Google flags my sites as dangerous (Deceptive site ahead)


Hello to all resisters! I have the same problem as you all, impossible to get rid of the red flag of google while my site is clean. Did you find a solution to solve this problem? Should we sue Google for this prejudice? Or launch a massive attack to disable Google once and for all?

Little answers to your right questions:

  • Yes and no, we found some solutions to this problem but not The Solution. If you read this thread you can find some of these solutions;
  • Yes, we would sue google and also lunch many attacks against :slight_smile:

Contacting google was easy, after two days everything was okay. The worst problem for me are all the other “security vendors”. My domain was flagged by 11 other “security vendors” according to and I contacted some of them, but only one of them responded, so it seems I have to ditch the whole domain. There might be something in the redirection of the YH SSO.system that triggers the phishing warnings

1 Like

Bonjour, j’ai le même soucis


le topic est-il toujours ouvert ?
Je rencontre également ce soucis depuis qq jours (2 flags selon : Google + Seclookup)

Pour le moment, j’ai :

  • contester la classification dans le formulaire “report incorrect phising warning” ici, en pointant notamment ce thread pour appuyer la cause
  • mis une app par défaut sur le main domain dans la config yunohost

Avec espoir que aide :thinking:

 X-XSS-Protection 1; mode=block
Content-Security-Policy upgrade-insecure-requests
X-Content-Type-Options nosniff
X-Download-Options noopen
Transfer-Encoding chunked
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-SSO-WAT You've just been SSOed
Server nginx
Connection keep-alive
X-Permitted-Cross-Domain-Policies none
Cache-Control no-cache
Date Thu, 20 Apr 2023 10:52:50 GMT
X-Frame-Options SAMEORIGIN
Content-Type text/html
Permissions-Policy interest-cohort=() 

cc @Dev : je suis dispo pour mener qq tests si besoin ! :slight_smile:

J’ai essayé cette solution et… ca ne marche pas.

Par contre l’ajout d’une meta comme suggérer par JosepXavier dans l’index de la page semble fonctionner.

Something like this has not happened to me yet. And I have been using yunohost for a long time. Also their apps. Maybe, because I also use original domains. I have enough of them. If I wanted to install all in all still with subdomains that, I come loosely on up to three hundred pieces. I do not understand the users who do not buy one. Also to try. Then there would not be such problems in the first place.

I do not understand this at all. I have 20 domains running on my server under Yunohost, but I never had this before. I do not understand this. Because something like this has never happened to me.

1 Like

I also have over 20 domains and I have three more coming. But I never had this problem before. Just have to reset everything and now hopefully it will be even better. Maybe this is the penalty with all those who donate too little to yunohost :blush: :sweat_smile: :rofl: :wink:

Ich habe auch über 20 Domains und es kommen noch drei weitere dazu. Doch das Problem hatte ich noch nie. Muss nur alles neu aufsetzen und jetzt wird es hoffentlich noch besser. Vielleicht ist das die Strafe bei all denen, die zu wenig spenden an yunohost

1 Like

@Dr.Wily : j’ai reparcouru le thread, mais je ne vois pas à quoi tu fais allusion…
Est-ce que tu peux me pointer le post, stp ? :grimacing:

Hello, pour info :

  • Creation d’un compte sur Google Search Console
  • ajout du TXT fourni par Google dans mon DNS
  • contester le warning auprès de Google (ici)

… aura permis d’enlever le warning après qq jours !

Si la procédure permet de régler le pb, elle n’empeche qu’elle nécéssite de créer/avoir un compte Google. Dommage qd l’objectif est de se lancer dans l’auto-hebergement pour quitter les GAFAMS :frowning:

Est-ce qu’il n’y aurait pas une petite action à menée coté dev pour éviter cette situation ? :grimacing:

Yes même question, parce que copinage entre Google et certains navigateurs (firefox pour moi) qui se permettent de te lister deceptive et qui jouent le jeu des gafams c’est vraiment tout sauf neutre. Comme d’hab on prétexte la sécurité.

Guys and gals, please stick on English on this thread. :slight_smile:

The issue is that we have little-to-no information on what the problem actually is. Something in the way YunoHost is built has been caught in Google’s all mighty algorithm, but what? It is also difficult to decipher since some servers have never been flagged, some have been unflagged after one appeal, some are consistently flagged.


as mentioned before, I have neither a problem with google, nor under #discuss Yunohost. So I say such a small domain should be able to afford everyone. And then this spit is also over. Yunohost is banger and google does not interest me the bean. Therefore, this is really not a topic to boil hot. I agree with him @tituspijean

wie zuvor erwähnt, ich habe weder mit google ein Problem, und auch nicht unter #discuss #contribute-room Yunohost. Daher sage ich mal eine solche kleine Domain sollte sich jeder leisten können. Und dann ist auch diese Spuck vorbei. Yunohost ist Knaller und google interessiert mich nicht die Bohne. Daher ist das hier wirklich kein Thema zum heiß kochen.

Linux 6.1.11-meson64 #23.02.2 SMP PREEMPT Sat Feb 18 00:07:55 UTC 2023 aarch64
Machine : Odroid n2+
repo: stable
version: 11.1.19
repo: stable


I can confirm that the google red screen is getting worse and worse. It’s blocking more and more of my users.
I’ve noticed that :
*It blocks more with Firefox than Chromium
*With Firefox it works if you remove what’s after /sso/ in the url.
red screen
works fine

I’ve also, in the Firefox settings, deleted the certificates for domains starting with yuno… and I’ve deleted the coockies for sites starting with yuno…

Thanks for your help,
See you soon,

1 Like

A couple of times I reported my site being banned as a false positive once or twice and it would go away and then later happen again. Last time I did it though, I also blocked Googles crawler and the problem hasn’t come back in months.


I got the “Deceptive site” message. I activated the Search console yesterday. The report is now available but without useful information to debunk the issue. VirusTotal report is clean.

Is the release about SSO and may help ?

Is there any mechanism to validate that the running code is identical to the one installed by the packages ?


Your server is much probably not infected with any sort of virus or malware, you are simply witnessing megacorp’s AI (or whatever bullshit algorithm) mistakenly flagging your website, and they can’t even explain what’s the root cause of the issue (probably because there is none). Yet because they are megacorps, they control indirectly control the behavior of like 70% of web browsers on the planet, so you have to deal with their bullshit