Deceptive site ahead | Laravel app deploy on cpanel - laravel

Here is the screenshot of this.
Few monts ago I deployed my this laravel app in cpanel. But Now when I'm accessing the site it shows me this message... I think it is hacked or malwared added in the app.
Can anyone tells
what are security steps? should I have to follow for deploying the project in cpanel securely...?
How can I protect my app from attackers in cpanel?
What I missed on basic think in my app was APP_DEBUG was false I have to set this to true.
Except this is App_Debug:
Is there any security should I follow...
Or should I have to move shared hosting to dedicating hosting..?

This has nothing to do with your hosting or your APP_DEBUG setting. In fact never set APP_DEBUG to true on a live website this can leak all your environment variables including database credentials to the world
Here's an explanation from the google site:
Social engineering is content that tricks visitors into doing something dangerous, such as revealing confidential information or downloading software. If Google detects that your website contains social engineering content, the Chrome browser may display a "Deceptive site ahead" warning when visitors view your site. You can check if any pages on your site are suspected of containing social engineering attacks by visiting the Security Issues report.
In your case it may be because either (as you said) the website was hacked and this content injected in it or (less likely) there is content you added to the site that Google is interpreting as misleading (either because it is or because it looks like it is even though it is not).
The remedy here is explained by the above linked site (wont include the entire text just a gist but do check the entire Google site):
Check in with Search Console
Remove deceptive content
Check the third-party resources included in your site
Request a review
If your page has been hacked then you should probably just delete everything, change your passwords (all of them) reset the app key and re-deploy it. Also contact your shared hosting provider to tell them what happened in case they need to be aware of any vulnerabilities or credential leaks.

Related

Custom google-domain for heroku app causes IP/DNS address error

I have a heroku app hosted at https://rosalinep.herokuapp.com/ that I'm trying to move to the address www.rosalinep.com. (I'm not picky about redirections from rosalinep.com or https vs http, I just want to have this website launched without 'herokuapp' in the url right now.) I used Google Domains to get the domain rosalinep.com, and used the following configurations:
On Google Domains:
synthetic records image
custom resource records image
On Heroku:
domains image
Last night when I first tried to launch this, it worked, but this morning I'm seeing the following error page (which is a total bummer...):
broken website image
Running 'heroku domains' confirms www.rosalinep.com is in the app's custom domains.
I did some searching to try and fix this problem, and it looks like some people in similar situations have reported success in using CNAME like I used, but Heroku's documentation seems to say that an ALIAS or ANAME is necessary for root domain configuration, and those options are apparently not supported by Google Domains.
Because of how Heroku works, they do not release the IP addresses of the apps you create on it, so I can't directly feed it an IP address.
I've gotten pretty stuck and confused in trying to resolve this. Any info on whether I can get this working with Google Domains would be greatly appreciated. Also, if it can be helped, I'd like to not pay for any additional services.
If Google Domains is a non-starter for this though, well, I'm open to other Domain registration websites.
Fixed it! :) After all that, it was just four characters that caused all this headache...
The issue was that in the Google Domains custom resource records section, in the Data field I had 'www.(dns_data_here).com.' when it should have '(dns_data_here).com.'
The site is now up and running on the new url!

Using CNAME results in website differences

I've added a CNAME record to my domain, to redirect people to the heroku app that hosts a website.
Somehow, my website is responsive and mobile friendly when I go directly to the heroku page (auspermaculture.herokuapp.com) BUT not responsive and mobile friendly at all when I go trough the domain name www.auspermaculture.com (that redirects to the heroku app using a CNAME record)
I can only see the differences when I actually open up the websites on my phone (iphone 5). In my web browser, the website is responsive not matter what adress I browse to. So if you want to see what I'm talking about, you might have to use your phone.
Any idea what would cause the differences? And is there a way to solve it?
UPDATE
It's not a caching issue.
After deleting all browser data on my phone, I still get these differences.
Here's 2 screenshots to clarify:
Turns out that Godaddy wrapped the whole website in a <frameset> because I forwarded the adress with masking. Forwarding it without masking turns out to be the solution.

