is on a shared hosting server. This sound right?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
It is more of a guess than a factual statement.

The message points to a PHISHING from the site that it appears as different sites.
Now whether phishing is based on emails, or what the methodology.

if they have a name to IP record and there are other sites that use the same IP on this shared hosting, one of them could cause the blacklisting of all.

If you know other sites on the host, see if you get the same message...

They do not seem to include a way to reassess or clarify the basis on which they make this determination...
Sheldon LivingstonConsultant

Author

Commented:
Thank you!
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Aside: I go through resolution of this type of problem several times each week.

These cases generally fall into a few categories.

1) Rare: An actual problem, like a hacked file injected onto a site.

Fix: Cleanse the site.

2) Rare: Like #1 only the hack is injected into index.php so pollutes every site page.

Fix: Cleanse the site.

3) Common: Some visitor is running Windows + brain dead Malware/Virus scanning software.

Fix: Visitor must disable their brain dead scanner or add a manual exception for the site.

4) Common: The real/permanent fix for #3.

Malware/Virus scanners are very simplistic. They scan for strings of bytes matching known Malware/Virus signatures.

Most false positives occur when site content is scrambled/broken.

Fix sequence is to fix 100% of all HTML errors. Then if problem persists, fix 100% of all CSS errors, then Javascript errors.

Usually, fixing all HTML syntax errors provides enough context for scanners to stop matching false positives.

Another way to look at this is if your HTML syntax is broken on a site, then all that's serving is a string of bytes with no context. This missing context is almost always why false positives occur.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.