Omeka flagged as unsafe site


At the University of Lincoln we currently have an Omeka classic installation which went live last week: The public interface is based on seasons 2.5.1, with minimal re-skinning and some small code adjustments: we changed the names of Dublin core elements, removed the whole “output format” sections, put tags in alphabetical order, and other minor tweaking.

Everything works smoothly, but every now and again users are complaining that they can’t get in as the installation has been flagged as unsafe site / harmful content. The issue doesn’t seem to correlate with browser, OS, antivirus, malware protection software, internet providers and country. Also it seems to appear completely at random.

Please also note that our site is about difficult heritage so words like bomb, bombing, attack, kill, die, terror, burn, shot, execute etc. appear systematically across all pages.

Did someone experience a similar issue? If so, how was it resolved? Please find below full system configuration.

Best regards,

Alex Pesaro
International Bomber Command Centre Digital Archive
Riseholme Hall
University of Lincoln
Riseholme Campus
Lincoln LN6 7TS
United Kingdom

Omeka 2.6.1
PHP 5.4.16 (apache2handler)
OS Linux 3.10.0-514.6.1.el7.x86_64 x86_64
MySQL Server 5.7.22
MySQL Client 5.6.37
Apache Apache
PHP Extensions
Regular apache2handler, bz2, calendar, Core, ctype, curl, date, dom, ereg, exif, fileinfo, filter, ftp, gettext, gmp, hash, iconv, json, libxml, mhash, mysql, mysqli, openssl, pcre, PDO, pdo_mysql, pdo_sqlite, Phar, posix, Reflection, session, shmop, SimpleXML, sockets, SPL, sqlite3, standard, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xml, xmlreader, xmlwriter, xsl, zip, zlib

ArchiveRepertory 2.15
BulkMetadataEditor 2.4
CSSEditor 1.0.1
Carta 2.1.1 (inactive)
CleanUrl 2.16
CollectionTree 2.1
Corrections 1.0
CsvImport 2.0.4
Dropbox 0.7.2 (inactive)
DublinCoreExtended 2.2
ExhibitBuilder 3.4.1
Geolocation 2.2.5 (inactive)
HideElements 1.3
ItemOrder 2.0.2
ItemRelations 2.0.2
Neatline 2.6.0
NeatlineSimile-master 2.0.4
PdfEmbed 1.0 (inactive)
RecordRelations 2.0.1
SearchByMetadata 1.2.1
SimpleContactForm 0.5 (inactive)
SimplePages 3.1.1
SimpleVocab 2.1
UserProfiles 1.2.1 (inactive)
berlin 2.6
default 2.5 (current)
seasons 2.5.1

I’m not sure, as I don’t see any issue. It might help to have some specifics in terms of the messaging people are seeing when they can’t access the site.

It may just be institution-installed blocking software (possibly an algorithmic decision based on your content, as you say) in which case I think you’d have to go to the institution and/or the blocking software vendor to look at being removed.

I could reproduce the error on Firefox and the problem seems to be your certificate. Firefox offers troubleshooting advices. If that doesn’t help check SSL Labs which gives you more technical details about the issue.

FYI: If your certificate authority is not trusted and the issuer cannot fix it quickly, you can always go with Let’s Encrypt

The issue was difficult to reproduce but it was eventually chalked down to a wrongly-configured certificate. All sorted. Many thanks to all those replied. Please consider the topic closed.