Thank you all for your assistance.
At the moment I only have two apps.
Moodle and Adminer - But I have extensively added and removed apps in the past.
Wordpress
Webmin
shell in a box
etc
@OnTheWeb Thanks for this precious information. Your installation without apps is a good candidate to find the issue.
Is your server able to send mail ? If yes could you check /var/log/mail.log ? Is your server sending some strange mail ?
less /var/log/mail.log
Have you some accounts with very simple password ?
Could you send me in private the content of this command:
grep -E "301|302" /var/log/nginx/*-access.log | grep sso
1 Like
When I do
grep -E "301|302" /var/log/nginx/*-access.log | grep sso nothing happen
1 Like
In the fail2ban jails.conf I donât see the
[postfix-sasl]
1 Like
I had the same problem because the DNS is not correct or you donât have Lets an crypt. Or something went wrong with the software. Check what you installed last or what program is causing it. I have moved to a larger server. And all via rsync. I have to say that I managed to access the terminal using the old structure! And thatâs why I got access via terminal, otherwise it probably wouldnât have worked anymore. So I created a new domain as the main domain on the new server and was able to solve some errors through the forum and ask others my problems. In this respect, the first thing to do is to see whether this is your first setup or whether it is a move itself. You would have to explain that a little more clearly. I hope you can understand that as I only know German and will translate it for you.
Das Problem hatte ich genauso, da die DNS nicht sauber stimmen oder du kein Lets an crypt hast. Oder bei der Software ist etwas schiefgelaufen. Schaue nach, was du zuletzt installiert hast oder was an Programm das verursacht.
Ich bin auf einen gröĂeren Server umgezogen. Und das ganze per rsync . Muss dazu sagen, dass ich noch unter alter Struktur mir einen Zugang per Terminal geschafft habe! Und habe daher auch ĂŒber terminal mir Zugang verschafft, sonst wĂ€re wohl mehr nicht am Laufen gewesen. Ich habe also eine neue Domain als die Hauptdomain angelegt auf dem neuen Server und konnte so einige Fehler durch das Forum und fragen bei anderen meine Probleme lösen. Insofern ist das erst einmal zu schauen, ob das deine erste Einrichtung ist oder Umzug selbst ist. Das mĂŒsstest du etwas verstĂ€ndlicher beschreiben. Ich hoffe, du kannst das verstehen, da ich nur Deutsch kann und das Ăbersetze fĂŒr dich.
That they look at what software is causing it or where the faults developed from. I was allowed to experience the podcast. I deleted and reinstalled some programs and uninstalled the podcast that was installed twice for websites and left it as is. If everything runs smoothly in the system and it now looks flawless, I will reinstall it. look. Now the updated list appears for me again, which was not possible before. And can import again. It doesnât get any better than Yunohost. I love it and have been at it for over two years now. I also had the problems and Iâm not a big programmer, but Iâve read a little bit about Debian and been there for a long time. In exchange Iâd be happy to donate something to you.Also lets and Crypt see if itâs installed everywhere. Then make sure that they also appear in the settings of each Damian program as in the first skreen. And otherwise go through the software individually and reinstall to see if the errors then go away and the pages are accessible. And see if your rebuild s-archive is created and opens cleanly. Because I think you might have the same problem with that. So thatâs how it worked for me. I hope they do the same soon.
Dass sie schauen, welche Software das verursacht oder wo sich die Störungen heraus dann entwickelt haben. Ich hatte den Podcast erleben dĂŒrfen. Ich habe einige Programme gelöscht und wieder eingespielt und den Podcast der zweimal fĂŒr Webseiten installiert war erst einmal deinstalliert und bei belassen.
Wenn im System alles stimmig lĂ€uft und das sieht jetzt einwandfrei aus, werde ich die auch wieder installieren. Schauen mal. Jetzt tauchen bei mir die aktualisieren Liste wieder auf, was vorher auch alles nicht ging. Und wieder einspielen kann. Besser als Yunohost geht nicht mehr. Ich liebe es und bin schon ĂŒber zwei Jahre jetzt dabei. Auch ich hatte die Probleme und bin kein groĂer Programmierer, doch etwas schon in Debian belesen und lĂ€nger dabei. DafĂŒr spende ich gerne was an Sie.
