Google showing source code - search

I would like to know why google is showing source code for my site.
Search Google
The site is created in the PHP - Lithium framework. This happened when I added g11n support for language translations.
It usually shows the source of the file
public_html/siicrypto.com/libraries/lithium/g11n/Locale.php

It is showing that code because at the time the page was crawled it was displaying an error, along with a stacktrace and this is what Google indexed.
See https://webcache.googleusercontent.com/search?q=cache:SEHpmo4_jY8J:https://siicrypto.com/company/howitworks+&cd=2&hl=en&ct=clnk&gl=in

Related

Getting CSP reports on www.pagespeed-mod.com

I have switched to using Content-Security-Policy for my website. I'm starting to see reports about the following not being allowed: https://www.pagespeed-mod.com/v1/taas
Does anyone know why the website is trying to load this file? I'm using Google Analytics and Tag Manager, but I don't think that I have any page speed mod installed. Maybe this is an extension in the user's browser? Or when they open developer tools? Another source I could think of is automatic optimization through Cloudflare which I'm also running on.
Extra info: The source of loading this script is https://3001.scriptcdn.net/code/static/1 which doesn't reveal much about who made that.
Had the exactly the same issue and preventing me from using Element Inspector/ debugger. It appears to be some Chrome extension you have installed gone rogue, see if you have extension called "Auto Refresh Plus" installed like i did before.
I also see reports on https://www.pagespeed-mod.com/v1/taas being blocked with the same source of loading. It seems to happen in short periods on the various resources I have reports from. This indicates that it is related to the user/browser and not related to the site itself.
The same can be seen with translators, extensions, security proxies etc. I have given up trying to attribute the source of anything that is likely not caused by legitimate site content.

Opening a read only URL with password

New to Web site dev, though have done a lot of coding of other sorts in the past, just set up a personal blog for my own amusement on bluehost using wordpress and have it installed locally for dev.
I have a training log on another site which anyone can open read-only to view training stats with a URL of the form below, this works fine in a browser:
https://www.othersite.com/logs/1234xyz/authenticate?password=thisismypassword
What I have tried to do unsuccessfully is have this open in a frame on one of my web pages (used iframe/object in html). It seems impossible to do this as the authentication string is not passed across, and the screen displayed prompts for manual input of the password. Can I open this automatically in some way?
If I understood well, your solution is insecure regardless it works or not. In this way your clients can see the password of your (or another) site.
I suggest to query the external content using custom php code and display (print) it on your page.
There are several ways to get content of an external page:
https://www.php.net/manual/en/function.stream-context-create.php
https://www.php.net/manual/en/function.curl-init.php
If you need a tutorial for WP plugins check this out:
https://www.wpbeginner.com/wp-tutorials/how-to-create-a-wordpress-plugin/

Fetch as Google - Temporarily Unreachable ONLY on Mobile

I have created a new website www.bucketshowers.com and I tried to index it using google webmaster tools. Fetch as Google for the desktop worked just fine, but doing the same for mobile shows an error "Temporarily unreachbale". It's been a few days and the website REALLY is not avaible on mobile. It's driving me nuts. Here're is some information and things I have already tried:
Website is made with WP
I have disabled all SEO/meta tags plugins and I added a very basic robots.txt http://bucketshowers.com/robots.txt
I tried waiting 15min between fetching the root page on mobile
I have checked source code for the homepage to make sure there are no meta tags with nofollow or noindex attributes
I baffled by this issue and I would gladly take any advise/pointers what else can be done. Thank you.
The crazy thing was, that it was caused by WP Statistics plugin, which is probably the most popular from its kind - 500k downloads. When I deactivated it, everything is fine, google fetches of the mobile and the website is available. Incredible! I'm still searching for the actual problem within that plugin.

Kentico 10 Preview Links and Bundled CSS

We would like to use the Show Preview link via the General tab to share a link to an unpublished page for review. Unfortunately, the page generated seems unable to resolve the bundled .css and javascript and generates 404s for those files.
Anyone know of a way for the preview pages to resolve the bundled css properly?
If your links are not resolving then you have incorrect or invalid syntax in your CSS.
Regarding turning off minimization and it working further confirms your syntax is not correct. The minimization engine fails when it finds incorrect syntax.
To check this turn on minimization and load a page. Download the CSS from the source and look at the last line. There will be an error in the CSS if it has failed to minimize.

Google servers see website differently

I Googled one of our sites today (gamestyling.com) and saw that the results where in Chinese. It looks like our site was hacked but I see no traces of that. When opening the site all looks normaal (no Chinese).
On further inspection it seems that Google doesn't see the website correctly:
I cannot verify in Google search console. When I use the meta tag it shows me it detected a completely different tag.
When running pagespeed insight the preview does show Chinese: https://developers.google.com/speed/pagespeed/insights/?url=gamestyling.com
Also, when running the site through a proxy it looks completely normal.
Any idea how I can get Google to see my site correctly or what is causing this issue?
UPDATE
I now have access to Google search console and found that someone already had access to the property (2nd user):
I cannot remove the user because it uses a meta tag that google thinks is still in the header but doesn't appear in my code. So I'm still not sure if someone is playing tricks on Google or that we've been actually hacked. Note; nothing has changed on the server itself.
UPDATE2
This article describes exactly what's going on; https://blog.sucuri.net/2015/09/malicious-google-search-console-verifications.html. I must say that's an amazing safety fault on Google's part...
I had experienced this issue on one of the site and resubmitted website for review in google webmasters. Search results in google were corrected in couple of days.

Resources