Website "Now safe"

[PaulMy]

I've had a few people contact me to indicate they can't access my websites as browser indicates not safe.
I contacted my webhost GoDaddy and they say, by using Google Chrome to my website yes it has malware, and I need to subscribe to their security service at $324 per year for one domain, or a pack of 5 for $660 (I have 5 domains including 3 non-profits for which I host and volunteer). I haven't yet agreed to subscribe...
However I can reach my sites from Edge without any warning. I then checked my GoDaddy account and it shows no malware

Code: Select all

Security CheckSecurity Check for April 16, 2024 at 11:42 a.m.
Site is clean
Hostname: komokaweather.com
IP address: 198.12.220.99
Malware
Vulnerabilities
Web Trust
Good news!
No malware found

I get the feeling GoDaddy is giving me a sales pitch!
Anyone get "Not safe" for http://www.komokaweather.com and in what browser?

Enjoy,
Paul

[alexvanuxem]

in firefox i can view all.

KR

A

[sutne]

I think it is just because you use http not https.
My Safari-browser says «Not safe», but shows everything.

[water01]

Paul I would agree with sutne. Puzzles me why your hosting doesn't provide a free secure https login, most do nowadays

[HansR]

Hi Paul,

To clarify: this is not a browser problem but the alarm depends on which malware detector is used and if that detector works also on websites, mine works on the firewall level. I tried it in Chrome, Edge and FireFox (I won't start installing all possible browsers). In all three browsers it is my malware detector Malwarebytes - its Extension Browser Guard - which sounds the alarm. I get the screen below (sorry it is in Dutch).

Now, as you get messages from others too - I don't know which malware detector they use - I assume this is a real threat. I have two weather sites sounding the Alarm: yours and Phils BackYard. Both will not display. I have no idea about the technical issues of the threat or about what it actually does. It might be a false positive. However, I asked Malwarebytes if the alarm is a false positive and they declined that. We may assume virus scanners and Browser Guards are a marketing trick, but I take that as a risk. Fact remains that certain sites are invisible to me (and I don't seem to be able to bypass this).

I really don't know what to say about the threat, be it real, a real menace, a threat for your domains or whatever. I challenged Malwarebytes and they stay with the alarm, they claim the server is infected.

Schermafbeelding 2024-04-16 183136.png

[HansR]

Note that abuseipdb.com has this info on your IP-address.
They don't make that up, that is external to GoDaddy.

And virustotal claims it is phising which is the problem.

[SamiS]

I've had a few people contact me to indicate they can't access my websites as browser indicates not safe.
I contacted my webhost GoDaddy and they say, by using Google Chrome to my website yes it has malware, and I need to subscribe to their security service at $324 per year for one domain, or a pack of 5 for $660 (I have 5 domains including 3 non-profits for which I host and volunteer). I haven't yet agreed to subscribe...
However I can reach my sites from Edge without any warning. I then checked my GoDaddy account and it shows no malware

Unfortunately this can happen when websites are run from a shared server. Probably someone else’s website on the same server has been cracked and used to distribute malware or used to phishing. Then someone has reported that site as being malicious and the result is your (and probably several other) website being blacklisted falsely because of the shared common ip address with the cracked site.

[HansR]

And CriminalIp also sees it as a problem claiming in addition that port 22 is the culprit.

[De Hout]

I see the exact same Malwarebytes alert as Hans does.

[ConligWX]

Paul, for me chrome warnings show:

Code: Select all

The connection to www.komokaweather.com is not secure

but this is because no certificate is evident.

[saratogaWX]

I think the root cause is not having an SSL cert for the website, so multiple browser mark http as "Not Safe" -- it doesn't mean the content, just the connection is "Not Safe"

GoDaddy shared hosting seems to want to sell you an expensive SSL cert, but... it's possible with cPanel to get/add a free LetsEncrypt cert to the site -- you'd just have to remember to renew it every 90 days (they expire) and there's not (with GoDaddy) a method to automate the renewal.

see https://letsencrypt.org/docs/godaddy/

[RayProudfoot]

Hi Paul,

Viewing your website via Safari on an iPad with iOS 17.4.1 reveals no issues.

[PaulMy]

Thanks Ken, and while they have tried to sel me a certificate in the past, they didn't even mention in this current support call.
I had looked at Let's Encrypt in the past but it seemed overwhelming... and still does! I see Let's Encrypt doesn't recommend to use it with GoDaddy but does link to the GoDaddy instructions.

In GoDaddy's step 1 Generate your Certificate there is a link to Browser section and that lists numerous Client Options and I don't recognize any of those and don't know yet how to use them. What/which would be recommended for my Linux Hosting account?

Step 2 is to verify domain. Is the certificate for one only domain or more? My hosting with GoDaddy is "komokaweather.com" but I have other domains like 'komokaweather.ca" and some for non-profits which are all under the same "komokaweather.com" hosting.

Step 3 is to install certificate and private key in cPanel and I have found the GoDaddy page in my cPanel for INSTALL AND MANAGE SSL FOR YOUR SITE (HTTPS). Doesn't look easy, but maybe after I get a certificate from Let's Encrypt it will become easier...

Enjoy,
Paul

[saratogaWX]

Most of the tools provided by links at LetsEncrypt rely on having SSH to your Linux server to run scripts.. not all have.

You might take a look at https://help.zerossl.com/hc/en-us/artic ... on-GoDaddy
ZeroSSL does offer free certs (up to 3 domains), and you can generate them from your account on their site:
https://zerossl.com/

[ConligWX]

you might be able to script it too. using LEgo client. thats what I use.

https://github.com/go-acme/lego