Google flags my sites as dangerous (Deceptive site ahead)



le topic est-il toujours ouvert ?
Je rencontre également ce soucis depuis qq jours (2 flags selon : Google + Seclookup)

Pour le moment, j’ai :

  • contester la classification dans le formulaire “report incorrect phising warning” ici, en pointant notamment ce thread pour appuyer la cause
  • mis une app par défaut sur le main domain dans la config yunohost

Avec espoir que aide :thinking:

 X-XSS-Protection 1; mode=block
Content-Security-Policy upgrade-insecure-requests
X-Content-Type-Options nosniff
X-Download-Options noopen
Transfer-Encoding chunked
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-SSO-WAT You've just been SSOed
Server nginx
Connection keep-alive
X-Permitted-Cross-Domain-Policies none
Cache-Control no-cache
Date Thu, 20 Apr 2023 10:52:50 GMT
X-Frame-Options SAMEORIGIN
Content-Type text/html
Permissions-Policy interest-cohort=() 

cc @Dev : je suis dispo pour mener qq tests si besoin ! :slight_smile:

J’ai essayé cette solution et… ca ne marche pas.

Par contre l’ajout d’une meta comme suggérer par JosepXavier dans l’index de la page semble fonctionner.

Something like this has not happened to me yet. And I have been using yunohost for a long time. Also their apps. Maybe, because I also use original domains. I have enough of them. If I wanted to install all in all still with subdomains that, I come loosely on up to three hundred pieces. I do not understand the users who do not buy one. Also to try. Then there would not be such problems in the first place.

I do not understand this at all. I have 20 domains running on my server under Yunohost, but I never had this before. I do not understand this. Because something like this has never happened to me.

1 Like

I also have over 20 domains and I have three more coming. But I never had this problem before. Just have to reset everything and now hopefully it will be even better. Maybe this is the penalty with all those who donate too little to yunohost :blush: :sweat_smile: :rofl: :wink:

Ich habe auch über 20 Domains und es kommen noch drei weitere dazu. Doch das Problem hatte ich noch nie. Muss nur alles neu aufsetzen und jetzt wird es hoffentlich noch besser. Vielleicht ist das die Strafe bei all denen, die zu wenig spenden an yunohost

1 Like

@Dr.Wily : j’ai reparcouru le thread, mais je ne vois pas à quoi tu fais allusion…
Est-ce que tu peux me pointer le post, stp ? :grimacing:

Hello, pour info :

  • Creation d’un compte sur Google Search Console
  • ajout du TXT fourni par Google dans mon DNS
  • contester le warning auprès de Google (ici)

… aura permis d’enlever le warning après qq jours !

Si la procédure permet de régler le pb, elle n’empeche qu’elle nécéssite de créer/avoir un compte Google. Dommage qd l’objectif est de se lancer dans l’auto-hebergement pour quitter les GAFAMS :frowning:

Est-ce qu’il n’y aurait pas une petite action à menée coté dev pour éviter cette situation ? :grimacing:

Yes même question, parce que copinage entre Google et certains navigateurs (firefox pour moi) qui se permettent de te lister deceptive et qui jouent le jeu des gafams c’est vraiment tout sauf neutre. Comme d’hab on prétexte la sécurité.

Guys and gals, please stick on English on this thread. :slight_smile:

The issue is that we have little-to-no information on what the problem actually is. Something in the way YunoHost is built has been caught in Google’s all mighty algorithm, but what? It is also difficult to decipher since some servers have never been flagged, some have been unflagged after one appeal, some are consistently flagged.


as mentioned before, I have neither a problem with google, nor under #discuss Yunohost. So I say such a small domain should be able to afford everyone. And then this spit is also over. Yunohost is banger and google does not interest me the bean. Therefore, this is really not a topic to boil hot. I agree with him @tituspijean

wie zuvor erwähnt, ich habe weder mit google ein Problem, und auch nicht unter #discuss #contribute-room Yunohost. Daher sage ich mal eine solche kleine Domain sollte sich jeder leisten können. Und dann ist auch diese Spuck vorbei. Yunohost ist Knaller und google interessiert mich nicht die Bohne. Daher ist das hier wirklich kein Thema zum heiß kochen.

Linux 6.1.11-meson64 #23.02.2 SMP PREEMPT Sat Feb 18 00:07:55 UTC 2023 aarch64
Machine : Odroid n2+
repo: stable
version: 11.1.19
repo: stable


I can confirm that the google red screen is getting worse and worse. It’s blocking more and more of my users.
I’ve noticed that :
*It blocks more with Firefox than Chromium
*With Firefox it works if you remove what’s after /sso/ in the url.
red screen
works fine

I’ve also, in the Firefox settings, deleted the certificates for domains starting with yuno… and I’ve deleted the coockies for sites starting with yuno…

Thanks for your help,
See you soon,

1 Like

A couple of times I reported my site being banned as a false positive once or twice and it would go away and then later happen again. Last time I did it though, I also blocked Googles crawler and the problem hasn’t come back in months.


I got the “Deceptive site” message. I activated the Search console yesterday. The report is now available but without useful information to debunk the issue. VirusTotal report is clean.

Is the release about SSO and may help ?

Is there any mechanism to validate that the running code is identical to the one installed by the packages ?


Your server is much probably not infected with any sort of virus or malware, you are simply witnessing megacorp’s AI (or whatever bullshit algorithm) mistakenly flagging your website, and they can’t even explain what’s the root cause of the issue (probably because there is none). Yet because they are megacorps, they control indirectly control the behavior of like 70% of web browsers on the planet, so you have to deal with their bullshit


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

(More examples of shitty Google Safe Browsing : Google marked as unsafe | Hacker News )


Hello all, I was wondering if there has been any update or reliable resolution to this problem. A few weeks ago, I attempted to point my domain to a new YunoHost server on DigitalOcean (with only Ghost installed), only to get my server flagged in this same way. I ended up quickly destroying the server and repointing the domains to my old Ghost server, so I don’t have the full information requested by devs at the top, but I was just curious before I tried again if any way to avoid or rectify this issue has emerged. Thank you!