My website is JerryDelRio.com – it's wordpress install looks clean, but it appears that malware exists on all sub-domains in their idxbroker.com search. For example:
http://www.jerrydelrio.idxco.com/idx/14511/mapSearch.php
How can we make google realize that these sub-domains are good to go? Idxbroker.com is a service we use to display property real estate search – I do NOT control that domain and I am sure it is very clean.
Here is a screenshot on how to submit review request to google:
But it ask to upload verification file to jerrydelrio.idxco.com. But i don't control the domain. It is just a service from Idxbroker.com
Please help me on how i can request google to review the Reported Attack page.
Thanks for your time.
You should move this account to a custom subdomain via a CNAME record. Then you can claim in google webmasters tools.
Related
Unfortunately, nobody is responding to my support ticket so I think it's a problem needs someone with experience with sendgrid
the reproduction is simple:
did the Domain Authentication and Link Branding
Added all the necessary record to my DNS configs
All verified in SendGrid dashboard.
Tried sending an email and click on the link it gives me this
I think the issue might be that you that you use https links, but you don't have a "TLS pass-trough" set-up for them. It's really poorly explained on Sendgrid's branded links help page, but you can see a mention of it here. Basically you need something that will resolve TLS on your side and forward the request to sendgrid. It can be a proxy, as suggested on that help page, or i.e. a cloudfront distribution with a custom origin pointing to sendgrid and a certificate covering your branded link domain covered.
If you're using Cloudflare, I had luck following this guide in their documentation in order to get it to work. Sendgrid also recommends Fastly and KeyCDN.
The only drawback is you also have to contact customer support in order to request that SSL click and open tracking be enabled on your account.
If the destination link is http: and Chrome has Settings->Privacy->Advanced SSL warning switched on this happens as well. The url shortener url is https but the destination being http.
Give API Key its full access, follow steps:
Settings
API Keys
Edit API Key
Full Access
Update
Whitelist your domain, follow steps:
Settings
Sender Authentication
Domain Authentication
Select DNS Host
Enter your domain name
Copy all records and put them in your Advanced DNS management console
Add a branded link, follow steps:
Settings
Sender Authentication
Link Branding
Follow the steps on the screen
Copy all records and put them in your Advanced DNS management console
NOTE: When adding records, make sure not to have domain name in the host. Crop it out.
Now, I attach any http or https url in html_content like
html_content="<a href='https://www.python.org/'>Python</a>")
When I receive email, and click on the link, it loads perfectly.
This is the link generated - Python
Firebase hosting requires that a TXT setting be set up to as they call it
Prove the domain is yours
I purchased a domain. It is mine. In order to set this TXT setting I have to have the domain hosted. The place I purchased the domain from sells hosting for minimum one year at a time. What is the point of firebase hosting when I have to buy hosting somewhere in order to prove that the domain is mine? Is there any way to get around this catch 22?
Proving ownership is done by putting a TXT record in the DNS. This doesn't require that you have a website hosted yet, it merely requires access to the DNS settings for your domain.
It's hard to help beyond that without knowing where you registered your domain.
Update. I took Frank's advice and set up a few Namecheap accounts. Wowie! The discount names are as cheap as 50 cents/year if you buy 1 or 5 years. Thanx for the advice. There is a caveat to using Namecheap/firebase, however.
Do not take this as if I were looking a gift horse in the mouth. I am super grateful to Google for free hosting. I merely want to warn users that firebase is not a free country. Google forces the s religion. I put in many hours of work to create my website using my girlfriend's hosting MySQL. Her hosting platform does not have an s in the URL: https. So the Angular 5 HTTP calls barf. I also included a contact page and a share via email popup. I used my girlfriend's hosting and set up a poor man's PHP web service for that. That does not work because girlfriend's hosting uses HTTP not https. So now I have to go back and recode these backend connections to use Google firebase and Google functions/SendGrid. I could have done that from the get-go and saved myself the time and aggravation.
Very strange problem. I have a website which is seo-techniques.net but suddenly I found another domain name- www.seiuc.com redirect my website. I am not sure how it is possible.
www.seiuc.com is a phising site, the webmaster of that website is trying to pretend as your official website. www.seiuc.com just copy pasted the content of your website. Report the offending webmaster to it's hosting provider.
Question is how is your original domain redirects to the other one ? if that's the case it means that the other owner somehow injected a Redirect into one or all of your files or maybe changed your htaccess file - you should contact your hosting provider chat support asap - they'll will know how to fix it...
I have a web form created in the Adobe Business Catalyst CRM and someone has placed a Man in the Middle (MitM) hack on our site or wherever and is intercepting the web form then contacting the user who submitted the form and offering them their products using the same name as my website.
So this is a two-part question. How do I get rid of and prevent this from happening again and is there any legal action I can take against the MitM hackers?
Business Catalyst (BC) is very secure so I am not convinced there is a hack on your site. You should do the following:
Contact BC and let them know about this.
Check your site for any code you did not create or insert into your site.
Recreate the web form and insert it into your site.
Change passwords on your BC site.
Change the workflows for your site.
Change your email password.
Switch the forms to use the BC secure domain. (IE: https://example.worldsecuresystems.com)
Since you cannot run server side code on BC then doing the above steps should solve the issue.
Contact a lawyer for information on legal action against MIMA hackers.
First of all you can use SSL on you website.
Second you can encrypt you data use !!!
Simple scenario:
I have a signup form, with user name, password, email address, may be credit card number.
At the bottom of the page, I implement the Google Analytics code.
when user clicks submit, it goes to a page wihtout google analytics.
question is..
can GA get the data (user naem, password..email..etc) in the first form after user input the data?
Do they say anything about it in their TOS or Privacy policy?
Yes. Any <script> you include in the page has complete access to alter the user's interaction with the site due to the Same Origin Policy. Google, if they were feeling Evil today, could certainly rewrite the action of your <form> to point to themselves, or log every keypress, or create an <iframe> containing another page on your site and simulate the user clicking on any action in that page.
Do not include <script> on any page from a party you don't completely trust with the security of everything on your site. Even a single tracking or advertiser script on any page compromises everything on the same hostname (and maybe other subdomains if you are setting window.domain to allow cross-hostname-scripting, or sharing cookies between hostnames).
However, the Analytics script doesn't currently do any of these things and the form submission will not flow to Google as a matter of course; they would have to deliberately act to steal the data. Clearly it would be disastrous for them to be discovered doing it, so they presumably won't. But technically, they could. It always pains me to see third-party ad and tracking scripts on bank sites.
UPDATE: The landscape has changed quite a bit over the years since my original answer below was written: the scripts are now generally served (or at least have the option to be fetched) over HTTPS, so those scripts should be secure against the trivial man-in-the-middle attacks. However, you are still trusting the script source not to do malicious stuff in your page, since they still get to fully control what happens on your web page.
Original answer:
Yes. I recommend against putting any third party script on sensitive pages secured by SSL. It's not likely that Google is going to hijack sensitive data on your page but you should take into account the possibility that a malicious ISP can hijack the request (say, using DNS) to Google Analytics script and do whatever it wants on your page.