Avatar of Sheldon Livingston
Sheldon LivingstonFlag for United States of America asked on

Why is my site showing "Deceptive site ahead"

All of a sudden my BlueHosted site is being flagged as deceptive.

How can I check into why?
Security

Avatar of undefined
Last Comment
David Favor

8/22/2022 - Mon
David Favor

There is no easy answer for this.

Provide the actual URL of your site for testing.
serialband

What's the exact message shown?

Check your site's certificate.  Is it using an outdated key?  Sha-1?  Is it self-signed? 512 bits instead of 2048?

Did it get put on a blacklist?  Were you hacked?
ASKER
Sheldon Livingston

vslcomputers.com
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
arnold

What plug-kbs, addons do you have on the browser?
Try another browser, do you get the same message?
I.e. Is it in your side, or from the host?
ASKER
Sheldon Livingston

It's the site... had multiple friends try.

serialband

Try a different browser.  Google is blocking the site through Chrome.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
arnold

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
Sheldon Livingston

arnold... no deceptive site notice? The configuration at BlueHost?
arnold

The notice as serialband pointed out is from google chrome.
"Google Safe Browsing recently detected phishing on www.vslcomputers.com. Phishing sites pretend to be other websites to trick you.

You can report a detection problem or, if you understand the risks to your security, visit this unsafe site."

This might be the result of other sites on the host side that originate, seen coming from the same IP as the site, or mass mailings that google saw which concluded .....

Only way to resolve this issue, is to reach out to google, though they do not provide a mechanism up front, to get this issue resolved.

This is the full description of the error and how they came about marking sites...
https://www.google.com/chrome/privacy/whitepaper.html?hl=en-US#extendedreport
ASKER
Sheldon Livingston

If I am understanding you correctly, the IP address may be and issue as the site is on a shared hosting server. This sound right?
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
arnold

It is more of a guess than a factual statement.

The message points to a PHISHING from the site that it appears as different sites.
Now whether phishing is based on emails, or what the methodology.

if they have a name to IP record and there are other sites that use the same IP on this shared hosting, one of them could cause the blacklisting of all.

If you know other sites on the host, see if you get the same message...

They do not seem to include a way to reassess or clarify the basis on which they make this determination...
ASKER
Sheldon Livingston

Thank you!
David Favor

Aside: I go through resolution of this type of problem several times each week.

These cases generally fall into a few categories.

1) Rare: An actual problem, like a hacked file injected onto a site.

Fix: Cleanse the site.

2) Rare: Like #1 only the hack is injected into index.php so pollutes every site page.

Fix: Cleanse the site.

3) Common: Some visitor is running Windows + brain dead Malware/Virus scanning software.

Fix: Visitor must disable their brain dead scanner or add a manual exception for the site.

4) Common: The real/permanent fix for #3.

Malware/Virus scanners are very simplistic. They scan for strings of bytes matching known Malware/Virus signatures.

Most false positives occur when site content is scrambled/broken.

Fix sequence is to fix 100% of all HTML errors. Then if problem persists, fix 100% of all CSS errors, then Javascript errors.

Usually, fixing all HTML syntax errors provides enough context for scanners to stop matching false positives.

Another way to look at this is if your HTML syntax is broken on a site, then all that's serving is a string of bytes with no context. This missing context is almost always why false positives occur.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.