Google flags my sites as dangerous (Deceptive site ahead)

KaraDanvers · September 21, 2022, 1:39am

i hurt googles feelings

at least my site is not red warning any more

Limezy · September 21, 2022, 1:51pm

Would you mind explaining how you did that ?
Apparently we should expose yunohostserver.com/robots.txt with the above commands.
But how to have that file served by nginx ?

KaraDanvers · September 22, 2022, 2:06am

TBH… i had no idea what i am or was doing.

i made a robot.txt with this inside
go away Googlebot
User-agent: Googlebot
Disallow: /

slow down Yahoo
User-agent: Slurp
Crawl-delay: 10

User-agent: *
Crawl-Delay: 10

<
meta name= “googlebot” content=“noindex”

this must be what google is mad at… the meta noindex above - oh well

User agent: *
Disallow: https:// myaccount.p3n.pw/ yunohost /sso/
Disallow: https:// myaccount.p3n.pw/ yunohost /
Disallow: https:// myaccount.p3n.pw/
Disallow: https:// remote.p3n.pw/
Disallow: https:// p3n.pw/admin
Disallow: https:// www. p3n.pw/admin
Disallow: https:// remote.p3n.pw/guacamole/#/
Disallow: https:// remote.p3n.pw/guacamole/
Disallow: https:// archive.p3n.pw/
Disallow: https:// archive.p3n.pw/admin
Disallow: https:// archive.p3n.pw/
Disallow: https:// vpn.p3n.pw/
Disallow: https:// login.p3n.pw/admin
Disallow: https:// login.p3n.pw/api
Disallow: https:// login.p3n.pw/
Disallow: https:// mail.p3n.pw/

then copy it into the yunohost server into every folder that is web visible even the yunohost default theme folder

prob a bad idea but not getting help on here so i went with my idea, with each drop into a folder make sure you test each domain and page to make sure you dont get any errors or blank pages lots of trial and error

KaraDanvers · September 23, 2022, 9:09pm

never mind google got so mad i blocked there indexer bots they now red paged all my domains with the robot.txt

KaraDanvers · September 23, 2022, 10:10pm

YunohHost and its users might have to file a Class Action Lawsuit against Google.
nothing on my domains allows a User to signup nor Register let along does any of my links redirect users to malicious sites

they are lucky i am not a business because the red notice page is considered slander false accusations lying to users who visit i am trying to steal scam or install virus on there pc.

KaraDanvers · September 23, 2022, 10:53pm

i need to get a list of all google ip addresses and see if i can block there servers period.
https://www.gstatic.com/ipranges/goog.json
https://www.gstatic.com/ipranges/cloud.json
would i be able to block google with all this?

ljf · September 24, 2022, 2:59pm

Hi,

Here i compile some advices that should avoid you this misavendventure.

Avoid to post link onto your server from Google services

It means that you should avoid to post a video with a description and a link onto your ynh server.

Define an app as app by default

You should install a customweb app on YOURDOMAIN/site/ and define this app as the “app by default”.

This setup avoid in several use case to redirect onto user portal if you don’t go specifically onto the good URL…

Use a common extension in your domain

If you have an exhautic extension it could increase your phishing notation on their tools

Don’t use domain name close to well known services or town

If you have a domain name that could be conseidered as something official, you shoudl consider to change it.

And if it’s not enough ?

I don’t really know what to do technically.

We probably could remake the SSO to avoid redirection onto the login page, but other sso and big website do like we do, so it’s very strange that our redirection onto a login page is considered like that…

OnTheWeb · September 24, 2022, 6:14pm

Because this problem I stop using Yunohost, I tried many things same result., I hope this get fix.

yalh76 · September 25, 2022, 9:39pm

Maybe the better would be: Do not use google technologies at all …

KaraDanvers · September 25, 2022, 9:50pm

even if we try avoid this google technologies we cant escape google, if i open firefox or another web browser i still get the same red warning, because almost all web browser’s still somehow connect to google technologies thu API for faster cheaper solutions to securing the web.

but i want to know what you mean by this google technologies though

lnoferin · September 27, 2022, 7:13am

My domain result blocked again in these days.
My domain was registered in 1997, never changed the owner, it has a static ip.
My users can continue use the hosted services because no one uses the web login page.
I changed my browser.

KaraDanvers · October 20, 2022, 1:26am

any news updates about all this? im still considered dangerous to google

utxbrian · October 20, 2022, 1:41am

How many people in this thread followed the VPS Wireguard tutorial located in this forum? I’m wondering if that could have something to do with it?

utxbrian · October 20, 2022, 1:44am

I am having the same issue, and have sent a private message to the Dev team with my server’s config and logs. I kept seeing a weird site redirecting to my SSO page in my NGINX logs. I’m also wondering if that is related to this issue.

KaraDanvers · October 23, 2022, 5:24am

i use wireguard through yunohost but i dont know anything about it on this forum… love wireguard will use it more when the netflix changes come.

lnoferin · October 30, 2022, 10:45am

My site is marked as dangerous and I did not use wireguard at all

KaraDanvers · October 31, 2022, 5:04am

your site is marked as dangerous because of the SSO has nothing to do with wireguard.

when google search is indexing it tries to access the admin parts of your website or domains that the login is behind YunoHost SSO and the SSO redirects google indexer to the SSO portal and google freaks out thinks your sending them to a scammer to rob them or hack them.

only way to avoid this is really do not hide applications or domains behind the SSO and try to use the google search consoles

tierce · October 31, 2022, 11:09am

Shit… j’ai décoché les trois cases sous « Protection contre les contenus trompeurs et les logiciels dangereux ».

Cette histoire me va loin… c’est comme pour les mails, on peut finir dans les spams sans savoir pourquoi (mis à part que les gafam utilisent des mécanismes internes pour protéger les gens, sans expliquer correctement ce qui se passe).

Edit: 3h plus tard, en cochant à nouveau ces 3 cases… plus d’alerte.

Mat · October 31, 2022, 2:42pm

Hello, depuis aujourd’hui, j’ai exactement le même problème avec mon serveur : meurthemadon.nohost.me
Impossible de valider la propriété du site sur la console google. J’ai utilisé my_webapp pour uploader le fichier de contrôle de google mais la réponse est “Votre site est introuvable. Veuillez vérifier que vous avez correctement renseigné l’URL de votre propriété.”

krisu · November 1, 2022, 4:42pm

Google also flagged my personal server for “phishing” (behind the login screen also) yesterday, but I got the warning removed in just 24 hours via Firefox’s false positive report tool by saying something like:

This is my personal server where I self-host my services for my own use only. Check yunohost.org for more info.

I’m not phishing anyone. If random person from internet stumbleupon to the site and enters their credentials, it’s none of my business.

I’m stunned that it was the decision was reversed that fast I guess I got lucky?