cancel
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

URGENT: My website is inaccessible on the Vodafone network: insecure redirect via allot.com

matstillo
2: Seeker
2: Seeker

Hi there,

I'm a web developer having an issue I've never come across before. My clients website cannot be accessed by anyone using a Vodafone cellular connection. It gives a 'insecure connection' warning, with an SSL certificate for that page being issued by allot.com. This is not my actual website SSL, which is with iOnos and has been verified as fully working. 

Why is the domain being redirected through allot.com by Vodafone like this?!

The is not just my Vodafone connection, it appears to be all the visitors to the site accessing via Vodafone. It may not be happening for all of them, but all the failed connections are 100% accessing via Vodafone mobile.

I hope you can help as a matter of urgency, my client is going nuts.

Many thanks

Mat

1 ACCEPTED SOLUTION

Could you please pop me over the URL of the site @matstillo  and a screenshot of the error visitors are getting? Can you also confirm if the error occurs when SecureNet is active, inactive or both? 

View solution in original position

14 REPLIES 14

CallumR
Moderator
Moderator

Hey @matstillo thanks for reaching out to us. I've taken a look at the link you provided in the other thread and it seems that 2 security vendors have marked the website as malicious. You can check which security vendors have marked this down here

Before we're able to raise a case to get the website reclassified, we'd advise you to speak with your tech team that deals with your website and remove anything that's been marked as malicious. 

Once done, come back to us and we'll get a case raised for you. 

matstillo
2: Seeker
2: Seeker

OK thanks, this is a Shopify site that a client has built themselves. It's all managed by Shopify so I'll  ask them to look into what might be getting flagged. Many thanks for the swift reply.

matstillo
2: Seeker
2: Seeker

I can't see how I go about finding out more info from VirusTotal about what they think is malicious though? I don't know where to even start otherwise! I've requested Shopify look into it anyway.

CallumR
Moderator
Moderator

@matstillo Shopify should be able to locate any malicious links within your website. When you use the link to go to VirusTotal, enter your website into the URL section and it'll bring up the security vendors that have marked your website. 

Once you've heard back from Shopify, please come back to us and we'll get it raised if needed. 

Thanks! Unfortunately the VirusTotal report indicates the vendors that find an issue but not what it actually is. Ive asked Shopify to investigate.

Thanks for letting us know @matstillo Let us know when you have an update.

matstillo
2: Seeker
2: Seeker

OK so Shopify have been able to confirm that they cannot see anything at all that would cause the site to be flagged as harmful:
 They say:


"From our end, I have checked your theme, apps and the limited domain information we can see in the Admin, and I was not able to identify anything that might cause a mobile service to flag your website in the way you described. Our investigation from myself and previous advisors have determined that all signs are pointing to the issue being between the domain provider (the SSL certificate specifically) and the mobile service of Vodafone only, not their broadband service. "

I can only think that the 2 results from VirusTotal saying otherwise are false positives & I really now need Vodafone to look into this further. iOnos are unable to see anything with the current SSL set up that would cause any issues either. And as Vodafone Mobile is the only service on which this issue is happening, it really does seem that it is now down to Vodafone to give me more answers on not only why they are blocking my site, but why it is being redirected to an SSL served by allot.com that even Vodafone don't seem aware of?

Hopefully someone can now look into this further and remove anything from the site that is causing it to be blocked/redirected.

 

Many thanks

 

Could you please pop me over the URL of the site @matstillo  and a screenshot of the error visitors are getting? Can you also confirm if the error occurs when SecureNet is active, inactive or both? 

matstillo
2: Seeker
2: Seeker

The URL is silverlinesjewellery.co.uk

I'm getting a variety of messages across different mobile browsers. Chrome and Firefox mark the site as Adult Content. I've also included a screenshot of the SSL certificate that is being shown instead of my iOnos one, which is instead issued by allot.com & in not valid

With Secure Net, I had to Google that to see what it even is! As part of my efforts to sort this, Vodafone switched off any blocking on my own mobile account: this may have been Secure Net settings they played with?! Doing that though was actually unhelpful as I cannot now replicate the issue personally & have to borrow phones to keep testing this. ( Side note: I'm a man of the world and have never had any issues viewing any Adult Content on my Vodafone cellular connection before 😉 so I don't know why a jewellery site is now getting blocked? )

Bizarrely, I keep getting told by other Vodafone support channels to just contact all the website visitors who cannot access the website & ask them to adjust their Vodafone security settings. That's literally one of the oddest answers I've ever been given by any support & I struggled to explain why I could not get in touch with website visitors who were unable to see my site & hence contact me & who I had never met. Even despite that obvious flaw in the plan, this should not require solving at an individual user level. This is a jewellery website, on a secure Shopify platform, that has been fully checked by Shopify and has no visible issues. iOnos are unable to see anything in the DNS / SLL setup that could be causing this and have no knowledge of allot.com, who appear to be doing something with the SSL when the site is blocked by Vodafone.

many thanks for your assistance, hopefully soon we can get to the bottom of what is causing the seemingly false flag identification by Vodafone.

I can't currently see any option for adding attachments, will keep looking