Google flags my sites as dangerous (Deceptive site ahead)

EDIT by YunoHost Teams: if your yunohost instance has been flagged as dangereous by Google safebrowsing: we need more info on this topic. Please, give us the maximum of information. You can wrote a private message to @Dev if you prefer.

Version of yunohost:
Version of ssowat:
Where is hosted your server:
Apps list:
Domains number:
Affected domains:
For each affected domains, give a link to the virus total test: VirusTotal
Have you put some links on social media (like youtube, instagram, etc.) which display the sso page ?
Have you find an app that was infected ? If yes, which app ?


Hi there and hello,

[My YunoHost server] VPS bought online ( Contabo )

YunoHost version: YunoHost 11.0.7 (testing)
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no - I get this from a brand new install

Description of my issue:

Google has taken to flagging any of my sites as dangerous. I went through all the trouble of claiming my search properties to find out why and google identifies some specfic URL’s as bad but got no useful information other than the below.

(From Google): Deceptive pages
Description:These pages attempt to trick users into doing something dangerous, such as installing unwanted software or revealing personal information. Learn more
Sample URLs
http://thefeaturecreep.com/yunohost
http://thefeaturecreep.com/yunohost/
http://thefeaturecreep.com/yunohost/sso
https://thefeaturecreep.com/yunohost
https://thefeaturecreep.com/yunohost/
https://thefeaturecreep.com/yunohost/admin
https://thefeaturecreep.com/yunohost/admin/
https://thefeaturecreep.com/yunohost/sso
https://thefeaturecreep.com/yunohost/sso/
https://thefeaturecreep.com/yunohost/sso/?r=aHR0cHM6Ly90aGVmZWF0dXJlY3JlZXAuY29tLw==

Google didnt give any clear information as to the issue:
A fellow Yunohoster submitted this False Positive from SSO - Google Search Central Community which seems to indicate the use of a 302 causing the flag.

Can anyone provide any suggestions?

2 Likes

Hello, the same happed to my Yunohost website. It got flagged by google as dangerous, I was running the Beta test version of Yunohost also on Contabo VPS., I just did a complete OS re-Install. I thought my server got compromised.

I’ve done many re-installs and Google has branded my two domain names as bad. I’ve changed the redirect to 301 instead of 302 and requested a review from Google. Will see how it goes,

You was not up to date.

I think your server could have been used to hide an other link with a redirection through the SSO.

However we had 2 others cases in the last months were the yunohost was up to date and Google flag the site has dangereous. In one case the person had added a domain that could be consider to clause of a department name (so a potential conterfeit).
All this case concerned this redirection mechanism in the SSO.

I got the same issue some weeks ago.
I went to the Google search console, added my main domain. Checked what’s wrong. I got ‘Deceptive site ahead’ for the yunohost portal.
I asked for a recheck. It took about three or four days and it was fixed.
In the documentation, they said to ask for a recheck once. If you ask a lot of times, you may get flagged as spammer.

2 Likes

i just got the warning as well from google chrome that my website is Deceptive.
YunoHost 4.3.6.3 (stable)
i also went to the Google search console and it to will not till me what i did wrong.

if it happens again ill have to leave yunohost. it feels like google might be being used by a 3rd party to intentionally get users like me to feel like this for a paid program that does this same thing.

google needs to do better to prevent their own system from being used for evil

Ask for a recheck and wait some days

Could you search your domain in VirusTotal

We could have more info on which url is banned. This url can contains private info so send me it by MP.

syb domain: Fortinet

Phishing
Seclookup

Malicious

main domain: CRDF

Malicious
CyRadar

Malicious
Fortinet

Phishing
G-Data

Phishing
Sophos

Malware

im using cloudflare is that having an effect?

without cloudflare i get No security vendor flagged this IP address as malicious

ill turn off CF and check agian

update: same results without CF enabled.

its a fresh install no uploads of anything,

i scanned all the github files on total and nothing bad.

