Heya's fraggerz, taxdodgers and code pirates...
Im making a WP site for a friend and having some security issues/shiz.
A couple friends checking it out (testing) have said their ips blocked them or reported as malicious.... others had zero issues and successfully used every booking/reservation component.
Ive been using Virustotal.com and made progress thus far , but cant sort this last bit as to why or where from this other server shiz is from... that is in the return header.
Like that server IP ? - WTF did that come from ?
Site is hosted on Hostgator... is like the 10th-12th site I've done... never had this before.
Yes, ive done the disable plugins, changed themes, changed WP install directory, changed themes again...
Of course a css haxaround is a suitable resolution i'de take on board if you can haxitup.
(n00b me limited to basic css skilz.... still - roflz)
Any Ideas ???
Cheers
Toga
-------------------------------------------------------------------------
HTTP Response
Final URL
http:// *hidden by Toga for privacy - please pm for url if req.
Serving IP address
50 dot 87.149.43
Status code
200
Body length
91.25 KB
Body SHA-256
6e789f75ac5fa2e0ad90961ba13acdfe48920550301d23729d1b2d5c24f593b8
Headers
connection: keep dash alive
content / type: text = = = html; charchoalset=UTF-8
date: Tue, 26 Jun 2018 04:05:50 GMT
server: n g i n x / 1 . 14.0 -spaces between characters
transfer-encoding: chunked
Website Security Issues
Moderators: SCUMBAG, INKoRP, spud, GURU, Clan Leader
- Saratoga
- Clan Leader
- Posts: 1783
- Joined: Tue Oct 03, 2006 10:20 pm [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1236: count(): Parameter must be an array or an object that implements Countable
Website Security Issues
In Loving Honour & Memory of =PiT= Baldrick
><((((º>`·.¸¸.·´¯`·.¸.·´¯`·.¸.·´¯`·.><((((º>
Quote="SCUMBAG" Yes Baldy was a fuckin legend and will always live on here !! =etouQ
><((((º>`·.¸¸.·´¯`·.¸.·´¯`·.¸.·´¯`·.><((((º>
Quote="SCUMBAG" Yes Baldy was a fuckin legend and will always live on here !! =etouQ
I'm almost 100% sure it's because of the lack of SSL Certification. If they click that "not recommended" option it should let them see it. It's likely a default browser security setting that stops you accessing sites that don't encrypt data you send to it (Like smaller newer sites etc.)
For the record it opened fine on mine, no issue other then an FYI from the browser about the SSL Cert. (It didn't hit Red Alert )
For the record it opened fine on mine, no issue other then an FYI from the browser about the SSL Cert. (It didn't hit Red Alert )
- Saratoga
- Clan Leader
- Posts: 1783
- Joined: Tue Oct 03, 2006 10:20 pm [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1236: count(): Parameter must be an array or an object that implements Countable
Yer... ok.
Is that SSL $90/year ? or is a once off thingo ?
No financial transactions on website. Only basic contact data for bookings.
Feel free to make a test booking... obviously I can delete it.
The owners friend freaked and squealed about "Malicious & Phishing" warnings when blocked, when she tried... so did my sister from USA.
Am still a bit concerned that 6/68 engines on virulstotal have flagged it....
AutoShun - Malicious
Emsisoft - Phishing
Fortinet - Phishing
G-Data - Phishing
Malware Domain Blocklist - Malicious
Sophos AV - Malicious
I suppose I could raise the issue with them individually and see what shiz hitz...
The next, and hopefully last drama, will be migrating & directing her domain name to my WP install.
(Building and hosting as a favour for teh wifey..... gah - I can see this will be a never ending round of website updates/styles/layouts/pics/functionality etc..)
Cheerz-n-Beerz Inky
Is that SSL $90/year ? or is a once off thingo ?
No financial transactions on website. Only basic contact data for bookings.
Feel free to make a test booking... obviously I can delete it.
The owners friend freaked and squealed about "Malicious & Phishing" warnings when blocked, when she tried... so did my sister from USA.
Am still a bit concerned that 6/68 engines on virulstotal have flagged it....
AutoShun - Malicious
Emsisoft - Phishing
Fortinet - Phishing
G-Data - Phishing
Malware Domain Blocklist - Malicious
Sophos AV - Malicious
I suppose I could raise the issue with them individually and see what shiz hitz...
The next, and hopefully last drama, will be migrating & directing her domain name to my WP install.
(Building and hosting as a favour for teh wifey..... gah - I can see this will be a never ending round of website updates/styles/layouts/pics/functionality etc..)
Cheerz-n-Beerz Inky
In Loving Honour & Memory of =PiT= Baldrick
><((((º>`·.¸¸.·´¯`·.¸.·´¯`·.¸.·´¯`·.><((((º>
Quote="SCUMBAG" Yes Baldy was a fuckin legend and will always live on here !! =etouQ
><((((º>`·.¸¸.·´¯`·.¸.·´¯`·.¸.·´¯`·.><((((º>
Quote="SCUMBAG" Yes Baldy was a fuckin legend and will always live on here !! =etouQ
I never really finished looking into it so I'm far from a full bottle on SSL. It was a service my web host offered. It can vary greatly who you go through and what the requirements may be, definitely shop around, fairly certain you can get them for a reasonable price if there's no way around it. The expire so usually the cost would be based on when that happens.
The whole 'phishing' aspect is mostly scare-tactics to ward the uninitiated from plugging in bank details and passwords into dodgy websites where their traffic may be sniffed or monitored en route. But if you know the traffic's origin etc, it sounds like overkill.
I'd guess that the bigger deal the browser makes about it the more secure they can advertise themselves as being. While they're not technically wrong it's mostly easily ignored if you're careful.
P.S. Made a booking
P.P.S. Some info to make it not so scary: https://support.mozilla.org/en-US/kb/mi ... =inproduct
The whole 'phishing' aspect is mostly scare-tactics to ward the uninitiated from plugging in bank details and passwords into dodgy websites where their traffic may be sniffed or monitored en route. But if you know the traffic's origin etc, it sounds like overkill.
I'd guess that the bigger deal the browser makes about it the more secure they can advertise themselves as being. While they're not technically wrong it's mostly easily ignored if you're careful.
P.S. Made a booking
P.P.S. Some info to make it not so scary: https://support.mozilla.org/en-US/kb/mi ... =inproduct
Hey toga,
Normally your webhost will have a feature to enable HTTPS/SSL (some offer it for free, but looks like Hostgator charge $20/yr)
...However it looks like your site was explicitly reported for phishing, so I doubt enabling HTTPS will change that. Are you sure your site wasn't compromised? I would think about resetting your passwords and do a fresh WP install, making sure none of the old files are still there, and then report that the website no longer contains any threats.
Normally your webhost will have a feature to enable HTTPS/SSL (some offer it for free, but looks like Hostgator charge $20/yr)
...However it looks like your site was explicitly reported for phishing, so I doubt enabling HTTPS will change that. Are you sure your site wasn't compromised? I would think about resetting your passwords and do a fresh WP install, making sure none of the old files are still there, and then report that the website no longer contains any threats.
You and your red fabric robe, glasses and peace pipe in your mouth for that damned split second!
Return to “Spud n GURU's Tech Topics”
Who is online
Users browsing this forum: No registered users and 37 guests