Deceptive site ahead - warnings just started today from Google Chrome (only)

spaceman

• March 14, 2021 19:26

Hi All, Latest version of Google Chrome 89.0.4390.90 (Official build) has suddenly started today, 15th March 2021, to display some of our sites as insecure, despite the fact that the TLD and subdomains are reporting just fine with SSL Shopper: Google Chrome is claiming that the SSL certs for the above domains are NOT valid, NOT secure. Other browsers don't seem to have a problem. As per what SSL Shopper says, the certificate was issued by Sectigo, but also that the Issuer is cPanel, Inc. Certification Authority. So we're wondering whether either: 1. Google Chrome is wrong, and they'll need to fix it, OR 2. There is indeed some security issue with SSLs issued by Sectigo / cPanel which Google Chrome is (now) validly detecting and reporting. Will continue to investigate... Any other ideas are welcome.

• 

  ZenHostingTravis

  • March 15, 2021 03:35

  Hi, There is no issue with SSL. I think your site/s are infected with malware because even though I didn't see the warning you mentioned, Sophos blocked the website for potentially being malicious. You have to clean the website of any malware and then resubmit the website to Google to re-assess. On the node, I'd recommend using Imunify 360 if you aren't already. It is the best software for malware prevention and detection. The following link may assist you further:

  0
• 

  spaceman

  • March 15, 2021 05:14

  Thanks for your reply @ZenHostingTravis . Note that the issue appears to be affecting MULTIPLE websites, where there is zero technical connection between these website... they're even hosted on remove servers from one another. The only commonality being that they're all using the same TLD in various sub-domain configurations. So even if one site is infected.... it wouldn't make sense to effectively blacklist every subdomain site using the same TLD.

  0
• 

  spaceman

  • March 15, 2021 05:23

  Good news! The problem has gone away. We did terminate one (of many) sites that were using the same TLD in a subdomain configuration. It did look like that one site might have been hacked. This doesn't explain why ALL subdomain sites would have been blacklisted. That makes no sense. I did report the issue to Google via the Google Search Console (formally Google Webmaster Tools) for them to review the situation, so whether or not they acted on this manually, and/or it was because we terminated the single "possibly suspect" hosting account... who knows. A good result either way.

  0
• 

  ZenHostingTravis

  • March 15, 2021 05:26

  They have acted on submissions quickly in the past, when a customer of ours has had their website hacked. Glad to hear the problem has been resolved.

  0
• 

  cPRex Jurassic Moderator

  • March 15, 2021 16:28

  I'm glad you were able to get that resolved! You may want to contact Google and ask why they marked them all as having an issue as they would be the ones that are able to provide more details on that behavior.

  0

Please sign in to leave a comment.