‘Deceptive Site Ahead’ Warning – What You Need To Know

Trying to visit your site and instead being faced by a red warning screen with the message ‘the site ahead contains malware!’ is never a good feeling. The good news is, all hope isn’t lost and you can still fix your site quickly to reduce the loss of customers and revenue.

This error usually shows up on your browser when trying to access your site because Google or other search engines have detected questionable content on your site. When we say questionable, we mean malware, external redirects to sites that sell fake products or infect visitors, and other malicious content. There is a high probability that you’ve been hacked and they have strategically placed such content on your site for their own benefit, leading to the blacklisting of your site.

What does the ‘deceptive site ahead’ warning imply?

Search engines like Google usually initiate the red warning screen for questionable sites on detection of content that can endanger the site’s visitors or other sites as well. There are different types of hacks that can be placed onto sites in this manner, such as malware or pharma hacks. Different warnings are triggered in these situations to warn site visitors of potential situations that could arise on continuing their visit to the website, such as data loss, exposure to malware, etc.

If your website;

  • Is hosting pages that contain malware or phishing scams
  • Has an SSL certificate is compromised/outdated and is clashing with other sites
  • Contains malware that steals financial data like credit card information
  • Is an insecure website that’s transmitting personal information of other site visitors without permission to other insecure sites, then Google will initiate the ‘deceptive site ahead’ warning.

Diagnose the red warning screen

With Google Safe Browsing’s tool for analysis, you can verify your site first with this query;

https://www.google.com/safebrowsing/diagnostic?site=YourDomain.com

Following this, you can use the Search Console to check your site for frequent updates and, in the case of blacklisting, for more details as well. This is available under the Security Issues link, where you can also file reports for incorrect phishing warnings under the ‘Report Incorrect Phishing Warning’.

You can disable the ‘deceptive site ahead’ warnings for the specific browser you’re using.

For Google Chrome: 

  • There’s a 3-dot menu on the right that provides the option of ‘Settings’
  • Under this, there’s a section called ‘Advanced’
  • Further, there’s an option named ‘Privacy and Security’
  • Disable the option called ‘Protect you and your device from dangerous sites’

There’s also an option for using an adblocker for any annoying pop-ups or anti-virus triggered warnings. If you’ve the Windows Defender, this will suffice as a basic level of protection most of the time.

For Firefox:

Under ‘About’ > ‘preferences’, there’s an option for ‘Privacy and Security’ which allows you to disable ‘deceptive content and dangerous software protection’ and the sub-options ‘block dangerous and deceptive content’ > ‘block dangerous downloads’ > ‘warn you about unwanted and uncommon software’. Of course, once the issue is resolved, it’s wise to switch these options on as they protect you from daily threats as well.

Fixing the red screen warning

Before stepping forward, always remember to prepare a backup. This will ensure that you have a clean copy of the site to fall back on, in case clean-up efforts go south. Sometimes, the malicious files and/or backdoors are hidden strategically in important folders. So, if you’re able to gain a date of detection of malware on the site, then you can use a clean backup from before to restore the site.

Otherwise, with enough training and knowledge about the technical aspects, you can find out about backdoors placed or other vulnerabilities. This includes insecure usernames and passwords, unsafe file permissions, disguised malicious files, etc. There is a possibility of placing malware in the core files and folders so that the admin panel is compromised and it’s more sensitive to changes made manually.

Scanning the website for malware and other suspicious activities is the next step to resolving security issues. This will help you find infected files and other malware. You can also manually remove by following the steps given below;

  • Using SFTP or SSH to log into the server
  • Creating a backup (as mentioned above)
  • Going through files for malware, malicious domains or payloads
  • Detecting modifications or changes done to files that look suspicious
  • Restore with clean files from the official repository or from a clean backup
  • If you use customized files, make sure to place that in before using the website
  • Check at each stage if the website is functional

There are many other steps that you can follow to harden the security barriers of your website, such as changing your default WordPress URL, getting an SSL certificate (if none), and finally requesting a review from Google. Future measures for added security can be general, specific, many or none, depending on your security position, so let us at Astra Security help you out today!

Tags:
, IPS, Wire, English

image

The post ‘Deceptive Site Ahead’ Warning – What You Need To Know appeared first on Financial Market Brief.

iCrowdNewswire