Google warning - Site may be hacked

Seek answers and ask questions here.

Google warning - Site may be hacked

Postby bret » Wed Nov 15, 2017 12:58 am

I'm using a new install of Firefox on my laptop and didn't have ED in my browser history. Being lazy I just typed "everything dulcimer" to get the Google search result. Google has a warning on the search results that the site may be hacked. Just thought someone would want to know. Here's a link to the search results. Clicking on the "This site may be hacked" warning has additional information.

https://www.google.com/search?q=everyth ... 8&oe=utf-8
bret
Junior Mbr (0-50 posts)
 
Posts: 41
Joined: Sun Jul 30, 2017 6:00 pm

Re: Google warning - Site may be hacked

Postby strumelia » Wed Nov 15, 2017 10:20 am

It's simply because ED site is still http, and not https/secure. Major browsers like Google and FF are clamping down on non-https sites by giving pop-up warnings to visitors that the site is not 'secure'. This will continue, and is intended to eventually encourage (force) all sites to be https, which really is more secure for everyone and is a good thing overall. But the change is definitely a pain in the butt for most low tech or small scale sites. I think you can safely ignore the warning for this site, but do be aware that other sites that are not secure/https might actually be less safe for you to be browsing.
This is something that ED owner Bruce Ford can probably address when he has the time. It has to do with getting a 'certificate' onto the server that hosts the site.
User avatar
strumelia
Super Mbr (501-2000 posts)
 
Posts: 1761
Joined: Wed Feb 24, 2010 4:05 pm
Location: Upstate New york

Re: Google warning - Site may be hacked

Postby bret » Wed Nov 15, 2017 11:22 am

I was curious about the lack of HTTPS (posted a message about it some time ago). Not using it leaves the site vulnerable to a number of attacks and any computer invovled in transmitting the content from the server to someone's browser can alter the content or inject other content freely. It also means logins and passwords are visible on the network every time someone logs in.

I maintain a couple websites for my company. We redirect any HTTP requests to HTTPS now. Getting a TLS certificate these days is pretty easy. If money's an issue, Let's Encrypt offers them for free - the idea being to remove any barriers to HTTPS adoption. The only caveat is they need to be updated every 90 days, but that can be automated.

If I can help in any way, I'm happy to.
bret
Junior Mbr (0-50 posts)
 
Posts: 41
Joined: Sun Jul 30, 2017 6:00 pm

Re: Google warning - Site may be hacked

Postby rz_admin » Wed Nov 15, 2017 11:46 am

Bret,

I've already taken steps to fix the "This site has been hacked". The solution is currently under review by Google. I'm not sure how long it's going to take to get an answer as to whether I fixed it correctly. As for https, Bruce is the owner of this site, and I've already asked him about this. He hasn't given me an answer yet.

Ron
User avatar
rz_admin
Junior Mbr (0-50 posts)
 
Posts: 38
Joined: Thu Mar 19, 2015 8:22 pm

Re: Google warning - Site may be hacked

Postby rz_admin » Thu Nov 16, 2017 7:45 pm

Bret,

The issue with "Site may be hacked" should be resolved now. I still haven't heard from Bruce Ford about https.

Ron
User avatar
rz_admin
Junior Mbr (0-50 posts)
 
Posts: 38
Joined: Thu Mar 19, 2015 8:22 pm

Re: Google warning - Site may be hacked

Postby bret » Tue Nov 21, 2017 11:50 pm

Ron,

Thanks for looking into it. I just searched Google for the site and can confirm the "may be hacked" warning is gone. :D

Regarding HTTPS, I wanted to pass this along: https://letsencrypt.org/getting-started/

I know the costs for some certificate providers can be prohibitive. I've been using Let's Encrypt certs on a couple sites since they launched and it's been super easy to keep the certs up to date and there is no cost for the certificates. I don't know how Everything Dulcimer is hosted, but in most cases, including hosts that don't offer shell access, it's relatively easy to set up a free Let's Encrypt certificate as many support it. Just wanted to pass the info along.

Best,
Bret
bret
Junior Mbr (0-50 posts)
 
Posts: 41
Joined: Sun Jul 30, 2017 6:00 pm

Re: Google warning - Site may be hacked

Postby rz_admin » Wed Nov 22, 2017 9:46 am

Bret,

Thanks for the information about letsencrypt; I'm already aware of this. I've passed along the concerns about this site being unsecured (you're not the first to mention this), but there's nothing I can do about it. Bruce Ford is the owner of this site, so the decision about https is ultimately up to him. I'm just an admin for the site.

Ron
User avatar
rz_admin
Junior Mbr (0-50 posts)
 
Posts: 38
Joined: Thu Mar 19, 2015 8:22 pm


Return to Website Issues?

Who is online

Users browsing this forum: No registered users and 1 guest