ill re-install a fresh vps and see what i get

So at the moment I’m thinking of using the free domain nohost.me as the console login and using my personal domains for the software I install only. That way, when Google checks the site for that dud url it has a different one to look for ,

1 Like

The only place that gives me any kind of info on the redirect issue is this one. https://freetools.seobility.net/en/redirectcheck/check?url=https%3A%2F%2Fthefeaturecreep.com&expected=https

It says the redirect is incorrect - “The page does not redirect correctly. Incorrect target:”

im gonna reinstall a new vpa with new ip and try this

update: google wrote back server is fine and i also just re-did the server using the free domain as my main SSOwat domain and only use the main domain for apps

wish me luck see what google does next few days

Totoal Viurs has to be trash… or boken.

im not even using the domain it says is infected and when i run that domain i get
2 security vendors flagged this domain as malicious with the new ip address.

instead of doing a real check its just updating the ip and showing old results.

im loling so hard… so so listen to this … lamo so google… who owns youtube who also owns that total virus …

  1. i am assuming total virus flagged my url 1st then sent to flag to google console that flagged it that sent the flag to google chrome to flag it as dangerous but then they went to my youtube and any video with LINKS back to my domain as in links in description where flagged as what you read below.

Our team has reviewed your content, and, unfortunately, we think it violates our harmful and dangerous policy. We’ve removed the following content from YouTube:

URL: ht​tps://example.com

the email dates where the sametime frame as the chrome issues.

so note to future self do not add personal domain links in a youtube video.

i guess you can call this a chain of reactions

Hi,

I sent this message to fortiguard:

Hello,

I am from the Yunohost contributors team. YunoHost is an operating system for server purpose.

It seems, we have several server from our users listed in you blacklist. One of them is: https://yyyyyyyy.com/yunohost/sso/ y

We don’t find too much informations on blacklisted web page and in automated tools that should say us what’s the issue. We need more details.

Our SSO solution seems to be listed in each report, so we suspect an issue with a redirection mechanism. To be sure we need the true link of attack, there are no attack directly on https://yyyyyyyyyy.com/yunohost/sso/ but maybe on https://yyyyyyyyyy.com/yunohost/sso/?r=XXXXXXXXXXXXXXXX we need to know what are the XXXXX…

The topic on our support forum: https://forum.yunohost.org/t/re-google-flags-my-sites-as-dangerous-deceptive-site-ahead/20390
Thanks for your information,
XXXXX known as ljf

3 Likes

If you can send me which apps are installed or was installed on your yunohost it could help too.

the only apps used when it happen was wordpress, yourls, outline,

wordpress was subdomain, outline was subdomain, yourls was root domain

  • yourls i added a index.html to redirect to my wordpress subdomain to take advantage of it going to waste if ppl tried to access the root domain.

nothing on the site allowed users to signup, nor login, nor download anything.

wordpress was used just for my links to social media and streaming like a profile?
yourls i didnt even use it lol
outline love it perfect program.

i also used vultr vps and used the cheap $6 plan 32gb nvme 1gb ram i think

update just ran a total virus now i get
Fortinet

Phishing

Seclookup

Malicious

alphaMountain.ai

Suspicious

i am only using now BLUDIT instead of wordpress, yourls that not used yet, and thats it nothing else is installed.

makes no since

says my root domain is fine but my subdomain used for my profile stuff is still so called bad

im going to remove the subdoamin and try a new subdomain see if the issues come back

My website getting flags by google "Deceptive site ahead

Firefox blocked this page because it may trick you into doing something dangerous like installing software or revealing personal information like passwords or credit cards."

I am running Yunohost test version No application installed.

When I scan my domain at VirusTotal http://mysite.com/ is OK.
When I scan my domain at VirusTotal https://mysite.com/ 2 security vendors flagged this URL as malicious.

Certificate status

Great! You’re using a valid Let’s Encrypt certificate!
Certification authority

Let’s Encrypt (mysite.com)

Validity

87 days

[YunoHost 11.0.7 (testing)