Ooops… suspicious website

Posted in

Original post date: July 24, 2024

Last updated: July 24, 2024

Last week, we launched Ygreky’s website. Just hours after I created the page and posted an announcement on LinkedIn, we saw there was a problem.

The profile with suspicious link marking (before)

The link on the page marked the website as suspicious, and when someone clicked, they were taken to a warning page. Oops…

A warning link was a behavior I had never seen before, so I started building a list of hypotheses, as I couldn’t find documentation on possible reasons. The first list was:
1. Real spam was sent from the domain
2. Somebody marked the website as phishing somewhere
3. There was an issue with the website HTTP headers

Options 1 and 2 seemed unlikely. The domain was registered some time ago, and we have already tested it for notifications and newsletters sent by Brevo. We set DKIM and related options in the process (they have a helpful tutorial). I checked Spamhaus, too, no issues. The probability of a spam problem was getting low.

We then realized (and one of the readers sent a notification at the same time) that the website headers check is giving low ratings on sites like the HTTP Observatory.

The path looked promising, and in a short time, Samantha had the Ansible playbook updated to set the headers. While working on the course content, we forgot about this little detail. There is a Content Security Policy (CSP) part that is still not set as we wish, but this is, unfortunately, a common problem on-site with WordPress. We’ll update you when we have a reasonable solution.

The rating went up, but the “suspicious website” marking remained…

That was the moment when I started searching the Internet yet again. It seems that it is a common LinkedIn problem, and the suggested solution was to open a support ticket. I did this (explaining the situation) and received a message that their technical team would handle it. And yes, the link became standard in a few days, and the warning was gone.

Ouff! problem solved.
The profile after fixes

The question remains about why the default Debian/Ubuntu installation of ngnix does not have secure settings… If you need a ngnix hardening tutorial, the one from Upguard is helpful

Also, thanks to everyone who notified us about the problem and gave us hints for solutions.

Posted By

Marta Rybczynska

Tagged