Concret5 Blocked by Bluehost
Permalink
Just a warning that Bluehost blocked my Concrete5 website unless I bought sitelock and said it was malware. I moved it to another site for hosting, but its immediately blocked by both Firefox and IE Smartscreen as being a fishing site reported to them.
Anyone had these issues? Is there a putsch on to only have retailers use other aligned platforms?
Anyone had these issues? Is there a putsch on to only have retailers use other aligned platforms?
Not related to any change in site content. Site stable for 18 months.
@suastiastu
Did Bluehost offer a specific reason or an automated response saying that your site was malware?
If it was stable for 18 months, something happened for the site to be flagged as malware.
Do you have any third party JavaScript running on your site?
Did Bluehost offer a specific reason or an automated response saying that your site was malware?
If it was stable for 18 months, something happened for the site to be flagged as malware.
Do you have any third party JavaScript running on your site?
Summarily Blocked with a message to contact them. tHen presented with a lsit of files they said were malware but weren't. Suggested I buy sitelock, said would not reinstate site unless malware was removed. Would not go through the files in their list (not maleware) and said I needed to speak with my website specialist developer, because they couldn't discuss individual files. The site kangaroovisa.com uses themes/add-ons from concrete5 marketplace.
@suastiastu
Do you still have the list of files that Bluehost flagged as malware?
What is the address of the site that is blocked by Firefox and IE?
Do you still have the list of files that Bluehost flagged as malware?
What is the address of the site that is blocked by Firefox and IE?
As mentioned above, The site which is blocked by Firefox and IE smartscreen is kangaroovisa.com.
Yes I still have their lists of "malware files" (attached)
Yes I still have their lists of "malware files" (attached)
@suastiastu
I can confirm that Google’s Safe Browsing is flagging your site as unsafe.
https://transparencyreport.google.com/safe-browsing/search?url=http:...
There are a few reasons for this:
- Your site does not use HTTPS and asks for name, phone number, and email on multiple pages.
- It contains keywords like "visa" and others used in suspicious sites.
- You have a row of icons at the top of the page (for social media and online payment services), that when clicked, ask the user to enter their credentials to allow you access.
I can confirm that Google’s Safe Browsing is flagging your site as unsafe.
https://transparencyreport.google.com/safe-browsing/search?url=http:...
There are a few reasons for this:
- Your site does not use HTTPS and asks for name, phone number, and email on multiple pages.
- It contains keywords like "visa" and others used in suspicious sites.
- You have a row of icons at the top of the page (for social media and online payment services), that when clicked, ask the user to enter their credentials to allow you access.
actually on Bluehost the site is using https: and just transferring it out today.
These are the Concrete5 marketplace social media authentication add-ons. Indeed their purpose is to collect user information, and As I am an immigration lawyer, you can bet the word visa gets a mention.
Google certainly are trying to control what people can or cannot do and say about their business on the internet.
Being a good lawyer of course the answer is to sue, especially if the result is a big red screen stating that the site is trying to trick the user into entering details and is a phishing site.
Note Bluehost are saying that standard Concrete5 files are malware and sites will be blocked.
These are the Concrete5 marketplace social media authentication add-ons. Indeed their purpose is to collect user information, and As I am an immigration lawyer, you can bet the word visa gets a mention.
Google certainly are trying to control what people can or cannot do and say about their business on the internet.
Being a good lawyer of course the answer is to sue, especially if the result is a big red screen stating that the site is trying to trick the user into entering details and is a phishing site.
Note Bluehost are saying that standard Concrete5 files are malware and sites will be blocked.
Google is reacting onhttp://kangaroovisa.com but your site is not at that address. Your site's address is reallyhttp://www.kangaroovisa.com and for that one, Google says it's safe. You can try it here:https://transparencyreport.google.com/safe-browsing/search?url=https...
It seems you also have a redirect in place that takes us directly tohttps://www.kangaroovisa.com/index.php/kangaroo-visa/...
When typing only the wrong address in Chrome (no www and no https) nothing bad happens, I just get redirected to your https website with the redirect mentioned above
It seems you also have a redirect in place that takes us directly tohttps://www.kangaroovisa.com/index.php/kangaroo-visa/...
When typing only the wrong address in Chrome (no www and no https) nothing bad happens, I just get redirected to your https website with the redirect mentioned above
Just as an FYI the SSL certificate is a Let's Encrypt certificate. They are only valid 3 months and need renewing.
I see that yours was renewed or created on November 20 so that might explain the problem. You might have had no valid SSL certificate for a few days which would have triggered Google alerts.
I see that yours was renewed or created on November 20 so that might explain the problem. You might have had no valid SSL certificate for a few days which would have triggered Google alerts.
You also have a problem with your social icons. Facebook's one rejects the authentication because the address set is not the proper one. The address given Facebook ishttp://www.kangaroovisa.com without the https which makes it wrong.
The LinkedIn one doesn't go anywhere.
I didn't try the other ones but these issues are not malware issues, they are functionality issues.
The LinkedIn one doesn't go anywhere.
I didn't try the other ones but these issues are not malware issues, they are functionality issues.
You also have some mixed content warnings because you are using an SSL certificate but your site is trying to load resources from non SSL sources. Nothing too bad or threatening. The 2 warnings concern your font, loaded from Google Fonts, and your Font Awesome Stylesheet loaded from Max CDN. Both could be easily corrected to avoid those warnings.
Thank you for that!
I wasn't aware of this - I am seeing my windows CA generated certificate with a 2 year validity
Thank you for your feedback, its helpful, and because I don't completely understand it I have something I can learn from it. Telle me - you say my site is "really"http://www.kangaroovisa.com, nothttp://kangaroovisa.com. What determines what the site "really" is?
there was a typo I wanted to say your site is reallyhttp://www.kangaroovisa.com (I forgot the s in https)
What I meant was that if you type anything else, you get redirected to that. So if you type http instead of https or you omit the www, you still end up on the https and www address.
As for certificate validity, you can check it here:https://www.sslshopper.com/ssl-checker.html#hostname=https://www.kan...
and again, Let's Encrypt only delivers 3 months validity renewable indefinitely
What I meant was that if you type anything else, you get redirected to that. So if you type http instead of https or you omit the www, you still end up on the https and www address.
As for certificate validity, you can check it here:https://www.sslshopper.com/ssl-checker.html#hostname=https://www.kan...
and again, Let's Encrypt only delivers 3 months validity renewable indefinitely
The re-direct is a function of the language settings - for English it redirects to that page
what is important is that the page Google flags as unsafe is probably never going to be seen by anyone if those redirects do their job.
This sounds like it might be an issue with your site content and not concrete5.
Have you reviewed your site content recently?