Just adding my experience here. I operate https://snipettemag.com, but the admin is hosted on a members
subdomain which isn’t actively promoted anywhere. Despite that, the domain has been flagged twice by Google’s robots.
The first time, I filed a review request on the search console detailing the security situation (nobody logged in) and also explaining that YunoHost login pages look the same and that doesn’t mean we’re phishing. I also did a “report false flagging” (or whatever the option’s called) from the scary red page itself, again explaining that YunoHost login pages aren’t phishing (and comparing it to Mastodon). I asked a couple of other users to report it as well, and it went away after a few days.
The next time, another user and I did the “report false flagging” with a more strongly worded “we are not even trying to phish and this is the second time, stop messing with us” message. Later that day, I signed in to the search console but by the time I wrote out a review request it had already been un-flagged. (I was annoyed that the request wasn’t even going through; then I realised it was because the flag had been withdrawn so there was nothing to request for).
It’s still annoying though, and if anyone wants to do a hashtag campaign I’m in. (Ditto for the class action, but perhaps with a bit more thought!)
For reference, here’s the first review request I wrote. Please don’t copy it verbatim because I don’t know how Google will like that, but feel free to modify/rephrase it for your own context.
Full review request filed by me to Google
All SSL certificates have been updated recently. Since the security alert from Google Search Console did not provide any specific affected URL, we went through the homepage and last 4 published pages (i.e. all pages from the last 1 month) and could not find any misleading, deceptive, or harmful content. The last 4 published pages include links to the following 17 domains, none of which we found to be deceptive or harmful: academia.edu, avi-loeb.medium.com, lweb.cfa.harvard.edu, theatlantic.com, globalnews.ca, chernobylguide.com, livescience.com, preview.discovermagazine.com, theworldcounts.com, usatoday.com, flatcreekinn.com, arstechnica.com, time.com, www.architectural-review.com, antoniomelonio.medium.com, theconversation.com, www.zmescience.com. We are self-hosting Ghost, YunoHost, Commento, and Goatcounter, all from official sources. Besides that, the only third-party embeds are to Google Fonts and Google Forms. We are assuming neither of those two services have been compromised. One page published on March 2022 has embeds from the Desmos online calculator (https://desmos.com) but the Desmos logo is clearly visible. We verified that the embeds are not looking significantly different from when the page was originally published. If there are any other issues that we missed we would be happy to rectify them.
(Okay, having found and re-read it it’s a lot different than I expected and more like just a bunch of links the second report was more focused on “this is YunoHost and you can’t accuse all YunoHost installations of spam” but unfortunately that’s the one where the filing failed and I didn’t save it! Note that I am usually very meticulous about these things and you might not have to go into as much detail as I did).