RDSII64 4 Posted March 26, 2021 Share Posted March 26, 2021 I found the following when I went to log into my server to watch a movie. "Deceptive site ahead Attackers on (my site name) may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards). Learn more" I used the link to report that my site has been flagged in error. What might have caused this and how can I fix it? 1 Link to comment Share on other sites More sharing options...
denz 426 Posted March 26, 2021 Share Posted March 26, 2021 It sounds like you don't have a valid ssl certificate. Link to comment Share on other sites More sharing options...
RDSII64 4 Posted March 26, 2021 Author Share Posted March 26, 2021 (edited) 14 minutes ago, denz said: It sounds like you don't have a valid ssl certificate. I will have to check. I use cloudflair for my reverse proxy. I thought mine was set to auto renew. Thanks for the tip. Edited March 26, 2021 by RDSII64 Link to comment Share on other sites More sharing options...
Guest Posted March 26, 2021 Share Posted March 26, 2021 (edited) It can also be your domain name.. If you are using a free domain which isn't paid for.. Other sites that have also used it.. I will give an example.. This happened to me around 2002 - 2005 maybe even 2007.. My No-IP Domain was 0ofu.zapto,org and 0ofu.no-ip.net... i had to append a port number if it differed because of the free service available at the time.. Other site addresses were somewierdsite.zapto.org and somewierdsite.no-ip.net... or even someothersite.sytes.net... This even effected my fathers business website which I wrote for him in effort help a dying business, in a struggling economy. When we started Web Access protection.. some of these people manually reported entire sets (hundreds of thousands) of websites as being malicious because of the way the free addresses were written.. When they reported one sites that actually was hosting a malicious file or they did not understand what was going on on the page.. even programmatic and system issues.. So the same thing started happening to me when I browsed to my site.. I got security software warnings nd people never trusted even going to my personal website which held no circumventions/drive-by downloads.. or content available for public consumption.. Edited March 26, 2021 by Guest Link to comment Share on other sites More sharing options...
RDSII64 4 Posted March 26, 2021 Author Share Posted March 26, 2021 3 minutes ago, Hxemby001 said: It can also be your domain name.. If you are using a free domain which isn't paid for.. Other sites that have also used it.. I will give an example.. This happened to me around 2002 - 2005 maybe even 2007.. My No-IP Domain was 0ofu.zapto,org and 0ofu.no-ip.net... i had to append a port number if it differed because of the free service available at the time.. When we started Web Access protection.. some of these people manually reported entire sets (hundreds of thousands) of websites as being malicious because of the way the free addresses were written.. When they reported one sites that actually was hosting a malicious file or they did not understand what was going on on the page.. even programmatic and system issues.. So the same thing started happening to me when I browsed to my site.. I got security software warnings nd people never trusted even going to my personal website which held no circumventions/drive-by downloads.. or content available for public consumption.. I pay $10.00 a year from google for mine. My domain name is still worth looking into though. Thanks for the help. 1 Link to comment Share on other sites More sharing options...
RDSII64 4 Posted March 26, 2021 Author Share Posted March 26, 2021 I have opened a support ticket with cloudflair. Hopefully I will have some help soon. Link to comment Share on other sites More sharing options...
Luke 37155 Posted March 26, 2021 Share Posted March 26, 2021 Let us know how you get on. Thanks. 1 Link to comment Share on other sites More sharing options...
SuperMinecraftKid 5 Posted December 26, 2022 Share Posted December 26, 2022 (edited) I'm now getting the same issue. I use cloudflare to proxy my emby server, and now when I go to https://emby.<mydomain> in Microsoft Edge, I get a red screen saying "This site has been reported as unsafe". I pay yearly for my domain on namecheap, and I've had no issues with it for the past year or two. I've only just noticed this warning page showing up within the past month. My SSL certificate is valid, and I have many other subdomains on this domain which are also proxied by cloudflare that aren't marked as deceptive or unsafe. Only my emby subdomain. Has anyone been able to resolve this yet? Edited December 28, 2022 by SuperMinecraftKid Link to comment Share on other sites More sharing options...
