The Deceptive Site Ahead Warning

Nadejda

Nadejda Milanova · 06th април 2021·Website Security

The Deceptive Site Ahead Warning

You might have come across at some point the famous Google warning “Deceptive site ahead”. Every time a website is recognized as exposing personal information, it gets flagged as being deceptive.

A deceptive site warning has tons of negative impact on your website. It can lead to negative SEO, drop in traffic, etc.

Why does the Deceptive Site Warning appear?

In most cases, the reason is unauthorized user intervention, security misconfiguration, or malware infection. Some other reasons may include:

  • Unknowingly (or knowingly) hosting phishing pages on your site.
  • The frontend of your site has been infected, leading to redirection to a spam site.
  • A site with a backdoor script or code, which looks bad to Google.
  • A website can be prone to stealing sensitive data or malicious backlinking.
  • There is a chance that a credit card stealing malware has been residing on that website.

How to fix the Deceptive site ahead message?

If your website gets this message, it most likely means that it’s been compromised by hackers and they are using it for Phishing. This means that readers come across fake pages which are asking for their credit card details and credentials.

Locate the cause

As you might have already guessed, the first and most important thing is locating the infection. It could reside in a file, page, folder, or the whole website. So, how do you locate the hack?

  • Manual search If you already have some prior knowledge for malware detection, it can be a great way to locate it on your website.
  1. Go to your site, using a different device and ignore the warning.
  2. Right-click outside an element in order to view the source and choose the View page source option. You will see the source code in a new tab.
  3. Check for any out of the ordinary 3rd party files, HMTL tags, iFrames. Take them down.
  4. Open the server’s file manager and check the source code for those files.

If you are using the manual search, you might need to check some of the following elements:

New plugins or themes Unknown admins New admins/users base64 encoded characters or new files with strange names

if you wish to check which files have been recently modified, log into your server by using SSH and run the following command:

command

You can switch the value from 30 (number of days which files were last modified) to any number of your choice.

  • Malware scanners

There are tons of plugins and online tools you can use to locate the damaged pages on your site. One of the best available on the market is Astra Security malware scanner.

Astra Security malware scanner

The scanner can detect even the smallest changes to your files, which you can see in the View File Difference tab.

Astra Security malware

These types of scanners can detect infections by scanning your source code and publicly available files. Simply enter your site and scan it. It’s possible to even detect Google blacklisting, and not just detecting the infected pages.

  • Google Search Console
Google Search Console

This is an amazing tool in order to identify the infected pages. Go to the Security Issues tab and you can see the listed security issues on your site.

Note, that you need to have ownership of the website. You can do this by using meta tags, HTML tags, etc.

Be aware, that in some cases of an attack, the hackers have most likely seized your site’s search console. Go to the property owner management page and remove any unauthorized users.

Don’t forget to get a backup of your site before doing the cleanup, just in case you need to restore it.

Clean your site

Now, that you have identified the issues, follow the steps bellow:

  • Delete the malicious code.
  • In cases of base64 encoding, use the help of online resources to decode it and find out what it does.
  • Delete any suspicious users from the dashboard and database, change passwords.
  • Delete any unused and buggy themes/plugins, as well as their files.
  • Remove any suspicious users from the Google search console. Also, remove any HTML files and meta tags which are used to verify the ownership by users with no authorization.
  • Alert your regular users to reset their credentials.

Submit your site for review

The final step is submitting your website to Google for review by following these steps:

  • Go to your Google Search Console and log in.
  • Open the Security issues report and choose I have fixed these issues.
  • Now, click on Request a review. Describe all of the steps you have taken.
  • Click on Submit Request. In cases when there are multiple issues, do the same process for each one.

Now that you are done, the blacklisting will be removed and your site will be de-indexed. This can take a few days.

Conclusion

Fixing the Deceptive site warning can be troublesome depending the malware. The best thing you could do is take the proper steps in securing your website. Using quality maintenance and security practices will increase your site’s security and avoid further issues.