pwhodges 1538 Posted March 17, 2023 Share Posted March 17, 2023 10 hours ago, rbjtech said: I presume nobody using reverse proxies is having this issues - suggesting it's an Emby Web Server 'issue' that google have. I'm presuming they're (mainly?) looking at site content, in which case a reverse proxy would be irrelevant. Paul Link to comment Share on other sites More sharing options...
lharris 3 Posted March 17, 2023 Share Posted March 17, 2023 (edited) I was just flagged. I am running it behind caddy server. This is the second time now, first it was the whole domain, now it's just the subdomain for emby. IKD why this keeps happening. The Google search console says... Social Engineering? Huh? Edited March 17, 2023 by lharris Link to comment Share on other sites More sharing options...
sLIDez0rz 2 Posted March 18, 2023 Share Posted March 18, 2023 Got flagged yesterday. The worst part is that the whole domain is flagged not just Emby subdomain. 1 Link to comment Share on other sites More sharing options...
gillmacca01 150 Posted March 18, 2023 Share Posted March 18, 2023 I'm getting the same running through ddns 1 Link to comment Share on other sites More sharing options...
lharris 3 Posted March 19, 2023 Share Posted March 19, 2023 Does anyone else's Emby throw a 302 when you load it up? I think this is the problem, I am not sure how to deal with this. Link to comment Share on other sites More sharing options...
lharris 3 Posted March 19, 2023 Share Posted March 19, 2023 (edited) I can't edit my previous post for some reason... This forum software sometimes lets me do it and sometimes doesn't..... Any idea why Emby is throwing a 302? Could this be an issue with how my reverse proxy is setup? Edited March 19, 2023 by lharris Link to comment Share on other sites More sharing options...
Happy2Play 8340 Posted March 19, 2023 Share Posted March 19, 2023 Yes these topics are somewhat the same but please post in one or the other. Just like one can say why does Google Chrome report an issue, but Edge does not with your domain? @lharris Link to comment Share on other sites More sharing options...
sLIDez0rz 2 Posted March 19, 2023 Share Posted March 19, 2023 2 minutes ago, Happy2Play said: Just like one can say why does Google Chrome report an issue, but Edge does not with your domain? @lharris They just use different sources for what sites are considered malicious. For the 1st day I could access on Edge, Opera without problems still, then Opera followed Chrome Link to comment Share on other sites More sharing options...
Happy2Play 8340 Posted March 19, 2023 Share Posted March 19, 2023 Unless it is just a matter of time for all users to see this or their overall browser usage but can say I haven't seen this on my domain yet. But primarily all remote my users use specific clients and not browser. Link to comment Share on other sites More sharing options...
lharris 3 Posted March 19, 2023 Share Posted March 19, 2023 30 minutes ago, Happy2Play said: Yes these topics are somewhat the same but please post in one or the other. Just like one can say why does Google Chrome report an issue, but Edge does not with your domain? @lharris @Happy2Playmy apologies, I have only been posting in the other thread because it seems like actual technical discussion is happening there vs here. This is def a combined problem. People on Reddit have also reported it. Anyway to merge these topics to a general forum? Though I'd know where. There's something google is not liking and I think it's platform independent. Also VirusTotal has 5 other providers that says my site is malicious, it starts off with Google flagging it and then the other providers likely just gleam off that data and then do a crap job of clearing... I've opened tickets with one of them and got no where. Link to comment Share on other sites More sharing options...