Verification by Card always shows Session Expired on Azure

Whenever i try to register for Azure Free Trial, i feed all information and as soon as i land on Verification by Card page, it loads and then instantly shows me Session expired. I tried using different ID, different network and also different city to perform the action. Azure support does not work and googling doesnt help much either.
Is anyone else experiencing same or i am only one with such a problem.
I have also attached the screenshot of the issue.
Azure Session Expired.png
I would assume only two thing could cause this.
1. The Browser.
Can you do a clean fresh install of your preferred browser? Maybe there is a cookie issue. Microsoft has a notorious browser past. Are you using IE? If not true installing IE.
2. The Site's Code
Nothing can be done there. Just call Microsoft Support.
I hope this helps.
Best,
Tim
I doubt there's a global access issue with Azure, but you can double-check the status here.
It looks like a trouble with your current device configuration.
Check that your clock is correct. Your browser may remove cookies or
reject certificates because of wrong clock.
Check your browser-specific settings for limitations and security measures like disabled Javascript or enchanced security. It's also worth checking the addons and extensions for the same reason.
If you're on Windows, check Internet Settings or try to add the site to Trusted Sites list. A few months ago I had to add Microsoft sites to the Trusted Sites list on Windows Server box to solve a similar issue.
The simplest solution would be to try another device.
I had the same problem. Trying different approaches to solve the issue ultimately had the same outcome...I couldn't create an Azure subscription when logging in using my O365 credentials.
Working with Microsoft Support the approach that successfully worked for me was to open an InPrivate Browser session. Navigate to https://account.azure.com/, which causes a credential challenge, which you should use the O365 credentials. Ultimately a successful outcome.
BTW> I could only engage MS Support by submitting a Support request. MSFT were responsive in that I was contacted within 60min, with a suggested resolution.

How to get magento multistore work with facebook app

I sat up facebook connect extension on my magento store, which allows customer to login to the store with their facebook account. After filling api key, api secret in magento and config site url in facebook apps, the extension worked perfectly. However, if I switch to another store (with another domain), it won't work anymore. Is there a way to have magento connect to facebook without matching site url?
Here is the extension I got from: http://inchoo.net/ecommerce/magento/facebook-connect-magento-extension/
I'm not fully aware of how that Magento app works internally, however what I would say is that Facebook strictly speaking, does not allow apps to work across multiple different URLs. You can add multiple subdomains, however.
There is also some unsupported functionality allowing you to run apps across different domains details in this question, though it's worth remembering, this is unsupported.
The Facebook docs have some more info on "App Domains", and how they should be configured.

What does 302 redirects as filters mean?

I have an hosting account on Godaddy which has been redirected for last few days, to be precise, 5 days.
After mailing them quite few times, this is what they had to say
The 302 redirects are filters setup to maintain the integrity of the hosting server while we investigate and resolve an issue(s)
The post is not for boo-haa of godaddy, all I want to know is the technical aspect of the above term.
Why these filters are set, how they are set and what purpose they fulfill
Any sort of detailing on the issue will be helpful. Being a developer, it will only help when I plan to roll out hosting on my own.
The filter was set by godaddy to restrict access to your account until they can complete an investigation. The why would depend but if your website had illegal content on it whether you put it there, a user of yours or your account was hacked and someone else did would be some possible whys. By illegal I mean anything in violation of their policies or the law. The purpose is to protect their network and or you in the event that someone else is responsible for whatever they are investigating. I would call them.
I am in the process of pulling my website from Godaddy because of the same reason. They will randomly run a 302 redirect filter to protect their server. I found about 1/3 of my potential customers were being redirected to a non working version of my website. I spoke with a support staff at Godaddy and they had no reason but it is designed to protect their system. This is what you should look for. I use a company called Stat Counter and it shows your visitors paths my web address is www.actions4photographers.com What Go daddy does is take my web address and add 4-or 5 letters to the end of it and redirecting my customers to a non working version of my site.
I have had customers tell me my site was not functioning and I spent a small fortune trying to find out why. Now I know. Trying to get GoDaddy to admit that they were running the 302 redirect filters was like pulling hens teeth. I have been spending... like most of you a lot of time and money working on getting traffic to find out they are just turning away 1/3 of my traffic. How it this fair?

Resources