RDSII64 4 Posted December 27, 2022 Author Share Posted December 27, 2022 7 hours ago, SuperMinecraftKid said: I'm now getting the same issue. I use cloudflare to proxy my emby server, and now when I go to https://emby.<mydomain> in Microsoft Edge, I get a red screen saying my "This site has been reported as unsafe". I pay yearly for my domain on namecheap, and I've had no issues with it for the past year or two. I've only just noticed this warning page showing up within the past month. My SSL certificate is valid, and I have many other subdomains on this domain which are also proxied by cloudflare that aren't marked as deceptive or unsafe. Only my emby subdomain. Has anyone been able to resolve this yet? I opened up a support ticket with cloud flair and if I remember correctly, I even contacted Google (that who I pay yearly for my sight name). Its been a while so I don't remember how we solved this issue but it had something to do with web scrapers In my case. Contact Namecheap and see what help they can provide after you open a support ticket with cloudflair. Link to comment Share on other sites More sharing options...
WidowMaker99 0 Posted February 20, 2023 Share Posted February 20, 2023 I bought a domain from google pointed it towards ip address of my home emby server 12 hours later my domain has the same deceptive google warning on it not sure why i wonder if the log in screen of emby makes google freak out… Link to comment Share on other sites More sharing options...
budokaiman 3 Posted March 4, 2023 Share Posted March 4, 2023 This definitely seems related to the login page as the only URLs that seem to get flagged are the login page and redirects https://DOMAIN/emby https://DOMAIN/emby/web/index.html https://DOMAIN/emby/web/index.html#!/startup/manuallogin.html?serverId=SERVER_ID I've checked 3rd party requests made when navigating to the base page and only see 2 requests made to gstatic.com (which is a google domain) and then a serviceworker.js script (which seems to actually be internal as the request URL matches my domain, but it shows up as a 3rd party request). I've also setup a completely isolated domain just for an emby instance and it got flagged within 24 hours, so I know that it's not some unrelated app on the site. I know there is also this thread, which I've commented in, don't want to duplicate things across threads, but both of these seem to have different activity across different boards, so leaving it here as well. I did also find this thread, which says that it could be due to an external resource loaded by a plugin, but I wouldn't think that any plugins or external resources should be loaded on the login page. I'd love to believe that this is just a google error, but the frequency at which I've been blocked due to emby makes me question if there's something actually worth concern. I know the other thread says to use cloudflare, but that's really not an option for me and based on this thread, I doubt it would really help too much. I know the main app.emby.media login page functions differently than self-hosted version due to using emby connect, could there be some difference that prevents flagging? @RDSII64Do you remember how you got in contact with google? Was it just through domain name support or was there some separate support for these search console errors (I've been unable to find much in the way of search console support and I'm not running this domain through a google domain)? You say it had something to do with scrapers, I have all robotags off so that I shouldn't appear in search results anyway. Link to comment Share on other sites More sharing options...
GrimReaper 3321 Posted March 4, 2023 Share Posted March 4, 2023 4 minutes ago, budokaiman said: I know the main app.emby.media login page functions differently than self-hosted version due to using emby connect Nope, you don't have to connect through Emby Connect with hosted Web app, you can connect via IP/domain just as well, Connect is an optional feature, both for linking users on your server and connecting through hosted Web app. 1 Link to comment Share on other sites More sharing options...
budokaiman 3 Posted March 4, 2023 Share Posted March 4, 2023 Ah, sorry I thought that was all part of connect. Link to comment Share on other sites More sharing options...
GrimReaper 3321 Posted March 4, 2023 Share Posted March 4, 2023 9 minutes ago, budokaiman said: Ah, sorry I thought that was all part of connect. Yeah, happens quite often as login with Connect credentials is landing page for app.emby.media. If you skip that one, it'll take you to manual login page where you can input your IP/domain and port, like other client apps Link to comment Share on other sites More sharing options...