Happy2Play 8340 Posted March 19, 2023 Share Posted March 19, 2023 18 minutes ago, lharris said: @Happy2Playmy apologies, I have only been posting in the other thread because it seems like actual technical discussion is happening there vs here. This is def a combined problem. People on Reddit have also reported it. Anyway to merge these topics to a general forum? Though I'd know where. There's something google is not liking and I think it's platform independent. Also VirusTotal has 5 other providers that says my site is malicious, it starts off with Google flagging it and then the other providers likely just gleam off that data and then do a crap job of clearing... I've opened tickets with one of them and got no where. Guess it comes back to why some are getting flagged and others not. As checking your domain yes shows result as it has been flagged but checking mine shows clean as it has not been flagged yet. I am not using a reverse proxy though. Really don't know much on this. Is it something to do with caching? But will guess this will/could evolve into a bigger everyone issue. But the experts on this will have to comment futther. headers Spoiler Yours Headers Content-Length 3872 Alt-Svc h3=":443"; ma=2592000 Accept-Ranges bytes Server Caddy, UPnP/1.0 DLNADOC/1.50 Access-Control-Allow-Methods GET, POST, PUT, DELETE, PATCH, OPTIONS Date Sun, 19 Mar 2023 19:38:20 GMT Access-Control-Allow-Private-Network true Access-Control-Allow-Origin * Access-Control-Allow-Headers Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, Want-Digest, X-MediaBrowser-Token, X-Emby-Token, X-Emby-Client, X-Emby-Client-Version, X-Emby-Device-Id, X-Emby-Device-Name, X-Emby-Authorization Content-Type text/html; charset=UTF-8 Mine Headers Content-Length 3878 Access-Control-Allow-Headers Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, Want-Digest Accept-Ranges bytes Expires -1 Server UPnP/1.0 DLNADOC/1.50 ETag "9bfacfc9d7bf5756e109c89b467cdfc2" Pragma no-cache, no-store, must-revalidate Cache-Control no-cache, no-store, must-revalidate Date Sun, 19 Mar 2023 19:50:19 GMT Access-Control-Allow-Private-Network true Access-Control-Allow-Origin * Access-Control-Allow-Methods GET, POST, PUT, DELETE, PATCH, OPTIONS Content-Type text/html; charset=UTF-8 Link to comment Share on other sites More sharing options...
nonyhaha 4 Posted March 20, 2023 Share Posted March 20, 2023 Hello, Just posting here to keep track. I have also been flagged a few days ago, on Friday. I have been running emby server for years behind haproxy with https access only, certificate from letsencrypt. Now all my other services display the same warning, and I have problems connecting with other apps, like home assistant from outside home network. I have submitted a request on google search console and also a message on main warning page. Link to comment Share on other sites More sharing options...
SenatorIvy 12 Posted March 20, 2023 Share Posted March 20, 2023 Same thing happened to me this weekend. Finally got around to taking a look at it and figured it was a case of "oh just need to do a reverse proxy finally" but I guess it's doing it to those as well? I reported it as false in the meantime and added the description that it was my personal media server as a user above had also done. It was unflagged in minutes. Link to comment Share on other sites More sharing options...
sLIDez0rz 2 Posted March 20, 2023 Share Posted March 20, 2023 (edited) Got unflagged today, took them 3 days. Submitted review through Google Search Console and mention that it's a private media server that uses free software that is used by many users. In my case also a installation of Picoshare on a different subdomain got flagged at the same time. Edited March 20, 2023 by sLIDez0rz 1 Link to comment Share on other sites More sharing options...
Quicksand Jesus 1 Posted March 20, 2023 Share Posted March 20, 2023 I was just flagged as well. I've submitted a request to Google. We shall see. Very strange.... 1 Link to comment Share on other sites More sharing options...
marlon006 1 Posted March 23, 2023 Share Posted March 23, 2023 (edited) I for one was not affected while using Haproxy with Pfsense, but my friend has also got flagged. He uses Nginxproxymanager, however he has the same deceptive site ahead on more of his proxies. Also Unraid and Authelia were affected according to the Google cloud console. It first started last week only on Emby, but after trial and error, more websites have been flagged by chrome. We for instance tried swapping domains and prohibiting crawlers in his proxy(nginxproxymanager) (which might not have been correct, but it certainly did not prevent the problem). Edited March 23, 2023 by marlon006 spelling and interpunction Link to comment Share on other sites More sharing options...
Douglas_D 0 Posted March 23, 2023 Share Posted March 23, 2023 Another data point. I was flagged yesterday and am waiting for a review from Google. As a Reddit post suggested, I tried altering the index.html metadata... no idea if that will do anything though to the bots. Link to comment Share on other sites More sharing options...
