Concret5 Blocked by Bluehost

Permalink
Just a warning that Bluehost blocked my Concrete5 website unless I bought sitelock and said it was malware. I moved it to another site for hosting, but its immediately blocked by both Firefox and IE Smartscreen as being a fishing site reported to them.
Anyone had these issues? Is there a putsch on to only have retailers use other aligned platforms?

suastiastu
 
MrKDilkington replied on at Permalink Reply
MrKDilkington
Hi suastiastu,

This sounds like it might be an issue with your site content and not concrete5.

Have you reviewed your site content recently?
suastiastu replied on at Permalink Reply
suastiastu
Not related to any change in site content. Site stable for 18 months.
MrKDilkington replied on at Permalink Reply
MrKDilkington
@suastiastu

Did Bluehost offer a specific reason or an automated response saying that your site was malware?

If it was stable for 18 months, something happened for the site to be flagged as malware.

Do you have any third party JavaScript running on your site?
suastiastu replied on at Permalink Reply
suastiastu
Summarily Blocked with a message to contact them. tHen presented with a lsit of files they said were malware but weren't. Suggested I buy sitelock, said would not reinstate site unless malware was removed. Would not go through the files in their list (not maleware) and said I needed to speak with my website specialist developer, because they couldn't discuss individual files. The site kangaroovisa.com uses themes/add-ons from concrete5 marketplace.
MrKDilkington replied on at Permalink Reply
MrKDilkington
@suastiastu

Do you still have the list of files that Bluehost flagged as malware?

What is the address of the site that is blocked by Firefox and IE?
suastiastu replied on at Permalink Reply 1 Attachment
suastiastu
As mentioned above, The site which is blocked by Firefox and IE smartscreen is kangaroovisa.com.

Yes I still have their lists of "malware files" (attached)
MrKDilkington replied on at Permalink Reply
MrKDilkington
@suastiastu

I can confirm that Google’s Safe Browsing is flagging your site as unsafe.
https://transparencyreport.google.com/safe-browsing/search?url=http:...

There are a few reasons for this:
- Your site does not use HTTPS and asks for name, phone number, and email on multiple pages.
- It contains keywords like "visa" and others used in suspicious sites.
- You have a row of icons at the top of the page (for social media and online payment services), that when clicked, ask the user to enter their credentials to allow you access.
suastiastu replied on at Permalink Reply
suastiastu
actually on Bluehost the site is using https: and just transferring it out today.
These are the Concrete5 marketplace social media authentication add-ons. Indeed their purpose is to collect user information, and As I am an immigration lawyer, you can bet the word visa gets a mention.
Google certainly are trying to control what people can or cannot do and say about their business on the internet.
Being a good lawyer of course the answer is to sue, especially if the result is a big red screen stating that the site is trying to trick the user into entering details and is a phishing site.
Note Bluehost are saying that standard Concrete5 files are malware and sites will be blocked.
mnakalay replied on at Permalink Reply
mnakalay
Google is reacting onhttp://kangaroovisa.com but your site is not at that address. Your site's address is reallyhttp://www.kangaroovisa.com and for that one, Google says it's safe. You can try it here:https://transparencyreport.google.com/safe-browsing/search?url=https...

It seems you also have a redirect in place that takes us directly tohttps://www.kangaroovisa.com/index.php/kangaroo-visa/...

When typing only the wrong address in Chrome (no www and no https) nothing bad happens, I just get redirected to your https website with the redirect mentioned above
mnakalay replied on at Permalink Reply
mnakalay
Just as an FYI the SSL certificate is a Let's Encrypt certificate. They are only valid 3 months and need renewing.

I see that yours was renewed or created on November 20 so that might explain the problem. You might have had no valid SSL certificate for a few days which would have triggered Google alerts.
mnakalay replied on at Permalink Reply
mnakalay
You also have a problem with your social icons. Facebook's one rejects the authentication because the address set is not the proper one. The address given Facebook ishttp://www.kangaroovisa.com without the https which makes it wrong.
The LinkedIn one doesn't go anywhere.
I didn't try the other ones but these issues are not malware issues, they are functionality issues.
mnakalay replied on at Permalink Reply
mnakalay
You also have some mixed content warnings because you are using an SSL certificate but your site is trying to load resources from non SSL sources. Nothing too bad or threatening. The 2 warnings concern your font, loaded from Google Fonts, and your Font Awesome Stylesheet loaded from Max CDN. Both could be easily corrected to avoid those warnings.
suastiastu replied on at Permalink Reply
suastiastu
Thank you for that!
suastiastu replied on at Permalink Reply
suastiastu
I wasn't aware of this - I am seeing my windows CA generated certificate with a 2 year validity
suastiastu replied on at Permalink Reply
suastiastu
Thank you for your feedback, its helpful, and because I don't completely understand it I have something I can learn from it. Telle me - you say my site is "really"http://www.kangaroovisa.com, nothttp://kangaroovisa.com. What determines what the site "really" is?
mnakalay replied on at Permalink Reply
mnakalay
there was a typo I wanted to say your site is reallyhttp://www.kangaroovisa.com (I forgot the s in https)
What I meant was that if you type anything else, you get redirected to that. So if you type http instead of https or you omit the www, you still end up on the https and www address.

As for certificate validity, you can check it here:https://www.sslshopper.com/ssl-checker.html#hostname=https://www.kan...

and again, Let's Encrypt only delivers 3 months validity renewable indefinitely
suastiastu replied on at Permalink Reply
suastiastu
The re-direct is a function of the language settings - for English it redirects to that page
mnakalay replied on at Permalink Reply
mnakalay
what is important is that the page Google flags as unsafe is probably never going to be seen by anyone if those redirects do their job.