My website was blocked by Panda Security because it was considered unsafe; I tried to show my website to someone on their computer and they had Panda Security software which blocked access to my site with a big red warning.
What are the reasons that a website is considered not secure?
Is it the InfinityFree IP block that is not trusted?
Is it because I am using one of the new fancy .tech top-level domains that it is not trusted?
Is there anything beyond SSL certificate that I should be doing to make my site more trustworthy?
I do have SSL security certificate installed for this site already. The behavior was very different when I went to http:// versus https://. When I went to https:// it was just the ordinary browser blocking the site and not Panda Security blocking the site.
This may indicate that Panda Security blocks insecure (HTTP) connections in an attempt to force people to use secure (HTTPS) ones. What error does the browser throw, though?
I think you’re right. That theory matches the behavior I saw. I’m not used to that behavior because I wrote .htaccess rewrite rules to force all traffic to go to https.
Could you please share the exact error messages you see? Error message usually give information as to why you see them. And if they don’t make any sense to you, maybe we can make some sense of them.
I’m sorry this turned out to be a difficult request: I don’t have access to the test environment where it failed; I’m just going on memory of what happened the other day.
What struck me as odd was that .htaccess did not successfully bounce to https like it is in other environments besides this person’s Panda-protected computer.
Then, the next error mentioned the word SSL and that’s all I read at the time.
Following up with some more searching, I just used sslshopper.com and it confirms: “The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.”
I am using the SSL certificate provided by infinityfree.
If Panda blocks all requests that do not use HTTPS, then Panda may actually be preventing the HTTPS redirects from taking place.
Panda should be able to detect that the site is forcing HTTPS, but it’s possible that our browser validation system may be interfering with Panda’s ability to detect this.