Luke 37191 Posted March 23, 2023 Share Posted March 23, 2023 1 minute ago, Douglas_D said: Another data point. I was flagged yesterday and am waiting for a review from Google. As a Reddit post suggested, I tried altering the index.html metadata... no idea if that will do anything though to the bots. What changes did you make? Link to comment Share on other sites More sharing options...
Douglas_D 0 Posted March 23, 2023 Share Posted March 23, 2023 (edited) 52 minutes ago, Luke said: What changes did you make? I feel like I'm kind of throwing darts at the board to see what sticks at this point. Who knows if it will make any difference when reviewed. I did it based on this comment on Reddit that who knows if it has any basis in reality: Reddit Link I'd copy this in as html code, but it strips out my change indications (bold/underlined) Quote <meta name="description" content="My Server"> <meta name="format-detection" content="telephone=no"> <meta name="msapplication-tap-highlight" content="no"> <meta http-equiv="X-UA-Compatibility" content="IE=Edge"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="mobile-web-app-capable" content="yes"> <meta name="application-name" content="My Media"> <meta name="robots" content="noindex, nofollow, noarchive"> <meta property="og:title" content="My Media"> <meta property="og:site_name" content="My Media"> <meta property="og:url" content="https://my.url.com"> Also to note, I already had a reverse proxy setup through SWAG and setup Emby to use nginx to handle the secure connection mode. Not sure if that means Emby isn't using 302 redirects, but I couldn't detect any when I looked at the network tab in Chrome developer tools. Edited March 23, 2023 by Douglas_D Link to comment Share on other sites More sharing options...
Quicksand Jesus 1 Posted March 23, 2023 Share Posted March 23, 2023 Mine is restored from Google. I removed the non-SSL ports from public access and changed the standard HTTPS port to a custom port. It seems to be good so far. Link to comment Share on other sites More sharing options...
Douglas_D 0 Posted March 24, 2023 Share Posted March 24, 2023 (edited) Google unflagged all sites on my domain except Emby Doesn't look like I have http 8096 open to the public, so not sure if that is playing a part of it? My reverse proxy did have the following line as I was messing with the ability to have Emby load as a sub-page within something like Organizr, but just commented it out and am going to ask for another review to see if that does anything. add_header X-Frame-Options "ALLOW-FROM Douglas_Ds_domain.com"; Edited March 24, 2023 by Douglas_D Link to comment Share on other sites More sharing options...
visproduction 124 Posted March 24, 2023 Share Posted March 24, 2023 (edited) Related post: Reddit forum deceptive site issue Emby Quote kapilmahawar ·15 days ago·edited 15 days ago I solved this by changing metatags of index.html, error gone within a day. I also waited for almost 2months for error to go away but despite continuously reporting nothing happened. So then I tried changing meta tags. Path to file - /opt/emby-server/system# cd dashboard-ui/index.html <meta name="description" content="XXXXXServer"> <meta name="application-name" content="XXXXX"> <meta property="og:title" content="XXXXX"> <meta property="og:site_name" content="XXXXX"> <meta property="og:url" content="https://XXXXXXXX"> these are the changes I have made. Fill out something different than emby. Hope that helps. Edited March 25, 2023 by visproduction 1 Link to comment Share on other sites More sharing options...
Luke 37191 Posted March 24, 2023 Share Posted March 24, 2023 26 minutes ago, visproduction said: Related post: Reddit forum dece[tive site issue Emby Hope that helps. I think what we'll do is just remove those from the built-in web app. 2 Link to comment Share on other sites More sharing options...
TMCsw 123 Posted March 24, 2023 Share Posted March 24, 2023 I deleted those entries and tested both local and remote connections work fine for me, although I've never been flagged so far . Link to comment Share on other sites More sharing options...
Luke 37191 Posted March 24, 2023 Share Posted March 24, 2023 58 minutes ago, TMCsw said: I deleted those entries and tested both local and remote connections work fine for me, although I've never been flagged so far . Yea I think what this all comes down to is it ends up looking like you are trying to impersonate Emby, and that's why this happens. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now