Also lets and Crypt schauen ob ĂŒberall installiert.
Dann schauen, dass sie auch in den Einstellungen jedes Programm zur Damian auftauchen wie im ersten Skreen.
Und sonst einzelnen die Software durchgehen und wieder installieren, um zu sehen, ob die Fehler dann verschwinden, dass die Seiten aufrufbar sind.
Und schauen Sie mal, ob ihr wieder Herstellung s-Archive angelegt ist und sauber sich öffnet. Denn ich denke, damit dĂŒrften Sie genauso Probleme haben. Also so hat es bei mir geklappt. Ich hoffe bei ihnen bald genauso.
so i changed my domain to socials.example.com and now fortinet on total virus is saying its also infected funny thing is NOTHING is hosted on that domain didnt even do SSL on it.
i am starting to think anything with phrase social is auto flagged.
all other sub & root domains are fine but anything as social or media.
fortinet do better.
YunoHost 4.3.6.3 (stable)
yâall same-thing is happening for me as well as you.
should i be worried?
interesting find https://freetools.seobility.net/en/redirectcheck/check?url=https%3A%2F%2Fsrt.wtf&expected=https
anyway to manually change the yunohost/admin to make it stop showing that bad redirect
Hi,
I have 3 domains on my vps. The main one, used during the installation is a .ynh.fr domain
On the other 2 secondary ones, I only use the mail function of YunoHost.
Iâve done several times via Firefox to say that the sso address was not fraudulent but with ups and downs. I ended up defaulting to a webapp with nothing in it for these 2 domains.
It improved things but the warning via the sso came back.
I donât have any problem with the admin URL for the moment.
Strangely, at home behind my box, with only one domain name in .ynh.fr I have no problem for the moment, neither on the sso, nor on the admin.
ppr
To get more info, i ask important informations on top of this topic.
Now i am not totally sure that we are facing a true phishing attacks. Maybe thatâs just false positive due to specific conditions. Here i sum up what seems to be a bit common in your setup:
So we have 5 servers flags or which have been flagged by Google blacklist and co as phishing/suspicious/malicious.
2 are hosted on Contabo VPS (and the others ?)
It seems the term âsocialâ in the domain name donât help to be unflagged. Have you specific things in your domains ?
SSO URLâs seems concerned each time.
One of you says he/she has made several link at the bottom of youtube video. Is it possible some link was sending to the yunohost sso ? If yes, is it possible that google consider those link who displays a login form as suspicious ?
@ppr seems to says that it could be related to a multidomains context (maybe the fact to be redirected on another domain ?).
Install an empty webapp on root domain can help but is not enough.
One of you has a google account and could use it to login on the Google Search console to know more why its server is blacklisted ?
https://search.google.com/search-console/about
You probably have to do a process to validate you own the domain of the server.
1 Like
yes i posted a similar photo above i dont understand why you posted this?
the issue is i didnt upload anything to the server everything already came from yunohost.
yunohost allows us to install applications which means yunohost and or the applications are the infected ones not me. unless the vps company is the one with an infected vps container.
thats what we are trying to figure out.
is it the SSL, is it a false flag, its the vps getting infected images, is it yunohost, is it yunohost apps?
i can go spin up a new vps image use command line to install younhost on a domain not used with yunohost and instantly will show infected.
ive installed yunhost many times and re-installed the apps fresh didnt use any backups and still infected⊠so its NOT me.
https i get infected
http is non infected on most dub-domains
yes i posted a similar photo above i dont understand why you posted this?
Just to point out, that before â2 security vendors flagged this URL as maliciousâ Now 5.
Nothing personal my URL is also flagged by google and VirusTotal.
just wish we knew how to fix this & what is causing it.