A major healtchare client of ours emailed us yesterday and told us that they’re getting reports from some visitors that their Joomla website (the healthcare website) is blocked because it is compromised. One of those reports stated that it was Websense that labeled the website as compromised. So, we immediately went to csi.websense.com and we entered the URL of the site and analyzed it. It didn’t take long for Websense to respond back with a dreadful Compromised Website response.
We were sure that the website was clean, nevertheless, we checked, double checked, and tripled checked the website (using a variety of tools) and all of those checks came out as negative: the website was clean; there was nothing malicious about it and it was not compromised! We then ran a full scan on the server (the scan didn’t come back with any positives). This whole thing meant that Websense (which is a Cisco subsidiary) has mistakenly labeled the website as compromised (it was a false positive).
Once we were sure that this issue was a false positive, we did the following:
- We created an account with Websense. Note that the account can be created for free, there is no need to subscribe to any Websense service in order to create the account.
-
Once the account was successfully created, we re-ran the scan (on csi.websense.com), and then, on the ACE Insight Report (which is the report generated once you go to csi.websense.com and enter the URL of your website), we clicked on Suggest a different categorization).
-
We then chose Health as category (the category already assigned to the website was Compromised Websites), and then added a small message that Webense’s findings were a false positive.
-
We waited…
-
90 minutes later, we got an automated email from Websense Labs, telling us that our AceInsight submission has been received and that it was assigned a case number.
-
Another 90 minutes later, we got an automated email, also from Websense Labs, telling us that our AceInsight submission has been escalated for further research. Obviously, that email was a breath of fresh air. We knew that they were working to address the issue.
-
Yet another 90 minutes later, we got an exhilarating email from Websense Labs telling us that the site we submitted has been reviewed and determined safe for browsing. Hooray!
-
We informed the client who promised to donate $100 billion for charities in our name. OK, we’re kidding, but the client was ecstatic!
Now, even after fixing the problem, we still had a few issues. Some firewalls, such as Barracuda, query the Websense database and cache the results. Unfortunately, Barracuda queried the database at the wrong time, and haven’t refreshed their cache as of yet. Nevertheless, we expect them to refresh their cache anytime now (for now, we are asking affected companies to whitelist our client’s website on their Barracuda firewall).
So, was the effort worth it?
Definitely. Websense maintains one of the most important and up-to-date databases about the health of the websites, which means that there are many 3rd parties (such as Barracuda) that query this database to check whether a website is safe or not. If we didn’t address this problem and if we didn’t address it immediately, then within 48 hours every single firewall on this planet would have probably blocked our client’s site.
Now, if you, our esteemed reader, have run into the Websense issue, then try the above guide to unblock your website (make sure it is clean first). If you need help addressing this issue, then that’s why we’re here. Just contact us and let us take care of the rest. Please note that our super affordable fees apply!