Website Phishing Alert Error

Hosting Support
1

Website URL

(please specify the URL of the site on which you are experiencing the problem)
http://nexa.22web.org
https://nexa.22web.org

Error Message

(please share the FULL error message you see, if applicable)
Beware of fraudulent sites
Attackers on [MY WEBSITE] can trick users into dangerous actions, such as installing software or disclosing personal information (such as passwords, phone numbers, or credit cards).
(Chrome Safe Browsing)

Other Information

(other information and details relevant to your question)
This is a website to start my new business and I already reported this problem to google domain. The response was negative. I wonder if there’s a critical issues in my php source code. I am starter programmer so I hope I can learn from you guys about this warn. Reminder, my website is for my business not phishing.

2

It’s just an issue with Google Chrome. It has a long history of flagging the wrong sites as phishing and not flagging the ones who were phishing. My advice: don’t use chrome. It works good (the site) on other browsers

2 Likes
3

This could happen with Chrome if you are using PHP to get visitors IP addresses or for a few other reasons. A few years ago, I had the same issue, but I fixed it by improving my code logic.

4

I am so glad you to let me know that. However, I don’t use any function that use clients ip address. But I would like to check it again. Thank you for helping me.

5

Thank you, I will check it again and I might gonna report this issue to google again. Thank you for helping me.

6

I checked it again, and I guess I found 3 reasons can be the issue.
First, I use session system to login.
Second, I use $USERDATA value to save the login data which can be very suspicious to google chrome (probably not because it’s backend)
Third, MAYBE MAYBE MAYBE, does my source code or my domain infected by malicious software?

7
  1. No, it’s not. If it would be infected my antivirus would be blocking it. (My antivirus is really good)
8

No, it’s not the problem, Who is your domain name registrar?

9

If you can provide the source code of it, i can check it.

10

Okay thank you very much again

11

I have no idea. I might can find it if you know how to. May I ask you how I can find it?

12

Where did you bought it from?

Ex; Namecheap

13

Oh I just bought on free plan in infinityfree website. the sub domain one.
Okay so first time I registered with .wuaze.com and then I added subdomain on it and I removed the first one.

14

Also, I detected an additional issue; I registered out of curiosity and it just shown a blank page, also when I tried to login with the password and the id it didn’t work.

1 Like
15

It’s not the problem, like said you before you need to provide the source code of your site.

16

Small note, do not exceed 10 posts as this is your first day.

17

I have 6 different source code with php.
first is login webpage.

<?php
session_start();
$servername = "[SERVER-URL]";
$username = "[USERNAME]";
$password = "[PWD]";
$dbname = "[DB-NAME]";

$id = $_POST["ID"];
$pwd = $_POST["PWD"];

function getSalt($id) {
    global $servername, $username, $password, $dbname;
    $conn = new mysqli($servername, $username, $password, $dbname);
    if ($conn->connect_error) {
        die();
    }
    $sql = "SELECT * FROM accounts WHERE id = ?";
    $stmt = $conn->prepare($sql);
    $stmt->bind_param('s', $id);
    $stmt->execute();
    $result = $stmt->get_result();
    $conn->close();
    if ($result && $result->num_rows > 0) {
        $row = $result->fetch_assoc();
        return $row["salt"];
    } else {
        return false;
    }
}

function login($id, $pwd) {
    global $servername, $username, $password, $dbname;
    $conn = new mysqli($servername, $username, $password, $dbname);
    if ($conn->connect_error) {
        die();
    }
    $sql = "SELECT * FROM accounts WHERE id = ? AND pwd = ?";
    $stmt = $conn->prepare($sql);
    $salt = getSalt($id);
    $hpwd = hash("sha256", $pwd . $salt);
    $stmt->bind_param('ss', $id, $hpwd);
    $stmt->execute();
    $result = $stmt->get_result();
    $conn->close();
    if ($result && $result->num_rows > 0) {
        $row = $result->fetch_assoc();
        $email = $row["email"];
        setSession($id, $hpwd);
        setCookies($id, $email);
        return true;
    } else {
        return false;
    }
}

function setSession($id, $pwd) {
    $_SESSION["LoginID"] = $id;
    $_SESSION["LoginPWD"] = $pwd;
}

function setCookies($id, $email) {
    setcookie("ID", $id);
    setcookie("EMAIL", $email);
}

$result = login($id, $pwd);
if ($result == true) {
    header("Location: .");
} else {
    echo "<div id='messageModal' class='modal' style='display:block'><div class='modal-content'><h2>Message:</h2><p>ID or Password is wrong</p></div></div>";
    header("refresh:3;url=login.html");
    exit();
}
?>

The remote db works clearly to me.

18

I think you should add the following lines at the beginning of the script so we can see what’s the problem here more clearly (and this might help you diagnose more errors): error_reporting(E_ALL);
ini_set(‘display_errors’, ‘1’);

19

I’ve checked your code, and there’s nothing serious in there, but you should consider using a different PHP file to include the database information.

include_once 'db.php'

Also, your register.php is getting a 500 error. This could be due to the wrong database credentials.

Like @Razu_the_cat said turn on the php error messages by heading to your control panel and find alter php config

20

$sql = “INSERT INTO accounts (id, pwd, salt, email, phone) VALUES (?, ?, ?, ?, ?)”;
$stmt = $conn->prepare($sql);
$stmt->bind_param(“ssss”, $id, $hpwd, $salt, $email, “None”);

5 VALUES AND 4 BIND