Hi! Just bringing not-so-good news but I suspect this might have to do with some internal scoring Google (or any other phishing list provider, Cisco, Fortinet, etc. they share their data that’s why it often appears flagged in 3-4 databases), and I suspect some of the websites get a bad scoring because of a combination of these factors:
weird/cheap TLD used by phishers: some engines automatically give a bad score to those
newly seen domains: I know that Cisco for example offers a DNS service that can block all domains not in Cisco’s database yet. This is very efficient against phishing since that’s how phishing websites operate. This would also explain why sometimes the website is unblocked after a few days.
maybe as mentioned, the fact that the website redirects to a login form also triggers their scoring algorithm since it looks like a phishing form (but I don’t believe what was mentioned earlier with the 301 and 302 redirects, as 302 redirect is the correct use for an SSO login)
So as a solution I think we’re stuck with asking whichever vendor to lift their ban on a flagged domain…
YunoHost needs to setup robot.txt files to prevent google from index crawling i think thats the issue…
so mad i cant even use the home assistant app soon as i open it it sees the scary msg it now crashes and wont stop till google fixes my domain i can only access their through a web browser right now but on tablet web browser on split screen looks strange
Version of yunohost: 4.3.6.3 (stable) Version of ssowat: 4.3.3.1 Where is hosted your server: VPS Ionos Apps list: Jirafeau 4.4.0 ynh1 // nextcloud 22.2.10~ynh1 // prettynoemiecms 2020.01.07~ynh2 // rainloop 1.16.0~ynh4 Domains number: 4 Affected domains: 3 (fcostes.fr / files.fcostes.fr / docs.fcostes.fr) For each affected domains, give a link to the virus total test: fcostes.fr files.fcostes.fr docs.fcostes.fr page SSO du domaine fcostes.fr en erreur Have you put some links on social media (like youtube, instagram, etc.) which display the sso page ? NO Have you find an app that was infected ? If yes, which app ? NO
Hi everyone, i’m also experiencing this issue of wrongful phishing notice: the first one in early may, then a second time and third time in a row on the 1rst and 6th of August.
For the 1rst and 2nd notice, a simple reaxam form did the job without doing anything on the server. I applied a 3rd exam this morning and waiting.
What happened between the 2nd and 3rd notice is the use of Jirafeau and the download of a file uploaded on the jirafeau instance by a third-party user (normal use-case).
Could this use-case have triggered the Google Safebrowsing phishing notice ?
Have a good day all, i’ll update this post to keep you informed if needed
Edit :
I submitted Yesterday evening (August 08th) a security review request and this morning the message was gone, so it was treated in less than 12hours.
Edit 2
This morning my site was again flagged as dangerous (social engineering). I asked for a review immediately, i’ll update when removed.
the BTCPayServer folks thought maybe it was because 1 btcpay server was used by someone in a malware campaign (ransomware) so now some app somewhere thinks all of them are malicious.
But this theory flagging based on “redirection to a login page” behaviour – thats interesting. Cuz I know BTCPayServer does that too. Perhaps there is a fix that us software developers can implement by “hiding” the login page or requiring users to click a link before it displays the login form?
edit: note this is just a theory!! AFAIK we have no idea why these flags are happening
I looked to find someway of having a static ‘home’ page as the landing page, but could not find any option or app like that in YNH. I don’t mind having to click out to my login page … it’s an extra click but not a big deal. Anyone know how to make this happen?
Thanks Guilhem, i made request like you and it’s solve the problem. No so easy for a beginner to add a txt dns record. But it’s the only way i know to fix this google flag.
When you get flagged by Google - One of the ways you get them to review your case is to add the Google file or txt record to your dns to verify ownership.
So adding a custom webapp and making it the main domain worked. One of my domains is now working properly and not getting flagged.
However - I setup one of my other domains and servers (new debian install - fresh yunohost install).
Once it was setup I ran the dignosis, made the recommended changes and stepped away to make a coffee.
On a site with no installed apps it took about 8 minutes for that domain to be reflagged as dangerous.
Yes, I now have a process to work through to clear this *hopefully permanently" but I can understand why some are struggling with this. I’m still hooked though, love Yunohost and will persevere through this.
Due to this issue, I will unfortunately need to abandon using this wonderful tool, as today, my site has been flagged for the fourth time.
I’ve done several tests. I removed all applications, leaving only the core system, and even then I am flagged.
Really I would like to understand the cause of this problem, but I haven’t found the logic of the cause.
Complementing my comment, I saw reports of users recommending the registration of TXT records in DNS for Google to identify domain ownership.
I already have it registered since I got the domain because I use Google Workspace services.
21 domaines.
Le problème concerne le domaine principal uniquement, d’autres sous-domaines du même domaine ne sont pas concernés.
Autre point, hier tout était normal. J’avais effectué la mise à jour vers 4.4.2.11 ce matin.
