Here i compile some advices that should avoid you this misavendventure.
Avoid to post link onto your server from Google services
It means that you should avoid to post a video with a description and a link onto your ynh server.
Define an app as app by default
You should install a customweb app on YOURDOMAIN/site/ and define this app as the “app by default”.
This setup avoid in several use case to redirect onto user portal if you don’t go specifically onto the good URL…
Use a common extension in your domain
If you have an exhautic extension it could increase your phishing notation on their tools
Don’t use domain name close to well known services or town
If you have a domain name that could be conseidered as something official, you shoudl consider to change it.
And if it’s not enough ?
I don’t really know what to do technically.
We probably could remake the SSO to avoid redirection onto the login page, but other sso and big website do like we do, so it’s very strange that our redirection onto a login page is considered like that…
Because this problem I stop using Yunohost, I tried many things same result., I hope this get fix.
Maybe the better would be: Do not use google technologies at all …
even if we try avoid this google technologies we cant escape google, if i open firefox or another web browser i still get the same red warning, because almost all web browser’s still somehow connect to google technologies thu API for faster cheaper solutions to securing the web.
but i want to know what you mean by this google technologies though
My domain result blocked again in these days.
My domain was registered in 1997, never changed the owner, it has a static ip.
My users can continue use the hosted services because no one uses the web login page.
I changed my browser.
any news updates about all this? im still considered dangerous to google
How many people in this thread followed the VPS Wireguard tutorial located in this forum? I’m wondering if that could have something to do with it?
I am having the same issue, and have sent a private message to the Dev team with my server’s config and logs. I kept seeing a weird site redirecting to my SSO page in my NGINX logs. I’m also wondering if that is related to this issue.
i use wireguard through yunohost but i dont know anything about it on this forum… love wireguard will use it more when the netflix changes come.
My site is marked as dangerous and I did not use wireguard at all
your site is marked as dangerous because of the SSO has nothing to do with wireguard.
- when google search is indexing it tries to access the admin parts of your website or domains that the login is behind YunoHost SSO and the SSO redirects google indexer to the SSO portal and google freaks out thinks your sending them to a scammer to rob them or hack them.
only way to avoid this is really do not hide applications or domains behind the SSO and try to use the google search consoles
Shit… j’ai décoché les trois cases sous « Protection contre les contenus trompeurs et les logiciels dangereux ».
Cette histoire me va loin… c’est comme pour les mails, on peut finir dans les spams sans savoir pourquoi (mis à part que les gafam utilisent des mécanismes internes pour protéger les gens, sans expliquer correctement ce qui se passe).
Edit: 3h plus tard, en cochant à nouveau ces 3 cases… plus d’alerte.
Hello, depuis aujourd’hui, j’ai exactement le même problème avec mon serveur : meurthemadon.nohost.me
Impossible de valider la propriété du site sur la console google. J’ai utilisé my_webapp pour uploader le fichier de contrôle de google mais la réponse est “Votre site est introuvable. Veuillez vérifier que vous avez correctement renseigné l’URL de votre propriété.”
Google also flagged my personal server for “phishing” (behind the login screen also) yesterday, but I got the warning removed in just 24 hours via Firefox’s false positive report tool by saying something like:
This is my personal server where I self-host my services for my own use only. Check yunohost.org for more info.
I’m not phishing anyone. If random person from internet stumbleupon to the site and enters their credentials, it’s none of my business.
I’m stunned that it was the decision was reversed that fast I guess I got lucky?
Same procedure and same solution for me! I also mentioned Yunohost so that they can update their phishing models
give it time… it’d get flagged in again in 1 week to a month.
- i stopped doing the review … i dont care any more… anything i want seen i dont put behind the SSO.
If that happens again, then I don’t care. I finally disabled safe browsing stuff from my browsers, pretty useless feature to me. And since this is my personal server, I don’t give a f about what Google thinks this server is.
I added robots.txt though (if that’s gonna help, even if it doesn’t, I don’t want my server to be indexed on Google or other search engines) with these instructions: Best way for disallowing robots with robots.txt from everything?
We now know that several recent Mastodon instances had the same misadventure.
It seems that several similar authentication pages on a lot of IP is considered as a phishing botnet.
Do you know any workaround to this problem??
Applying a custom theme to login page can mitigate this problem, it worked for me