Terrible Trials of Web Security

I run another Web site with a friend and colleague at Win10.Guru. Right now, the site is (mostly) inaccessible because we’ve fallen foul of Google’s Safe Site tools. Over the past couple months we’ve been hammered, dealing with terrible trials of web security. If you visit our site right now, you’ll get this dire warning:

Terrible Trials of Web Security

This is NOT an inviting entry into the website. It is calculated to scare people away.
[Click on image for full-sized view.]

If you click on the Details button, a link reads “visit this unsafe site.” Again, this is intended to discourage visitors. But because of Google’s security assessment, it’s the only way into our site right now using Chrome. Edge returns a 503 Service Unavailable Error, and Firefox times out. For the nonce, Win10.Guru is off the air. My partner and I are freaking out, trying to get this fixed. But this is only the latest installment in a litany of horrors we’ve endured lately.

What Makes for Terrible Trials of Web Security?

To start with, we faced multiple daily page injection attacks. Hackers were redirecting visitors to our website to third-party clickbait sites. (Presumably, because they could get paid for such clicks.) Some illicit redirect links also included malware, phishing scams, and other unsavory stuff. Thing is: hackers were also able to access and change the master permissions file for the site itself. This is, of course, the very special file named .htaccess that controls permissions and configuration of the file structure for the site. According to our hosting service, this is supposedly  impossible. Yet we demonstrated that our file structure changed over time because malicious actors were at work.

Once we’d shown them what was what, the provider granted us their high-end security software as a wrapper around our site. Presto! Our problems went away. But the trial period is over now, and it costs over US$300 a year for that added security on the site. My partner refuses the outlay for perfectly valid financial reasons. That said, I’m of the opinion that such a sum is better spent than having the site mostly inaccessible. Not to mention the days and weeks he’s spent trying to keep things cleaned up.

The Devil Really Is in the Details…

The Details button also lets users “report a detection problem.” My partner and I have been doing that multiple times daily. We’ve been asking our network to do likewise, hoping that a chorus might be more convincing than a couple of lone voices in the wilderness. If it’s not too much to ask, please click the preceding link and attest to the lack of ill will or intent on our part for https://win10.guru. It might make a difference.

But according to what I’m learning it takes 7-10 days for Google to review and change such rankings. I’m also trying to purchase additional security coverage on my own recognizance for the site, and keep getting an error message when I try to make payment. Gosh! It’s been one of those days, I’m afraid. Here’s hoping we’ll get this fixed soon. All I can say right now is “Ouch!”

[Note Added July 18, 2020] Crisis Averted!

Yesterday, July 17, working with the security team at GoDaddy subsidiary Sucuri.net (with whom we’ve obtained a subscription to their website security scannning and protection services) we finally got all the obstacles cleared away and a clean bill of health for the site. You can check its status any time through this URL: https://sitecheck.sucuri.net/results/win10.guru. One of their third-level tech support folks was finally able to convince Google Safe Browsing that our site was neither “deceptive” nor were we foisting any phishing exploits. I guess that means it helps to have a trusted third party vouch for your site, or something. At any rate, all the dire warn-offs are gone and the site is behaving normally. Thank goodness!


Leave a Reply

Your email address will not be published. Required fields are marked *