Web Security

Have you ever encountered “Deceptive Site Ahead” situation?

blog-5

Have you ever encountered “Deceptive Site Ahead” situation?

Yes, we did and we resolved it too…

What is “Deceptive site ahead” issue?

“Deceptive site ahead” is a strong warning when the user opens a website with malicious code. Most of the cases it is an authentic, red alert, that warns the user to refrain from the potential risks of visiting subsequent pages of the site. 

You should be all the more concerned in case your website is throwing up this issue.

First things first, do not panic.

If you are currently witnessing the “Deceptive Site Ahead” pop-up alert, do not bypass it, otherwise you can put your privacy and security at risk by entering a site with malicious code or malware-infected domain.
This blog outlines the scenario we encountered and the steps for its resolution.

Scenario: Last year we launched a WordPress® website for one of our clients. This site is gaining popularity across the globe.

The first notification about this situation was received last week from our hosting services provider about the phishing activity on the website. The site was affected. Suggestion to us was to scan all files on the site to identify and remove infected files.

The affected site was suspended by our hosting services provider and it was down. This was the first time we came across such an issue.

Steps we took to resolve this issue:

Step 1: Upon checking thru the cPanel, all files were removed except for a few. There were few new files with .php extension. While backing up, the system alerted about the threat. Without any other option, we had to delete all files of the affected site on the hosting server.

As always, we have been diligent to have a backup of the site available locally with us. These files were uploaded on the hosting server.

Step 2: With above, the site was active but with the alert about “Deceptive Site Ahead” prevailed. It warns the site visitor about a risk upon accessing the infected domain. Thus no one would risk the implications of visiting such a site. 

We found a resolution to get rid of “deceptive site ahead” message and came to know that, this message was created by Google Safe Browsing® services in order to protect Internet users from unsafe online content. 

We started troubleshooting the issue over multiple browsers. The site was working fine on all browsers except Google Chrome®and Mozilla Firefox®.

This was resolved with the following approach

Step3: Visited Google webmaster using the link “https://www.google.com/webmasters/#?modal_active=none” and in search console, submitted the domain name/URL of this deceptive site.

 

Step4: Another pop-up window shows Verify domain ownership via DNS record. This provided a verification code. Added this verification code in the TXT record into DNS configuration.

If you don’t know how to add this, you can reach out to your domain/hosting provider for support on the same.

 

Step5: After clicking on Verify, we still got some error and google search console showed “Ownership verification failed”.

We tried to verify for two days but still, the deceptive site message was visible on Google Chrome browser.

 

Step 6: We looked for few plugin’s for detecting malware and we installed Sucuri security plugin on WordPress. There are other plugin’s also available. With this, we could identify a new plugin called Sketch which was installed automatically in wp-content/themes folder. As we were sure that it was not installed by us, we deleted this plug-in.

Step7: After deleting the plugin, we re-verified with google webmaster. It took about 12-14 hours for the verification cycle to complete.

 

We were done with DNS verification and the issue was resolved. Now when we browse the website, we can see the landing page.

I hope this article will be a useful example of resolving “Deceptive site ahead” issue.

Stay tuned to read many such useful articles.

Comments ( 2 )

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

UI Developer

Job Description


This is a hot opening and we are looking to hire as soon as possible. 

Candidates having 7-8 years of experience as UI developer. Minimum 2 years experience in React.js

Primary Skill (Mandatory): React.js, Advanced JavaScript, HTML5, CSS3, Redux/Context

Secondary Skills (Good to have): Conversion rate optimization (CRO)/AB Testing tool preferably “Convert”

Key Responsibilities:

• In-depth knowledge of HTML, CSS, Sass and strong knowledge on Object Oriented JavaScript and Ajax, jQuery and any other CSS framework like Material Ui or Bootstrap

• Strong proficiency & thorough understanding in JavaScript, including DOM manipulation and the JavaScript object model, React.js (Include hooks)

• Experience using A/B Testing Tool such as “Convert”

• Should be a self-starter with high initiative, team player, with problem solving abilities.

• Responsible for development of new highly responsive, web-based user interface

• Develop clean, secure, extensible, reusable, and maintainable code meeting existing architectural standards

• Should be good in writing automated unit tests in React & JavaScript

• Review functional requirements, providing technical feedback on feasibility and architectural approach and framework.

• Collaborate with middleware engineers to deliver performant web applications

• Experience in release management and version management tools (e.g. GIT hub, JIRA, bit bucket etc.)

• Experience with web services (consuming or creating) with REST, Web Sockets or Graphql

• Very good interpersonal, analytical, problem-solving, and written & verbal communication skills

• Understand requirements through regular interaction with concerned stakeholders including counterparts in the other offices

• Utilize Agile Development, SCRUM / Pair / Extreme Programming methodologies

This will close in 0 seconds

Senior Fullstack Middleware Engineer

Job Description


This is a hot opening and we are looking to hire as soon as possible. 

Opportunity for Full stack Middleware Developer

Primary Skills (Mandatory): Node.js, JavaScript/TypeScript, GraphQL
Good to Have: Express.js
Exp: 5 to 9 years

• Extensive experience working with Express.js and TypeScript.

• Developing Azure Serverless functions using Node.js

• Working knowledge on GraphQL and integrate with Express.js middleware (Azure Functions)

• Consuming APIs to interact with other applications using GraphQL and Restful web services.

• Azure Service Bus (ASB), Pub/Sub model of message communication and Message handling life-cycle (Time-To-Live, Size, Locking, DeadLetterQueue, Sessions, Duplicate Detection, etc)

• Build & DevOps process

• Experience with headless commerce engine or CMS an advantage

• General eCommerce experience preferred.

• Good understanding of algorithms and data structures

• Should be good in communication and presentation skills

• Should be a self-starter with high initiative, team player, with problem solving abilities. 

This will close in 0 seconds

Java Developer

Job Description


Candidates having 5 - 15 Years of experience as Java developer.

Roles & Responsibilities

• Java developer responsibilities include designing and developing high-volume, low-latency

• applications for mission-critical systems and delivering high-availability and performance

• Contribute in all phases of the development lifecycle

• Write well designed, testable, efficient code

• Ensure designs are in compliance with specifications

Support continuous improvement by investigating alternatives and technologies and presenting these for architectural review

Skills & Requirements :
• Background in Enterprise Design patterns and Distributed Systems.
• Expertise in Java development, application, and architecture design skills and Test Driven Development Experience.
• Experience in Zookeeper, & SQL/NoSQL - MongoDB, Cassandra or CouchDB or Redis or Data Stax are beneficial
• Experience in Infrastructure backgrounds are beneficial (OpenStack, Docker or Vagrant)
• Understanding and Hands-on experience with Webservices technologies - HTTP, REST, JSON, XML, SOAP, Oauth
• Ability to develop, execute and maintain test plans and test cases
• Expertise in unit and integration test automation.
• Exposure to CI/CD tools and environments - Jenkins, PaaS Technologies, GitLab, SonarQube, Microservices Architecture - Kubernetes, Docker.
• Experience in using Maven/Grunt/Gradle as build tools for application deployments.
• Requires strong analytical and critical thinking skills

This will close in 0 seconds