I have recently created a website for my client, but when I try to post to my facebook or Linkedin, I noticed that the web security advisor shows it is malicious site and given it a red cross after the link.
I would like to know what is going wrong with this url? Any solution to fix it up?
Related
I am new in this community.
I have not much knowledge of coding. I am facing below issue, please assist me to solve the issue.
I have 2 websites. I added Auth0 authentication in Website A and its login process is working. I want to that, suppose user is already logged-in on website A, Can I Request a users status of website A using another website ?
I have check out some blog, but those are not sufficient.
So I have a website that send phishing emails for employers and I get the results for this campaign (for example how many employees click on the link, etc)
While testing my website on my personal emails the website became dangerous.
What should I do ?
Disclaimer - I run a phishing simulation service called CanIPhish and I came across this exact same issue when building my phishing websites.
What's happening here, is google is discovering and analysing your website through both it's normal indexing capability but also by scanning emails and detonating links.
When Google or it's threat intelligence partners discover your website it's analysing the content and accordingly flagging it as malicious.
To get around this issue, you need to hide the website behind a load-balancer or CDN which can perform conditional routing based on querystring parameters. Within the querystring you need to create a single-use GUID tied to the campaign and target. When the target detonates the link, they're forwarded to the phishing website and the GUID becomes inoperable. This way, when google or a threat intelligence partner index the site or detonate links in an email, they see something completely different to what your actual targets see.
I'm operating my myriad of phishing websites by hosting them on Amazon S3, I'm using Cloudfront as the CDN, Lambda#Edge on Cloudfront to inspect QueryString parameters and a mixture of DynamoDB with S3 for storing target user details and details on whether a GUID has already been detonated.
To see an example of this - try browsing here and all you'll see is a "Oops you clicked a phishing link" instead of the actual page which is a Google phishing site.
My problem is similar to this one. But I need to make one step further.
I whant to publish my website webview on google play. Google Play have rejected my submission but after I send them a email they respond and said that they will allow app publication if I send them pdf with distribution agreement, authorization contract, website domain information or something like that prooving my website ownership. My website hosted on azure. I have domain name like xxxxx.azurewebsites.net. Please help me to understand how can I make pdf document that prooves my website owership.
Will be very greatfull for help!
First, about how to verify your Azure Website ownership, you can refer to these Google documents as below.
Handling Android App Links
Secure and specific: Android App Links use HTTP URLs that link to a website domain you own, so no other app can use your links. One of the requirements for Android App Links is that you verify ownership of your domain through one of our website association methods.
and
Add verification for your deep links: Configure your app to request verification of app links. Then, publish a Digital Asset Links JSON file on your websites to verify ownership through Google Search Console. Learn more in Verify App Links.
Verify Android App Links
To verify ownership of both your app and your website, the following steps are required:
Request automatic app link verification in your manifest. This signals to the Android system that it should verify your app belongs to the URL domain used in your intent filters.
Declare the relationship between your website and your intent filters by hosting a Digital Asset Links JSON file at the following location:
https://domain.name/.well-known/assetlinks.json
The section Verify your website of App Indexing on Google Search in Play Console Help introduces the steps
Sign in to your Play Console.
Click All Applications All applications.
Select the application you'd like to verify.
On the left menu, click Development tools > Services & APIs.
Under "App Indexing from Google Search," click Verify website.
Type your website address.
Click Verify.
Go to Google Search Console.
On the left menu, click All Messages.
Open the verification request message (example: "Google Play: Link http://www.yourwebsite.com to android-app://example.com.yourpackage.name").
Click Approve the request.
Review the information and click Approve. Once approved, your app will appear on the
Search Console Home Page for your account. Be sure that your app enables deep links.
If you have a Google Search Console account or not, here is two links of Verify your site ownership of Search Console Help for old and new Search Console will be helpful.
Tip: Only Google Search Console users with "Owner" permissions can view and approve site verification requests. If you don't see your site verification request, make sure you're signed in using an account with "Owner" permissions.
Second, the xxxx.azurewebsits.net is just a subdomain of azurewebsites.net which be registed by Azure and you can lookup the related info via https://www.whois.net/ as the figure below, so it's not belong to you.
Therefore, you need to register a domain name like abc.com in the Domain Name Registrar like GoDaddy or others, and add a CNAME record with it into DNS server like Azure DNS, then to follow the above steps required by Google to verify your website ownership and collect the necessary information to make a PDF document to send to Google.
I would love to get advice on my current project structure idea. I have been searching regarding node.js multi domain packages but i am not sure if they will suit. I also would like to have a easy to manage apps eg. if i want to modify specific app, i have a feeling a single app will get really full and confusing to manage code wise? Basically i am building a website that will have:
Landing Page - www.maindomain.com
User Dashboard - members.maindomain.com
Admin Dashboard - admin.maindomain.com
Now each subdomain app can communicate to each other if they have the credidentials etc.
Would it be correct to create separate 3 Apps to handle each of the sites?
Is there any security concerns having this kind of 3 app setup?
Can account creation occur upon paypal payment?
Ideal flow would be User visits website on landing page and selects a paid package which in turn would direct to paypal. Upon payment user would be returned to website with account creation form, and said Package(order) would become an option on user dashboard.
Admin can pretty much view everything via admin dashboard pretty standard, setup promos etc.
Thanks for your help and advice.
I have an asp.net mvc 5 site currently hosted on windows azure.
Occasionally (normally after I have rolled out or deployed to azure) the authentication seems to bug out.
I try to log in with my google account and I get weird redirect loops where I hit login, and it takes me straight back to the login page. This is normally fixed by restarting the site on windows azure again.
Every now and again though, it will redirect back from google and ask me to enter my username to complete the registration process. It does this on my google account that has already been registered. It is registering the same google account twice or sometimes even three times.
Its happened to myself and my users and I only hear about it when someone contacts me and tells me they've lost all their stuff linked to their profile on my site.
Has anyone experienced anything like this? I'm using the bog standard login / auth controller with an mvc5 project.
EDIT ::
my url is www.dev-score.com, but it also responds to just simply dev-score.com
could it be the fact that some people register on www.dev-score.com and then try to log in with simply dev-score.com or something like that?
sorry everyone, i feel kind of stupid now.
the reason this is happening is because of the different domains, not different url's.
by default azure also has a ".azurewebsites.net" domain that a few of my users were using while my .com domain was propagating.
when i switched to my .com domain, and disabled my .azurewebsites.net domain they all had to re-register, as google (rightfully) thinks that this is a new website.
these are the people that were experiencing that bug and i had to manually move their stuff over to their new accounts. every now and again a user from that period comes back to the site and logs in and has to go through this process again, so it seemed like an intermittent bug but its not, its only a bug to those few users that registered during that small window and haven't been back to the site since.