Google keeps marking my Emby domain as a deceptive/phishing site.

[Nebarik 7]

My current setup with specific details obscured.

Emby docker install running on Linux behind a nginx reverse proxy with ssl on my domain:
https://embysubdomain.mydomain.id.au/ (not my real link but go with me)

As mentioned this is a Nginx reverse proxy that uses a valid and up to date let's enecrypt SSL cert, loading Emby which is running in docker on the default port. 

Every few months or so Google will flag my Emby subdomain as being dangerous in Chrome (and any other browser that uses the same database). My other subdomains on the same domain are unaffected (eg https://sonarr.mydomain.id.au/). In the Google search console it claims it's a phishing site for logins or has been reported as downloading malicious files. I can click "issues resolved" and a few hours later it clears and the domain is "safe" again. But whats actually causing this? My best guess is Emby's landing page is a login page and Google is freaking out about it. 

In Emby's logs there's no mass incorrect logins. Just successful ones from me and my users (with the very rare incorrect password sometimes). And I don't have malcious files, just the usual movies etc. 

Has anyone run into this before? Any tips on how to prevent Google from hassling me? Some sort of robots.txt or hide the login page behind a differnt landing page?

[Luke 37008]

@pir8radio has this happened to you before?

[Nebarik 7]

I checked out pi8radio's cloudflare settings (something ive messed with before and gave up on when I ran into problems with chromecast). 

Giving those a try and so far my browsing speed has increased. But the Google issue only happens once every several months so I guess we'll see if its a two stones one bird situation or not. 

[pir8radio 1292]

On 11/25/2021 at 10:18 PM, Luke said:

@pir8radio has this happened to you before?

i have not. 

[Luke 37008]

@Nebarik has this helped?

[Nebarik 7]

It's now behind Cloudflare cache with pir8radio's settings. 
The issue only happens once every several Months, so we're going to have to wait and see. I'll get back to you in like 6 months at the best case, less if it happens again. 

[Luke 37008]

Ok great, thanks.

[TheKamakaZi 15]

This just happened to me for the first time. Here are the details from the Google report:

Description

These pages attempt to trick users into doing something dangerous, such as installing unwanted software or revealing personal information. Learn more

Sample URLs

https://redacted.tld/

https://redacted.tld/web

https://redacted.tld/web/

https://redacted.tld/web/index.html

[Nebarik 7]

For the record. I haven't experienced a reoccurance since switching to a CloudFlare setup. That seems to help. 

[Mutex001 1]

Good to know!   Google also does this to me about once per year.   (third time just happened)

Edited September 11, 2022 by Mutex001

[shadowfire36 0]

is there a fix for this, i have been getting this starting a few days ago 

[Luke 37008]

7 hours ago, shadowfire36 said:

is there a fix for this, i have been getting this starting a few days ago 

If you're on Cloudfare like many of the others here, then I would suggest taking a look at this:

 

[adamrussak 2]

Hi,

This is happening to me as well,

My setup is using no-ip (ddns)

And traefik as my local proxy.

 

*I'm am running this setup for over 4 years now, s d the issue started in the last 6 months

[Chris221221 0]

I just got this issue 2 days ago. Nothing has changed in my system other then the certificate from Let's Encrypt ran through Certify the Web. Any help would be greatly appreciated.

 

Edit: I am not on cloudflare due to the issues with the free accounts.

Edited September 28, 2022 by Chris221221

[Q-Droid 634]

This is more of a guess than anything but maybe trying to stop the Google bots can help. If you're behind a reverse proxy then setting the X-Robots-Tag response header would keep Google from indexing and crawling the site. I think the syntax below is correct for each for but check to be sure.

nginx:
add_header X-Robots-Tag "none" always;

Caddy:
header {
    X-Robots-Tag none
}

traefik:
headers:
        customResponseHeaders:
          X-Robots-Tag: "none"
or
  - "traefik.http.middlewares.testHeader.headers.customresponseheaders.X-Robots-Tag=none"

Apache:
Header always set X-Robots-Tag "none"

HAproxy:
   http-response add-header X-Robots-Tag none
 

[adamrussak 2]

4 hours ago, Chris221221 said:

I just got this issue 2 days ago. Nothing has changed in my system other then the certificate from Let's Encrypt ran through Certify the Web. Any help would be greatly appreciated.

 

Edit: I am not on cloudflare due to the issues with the free accounts.

I'm with let's encrypt as well..

[Luke 37008]

Are you accessing the server via ip address, or domain name?

[adamrussak 2]

Domain (ddns Domain)

[shakey555 1]

Eagerly waiting any progress on this, I too have the same problem

[budokaiman 3]

I've also been getting this issue regularly. I've had my x-robots-tag set up across the domain for a while as well, and google just doesn't seem to care. Is there a way to disable the browser suggested download the of the emby app? I'm curious if that's causing problems.

Edited October 27, 2022 by budokaiman

[feerlessleadr 154]

This also just happened to me. I'm not running through cloudflare, as I would prefer not to. On top of that, it looks like because my emby site was flagged by Google, my domain registrar threatened to suspend my account. I had to send a number of very strongly worded emails to get them to back down. Of course Google is no help whatsoever in fixing this.

[pragmatick 0]

I'm having the same problem. I'll probably remove the subdomain and move it to a path (e.g. bla.domain.com/emby instead of emby.bla.domain.com) but it's been a hassle and I was kinda wary having to identify myself as the domain owner to google in order to find out what's the issue.

I have a lot of other subdomains which require a login and none has triggered this.

Edited February 28, 2023 by pragmatick

[budokaiman 3]

Moving to a path won't resolve it, you'd have to move to an entirely separate domain as google is blocking at the domain level (so if they block bla.domain.com because of /emby, subdomains will get blocked too).

This issue just happened to me again yesterday, for a while google wasn't throwing a tantrum then out of nowhere blocked it again. Is there some update to the emby frontend that we can't control that's going out and could be causing these flags?

[Nebarik 7]

For the record. Ever since I started to use Cloudflare this issue has never come back again.

Barring another solution, that's what I'd recommend. 

[spipe 1]

Just had my domain flagged giving me the same error. I am running my DNS through cloudflare as well, so I dont believe that is the fix.