EDIT by YunoHost Teams: if your yunohost instance has been flagged as dangereous by Google safebrowsing: we need more info on this topic. Please, give us the maximum of information. You can wrote a private message to @Dev if you prefer.
Version of yunohost: Version of ssowat: Where is hosted your server: Apps list: Domains number: Affected domains: For each affected domains, give a link to the virus total test: VirusTotal Have you put some links on social media (like youtube, instagram, etc.) which display the sso page ? Have you find an app that was infected ? If yes, which app ?
YunoHost version: YunoHost 11.0.7 (testing) I have access to my server : Through SSH | through the webadmin Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no - I get this from a brand new install
Description of my issue:
Google has taken to flagging any of my sites as dangerous. I went through all the trouble of claiming my search properties to find out why and google identifies some specfic URL’s as bad but got no useful information other than the below.
Hello, the same happed to my Yunohost website. It got flagged by google as dangerous, I was running the Beta test version of Yunohost also on Contabo VPS., I just did a complete OS re-Install. I thought my server got compromised.
I’ve done many re-installs and Google has branded my two domain names as bad. I’ve changed the redirect to 301 instead of 302 and requested a review from Google. Will see how it goes,
I think your server could have been used to hide an other link with a redirection through the SSO.
However we had 2 others cases in the last months were the yunohost was up to date and Google flag the site has dangereous. In one case the person had added a domain that could be consider to clause of a department name (so a potential conterfeit).
All this case concerned this redirection mechanism in the SSO.
I got the same issue some weeks ago.
I went to the Google search console, added my main domain. Checked what’s wrong. I got ‘Deceptive site ahead’ for the yunohost portal.
I asked for a recheck. It took about three or four days and it was fixed.
In the documentation, they said to ask for a recheck once. If you ask a lot of times, you may get flagged as spammer.
i just got the warning as well from google chrome that my website is Deceptive.
YunoHost 4.3.6.3 (stable)
i also went to the Google search console and it to will not till me what i did wrong.
if it happens again ill have to leave yunohost. it feels like google might be being used by a 3rd party to intentionally get users like me to feel like this for a paid program that does this same thing.
google needs to do better to prevent their own system from being used for evil
So at the moment I’m thinking of using the free domain nohost.me as the console login and using my personal domains for the software I install only. That way, when Google checks the site for that dud url it has a different one to look for ,
im gonna reinstall a new vpa with new ip and try this
update: google wrote back server is fine and i also just re-did the server using the free domain as my main SSOwat domain and only use the main domain for apps
im not even using the domain it says is infected and when i run that domain i get
2 security vendors flagged this domain as malicious with the new ip address.
instead of doing a real check its just updating the ip and showing old results.
im loling so hard… so so listen to this … lamo so google… who owns youtube who also owns that total virus …
i am assuming total virus flagged my url 1st then sent to flag to google console that flagged it that sent the flag to google chrome to flag it as dangerous but then they went to my youtube and any video with LINKS back to my domain as in links in description where flagged as what you read below.
Our team has reviewed your content, and, unfortunately, we think it violates our harmful and dangerous policy. We’ve removed the following content from YouTube:
URL: https://example.com
the email dates where the sametime frame as the chrome issues.
so note to future self do not add personal domain links in a youtube video.
My website getting flags by google "Deceptive site ahead
Firefox blocked this page because it may trick you into doing something dangerous like installing software or revealing personal information like passwords or credit cards."
I am running Yunohost test version No application installed.
When I scan my domain at VirusTotal http://mysite.com/is OK.
When I scan my domain at VirusTotal https://mysite.com/2 security vendors flagged this URL as malicious.
Certificate status
Great! You’re using a valid Let’s Encrypt certificate! Certification authority