Deceptive site ahead - warnings just started today from Google Chrome (only)

spaceman

Well-Known Member
Mar 25, 2002
513
6
318
Hi All,

Latest version of Google Chrome 89.0.4390.90 (Official build) has suddenly started today, 15th March 2021, to display some of our sites as insecure, despite the fact that the TLD and subdomains are reporting just fine with SSL Shopper:


Google Chrome is claiming that the SSL certs for the above domains are NOT valid, NOT secure. Other browsers don't seem to have a problem.

As per what SSL Shopper says, the certificate was issued by Sectigo, but also that the Issuer is cPanel, Inc. Certification Authority.

So we're wondering whether either:

1. Google Chrome is wrong, and they'll need to fix it, OR
2. There is indeed some security issue with SSLs issued by Sectigo / cPanel which Google Chrome is (now) validly detecting and reporting.

Will continue to investigate...

Any other ideas are welcome.
 

ZenHostingTravis

Well-Known Member
PartnerNOC
May 22, 2020
275
95
28
Australia
cPanel Access Level
Root Administrator
Hi,

There is no issue with SSL.

I think your site/s are infected with malware because even though I didn't see the warning you mentioned, Sophos blocked the website for potentially being malicious.

You have to clean the website of any malware and then resubmit the website to Google to re-assess.

On the node, I'd recommend using Imunify 360 if you aren't already.

It is the best software for malware prevention and detection.

The following link may assist you further:
 

spaceman

Well-Known Member
Mar 25, 2002
513
6
318
Thanks for your reply @ZenHostingTravis .

Note that the issue appears to be affecting MULTIPLE websites, where there is zero technical connection between these website... they're even hosted on remove servers from one another. The only commonality being that they're all using the same TLD in various sub-domain configurations. So even if one site is infected.... it wouldn't make sense to effectively blacklist every subdomain site using the same TLD.
 

spaceman

Well-Known Member
Mar 25, 2002
513
6
318
Good news! The problem has gone away.

We did terminate one (of many) sites that were using the same TLD in a subdomain configuration. It did look like that one site might have been hacked.

This doesn't explain why ALL subdomain sites would have been blacklisted. That makes no sense.

I did report the issue to Google via the Google Search Console (formally Google Webmaster Tools) for them to review the situation, so whether or not they acted on this manually, and/or it was because we terminated the single "possibly suspect" hosting account... who knows.

A good result either way.
 
  • Like
Reactions: ZenHostingTravis