Google Flagging PBX sub-domain as malicious

VitalPBX
1

I have a sub-domain configured that I access my PBX at. Today Google’s Webmaster Tools told me there is malware on the sub-domain. Multiple scans have no encountered any issues or malware.

The specific message was:

“Google has detected harmful content on some of your site’s pages. We recommend that you remove it as soon as possible. Until then, browsers such as Google Chrome will display a warning when users visit or download certain files from your site.”

And it gave the subdomain of the site: https://pbx.*****.com/

I reissued the SSL cert just in case and submitted it for review as a false positive. This occurred right after I upgraded to the most current stable version 3.2.3-7.
Hardware Info
Virtualization KVM
CPU Model Intel Core Processor (Skylake, IBRS)
CPU Cores 1
RAM 2 GB / 2 GB

System Information

Distro CentOS Linux release 7.9.2009 (Core)
Kernel 3.10.0-1160.80.1.el7.x86_64
Asterisk 18.12.1
VitalPBX 3.2.3-7

Has anyone else had this issue and how did you resolve it?

2

Check here. Might be the main domain that has this problem. Nothing to do with PBX.

https://transparencyreport.google.com/safe-browsing/search

3

I had a similar issue with dns sub domains getting hijacked ( also using a vps )
I found that a short TTL setting in the DNS provider somehow allowed it to be redirected to a malware type site.
Changing the TTL in the A record of the DNS provider to something like 43200 solved the issue for me
However this issue also infected browser and router caches of any users that tried accessing it while it was having the problem, that had to be flushed after changing the TTL’s in the A record
Not sure if this is your same issue

2 Likes
4

I moved the PBX to a sub-domain not indexed by Google on another domain name. That resolved the issue. I now also get a notification in Chrome that pbx.xxx.com is not secure and it shows that my certificate is issued to “Guest” by “Guest”. I have successfully issued the Let’s Encrypt SSL cert so this is strange behavior.

I’m going to try @dannylarsen suggestion in a second to see if that makes a difference.

5

So I found the issue with the SSL. Apparently somewhere in the upgrade that I just did the setting Admin > System Settings > HTTP Server was changed to “Pre-build Certificate (Native)” instead of the name of the Let’s Encrypt SSL Certificate.

I wonder if this is why Google identified it as malware?!

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.