budokaiman 3 Posted March 4, 2023 Share Posted March 4, 2023 I decided to do a diff of my emby data and the data of a freshly built docker container, and I don't see anything of value (It's mostly the obvious things like caches, episode/metadata, plugins, logs. There was a diff in the cache/httpclient but the only changes were download count numbers). So I think I can safely say that all files are unmodified from what they are intended to be (I did also clean out the ephemeral storage of my existing instance the other day before the re-flag). Link to comment Share on other sites More sharing options...
lucian.pearce 0 Posted March 8, 2023 Share Posted March 8, 2023 Did anyone find a solution to this issue I got it reviewed a couple weeks ago but now it back this block every other site that is relate to the domain as well as home is a subdomain Here is a sample of URLs from your site where we detected social engineering content: http://home.mydomain[.]net/web/ http://home.mydomain[.]net/ Link to comment Share on other sites More sharing options...
BillybobBilly 14 Posted March 15, 2023 Share Posted March 15, 2023 Jumping on the bandwagon here. My site is also being marked as dangerous/deceptive. Any solution/workaround to this issue? Link to comment Share on other sites More sharing options...
letterman 34 Posted March 15, 2023 Share Posted March 15, 2023 Same to me. Today my site with emby server got flagged as dangerous/deceptive, too. Used it for years without problems, always with trusted let's encrypt certificate. I changed nothing. Hope there is a solution. What did change? Link to comment Share on other sites More sharing options...
pwhodges 1534 Posted March 15, 2023 Share Posted March 15, 2023 (edited) Presumably the detection changed. Aside from that, I believe one thing that's looked for is a site having a front page which is the same as other different sites; naturally a login page for the same software (Emby in our case) will do this. Maybe a way of customising the login page could be a means of side-stepping this check. Perhaps adding some personal CSS to the login page might help? Paul Edited March 15, 2023 by pwhodges 1 Link to comment Share on other sites More sharing options...
letterman 34 Posted March 17, 2023 Share Posted March 17, 2023 On the deceptive site ahead warning page is a possiblity to give feedback. I reported it as a private media player site for my family. 3 houres later the warning was gone. Nevertheless the detection seems to be changed. I do not have a special front page. All standard emby config. Link to comment Share on other sites More sharing options...
rbjtech 4304 Posted March 17, 2023 Share Posted March 17, 2023 I presume nobody using reverse proxies is having this issues - suggesting it's an Emby Web Server 'issue' that google have. Any views from the Core Dev's ? @Luke @ebr Link to comment Share on other sites More sharing options...
Q-Droid 657 Posted March 17, 2023 Share Posted March 17, 2023 1 hour ago, rbjtech said: I presume nobody using reverse proxies is having this issues - suggesting it's an Emby Web Server 'issue' that google have. Any views from the Core Dev's ? @Luke @ebr Per this other thread it doesn't make a difference. 1 Link to comment Share on other sites More sharing options...
rbjtech 4304 Posted March 17, 2023 Share Posted March 17, 2023 (edited) 53 minutes ago, Q-Droid said: Per this other thread it doesn't make a difference. Ah ok - so maybe it's a vulnerabilities issue on the sites. It would be interesting to see what score they get on something like ssllabs/qualys - https://www.ssllabs.com/ssltest/index.html edit .. maybe emby.media wanna try to improve things as well while they are looking (capped to B as they still support TLS 1.0/1.1) .. Edited March 17, 2023 by rbjtech Link to comment Share on other sites More sharing options...
budokaiman 3 Posted March 17, 2023 Share Posted March 17, 2023 Quote Ah ok - so maybe it's a vulnerabilities issue on the sites. It would be interesting to see what score they get on something like ssllabs/qualys I get an A rating on my site, only knock is not supporting DNS CAA. I've since switched emby to a separate domain name, and leave everything else I have on the same domain, which is being served the same way as emby. Only the emby domain has been flagged. Link to comment Share on other sites More sharing options...
rbjtech 4304 Posted March 17, 2023 Share Posted March 17, 2023 3 minutes ago, budokaiman said: I get an A rating on my site, only knock is not supporting DNS CAA. I've since switched emby to a separate domain name, and leave everything else I have on the same domain, which is being served the same way as emby. Only the emby domain has been flagged. Right ok - thanks - so probably not this then. Shame google can give a more descriptive reason for the flag. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now