Hardware: VPS/DigitalOcean YunoHost version: 11.0.10.2 I have access to my server : Yes, SSH, and all Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Description of my issue
Is there a way to display a message on the login screen? We’ve been having issues with Google flagging our site as “social engineering”. I contacted their support and said that to avoid this, the site has to clearly display who is operating the site and any additional branding. As such for example if you are operating it privately, it has to be clear.
So, I am looking if there is a way to display such messages on the login screens to avoid getting flagged as “social engineering” when most of the services we installed require users to login without much of a public facing page.
Well, we’ve done that but Google still flags it. Specifically, flags the subdomains where there admin and user login pages are sitting on. They don’t like the /yunohost/admin and /yunohost/sso pages. It doesn’t matter if the front subdomain/domain has webapp sitting in front of it.
They detect the /admin and /sso pages from people using it through Chrome. We don’t link to those pages anywhere on the front end webapp. So, it is very peculiar that they flag those specific pages when they shouldn’t exactly be able to crawl it under normal circumstances.
So I found that Google really does NOT like the /admin login page. We had no issues with this until literally today when I had to go to the admin panel to update the server. Literally within 5 minutes, Google Chrome red flagged the domain as phishing. If I never visit the admin page (like in the last 4 weeks) I never got flagged.
Really really need a way to display a proper message as they wanted to. Otherwise, it would be a pain to get flagged just to manage my server.
That’ll help for /sso by injecting on the custom_portal.js. Though, I’ve also discovered that if I login to /admin via the server’s IP instead of the server’s domain, it would reduce the chance of upsetting the Google gods of flagging the domain. Since I’m accessing /admin by IP and not by domain.
I don’t know if I would call that an ideal solution, but I suppose it works. Ideal case is still to have an easy text field in server settings we can just type out a message to display (for both /sso and /admin). That way the layman doesn’t have to mess with js to inject a simple message.