nonyhaha 4 Posted March 26, 2023 Share Posted March 26, 2023 Just an update on my side. After 2 days of being free of deceptive site warnings, my dinamic dns provider - dynu.com - dropped support for all my domains redirects. My domain names do not get resolved anymore and i cant reach my server from outside of my home network. While submitting a ticket with dynu they asked me about the google search console messages about my servers. This is awful. Is there anyway to find out what is generating the initial issue? I need to stop this because i am using multiple services behind my domain. 1 Link to comment Share on other sites More sharing options...
visproduction 124 Posted March 26, 2023 Share Posted March 26, 2023 Non, Have you seen this service at dynu? It looks like it might help. https://www.dynu.com/Resources/Tutorials/DynamicDNS/Advancedfeatures/How-To-Set-Up-DNSSEC Link to comment Share on other sites More sharing options...
nonyhaha 4 Posted March 26, 2023 Share Posted March 26, 2023 1 minute ago, visproduction said: Non, Have you seen this service at dynu? It looks like it might help. https://www.dynu.com/Resources/Tutorials/DynamicDNS/Advancedfeatures/How-To-Set-Up-DNSSEC Ill check that as soon as the maintanence is over at dynu. Link to comment Share on other sites More sharing options...
visproduction 124 Posted March 26, 2023 Share Posted March 26, 2023 (edited) Removed Edited March 26, 2023 by visproduction Link to comment Share on other sites More sharing options...
crusher11 857 Posted March 26, 2023 Share Posted March 26, 2023 On 3/17/2023 at 7:39 PM, rbjtech said: Ah ok - so maybe it's a vulnerabilities issue on the sites. It would be interesting to see what score they get on something like ssllabs/qualys - https://www.ssllabs.com/ssltest/index.html edit .. maybe emby.media wanna try to improve things as well while they are looking (capped to B as they still support TLS 1.0/1.1) .. I haven't had the flagged-as-deceptive issue but I just ran this on my server and got the same result, is there anything I can do about it? Link to comment Share on other sites More sharing options...
nonyhaha 4 Posted March 26, 2023 Share Posted March 26, 2023 54 minutes ago, visproduction said: Non, Have you seen this service at dynu? It looks like it might help. https://www.dynu.com/Resources/Tutorials/DynamicDNS/Advancedfeatures/How-To-Set-Up-DNSSEC I managed to buy a member account this morning, but I do not have the dnssec option available yet. I will wait until tomorrow morning to see if it will appear, otherwise ill submit another ticket Link to comment Share on other sites More sharing options...
pwhodges 1537 Posted March 26, 2023 Share Posted March 26, 2023 30 minutes ago, crusher11 said: I haven't had the flagged-as-deceptive issue but I just ran this on my server and got the same result, is there anything I can do about it? See what's keeping the result down to B and use reverse proxy settings to change it (e.g. forbidding TLS1.0/1.1). If you're using Emby's SSL without a reverse proxy, then it's down to Emby to change (I don't know if they need to, though). Paul Link to comment Share on other sites More sharing options...
crusher11 857 Posted March 26, 2023 Share Posted March 26, 2023 1 minute ago, pwhodges said: See what's keeping the result down to B and use reverse proxy settings to change it (e.g. forbidding TLS1.0/1.1). If you're using Emby's SSL without a reverse proxy, then it's down to Emby to change (I don't know if they need to, though). Paul Like I said, it's exactly the same result: B due to TLS. So it's an NGINX setting somewhere? Link to comment Share on other sites More sharing options...
pwhodges 1537 Posted March 26, 2023 Share Posted March 26, 2023 (edited) Sure to be - but I use Caddy https://ixnfo.com/en/how-to-disable-tls-1-0-and-tls-1-1-in-nginx.html Incidentally, Caddy no longer even allows TLS older than 1.2 to be enabled! (Though if you sponsor them with enough money you could probably get them to set up a personal fork for you with the code re-included.) Paul Edited March 26, 2023 by pwhodges Link to comment Share on other sites More sharing options...
crusher11 857 Posted March 26, 2023 Share Posted March 26, 2023 1 hour ago, pwhodges said: Sure to be - but I use Caddy https://ixnfo.com/en/how-to-disable-tls-1-0-and-tls-1-1-in-nginx.html Incidentally, Caddy no longer even allows TLS older than 1.2 to be enabled! (Though if you sponsor them with enough money you could probably get them to set up a personal fork for you with the code re-included.) Paul Ironically, I can't see that link because the secure connection failed. Link to comment Share on other sites More sharing options...
crusher11 857 Posted March 26, 2023 Share Posted March 26, 2023 Well I fixed that up, but now I'm apparently missing a DNS CAA, and I have no idea what to enter for that. Link to comment Share on other sites More sharing options...
pwhodges 1537 Posted March 26, 2023 Share Posted March 26, 2023 (edited) That's not essential as far as I can see; but if it affects your score, then why not? You can add a CAA record to your DNS entries, which specifies what certificate authority is allowed to issue your certificates, and thus prevents any other CA from issuing one; I have one which says my certificates only come from LetsEncrypt.com |(but I don't remember specifying it - maybe I did it to get my score up! Ah, well...). Paul https://letsencrypt.org/docs/caa/ Edited March 26, 2023 by pwhodges Link to comment Share on other sites More sharing options...
crusher11 857 Posted March 26, 2023 Share Posted March 26, 2023 30 minutes ago, pwhodges said: That's not essential as far as I can see; but if it affects your score, then why not? You can add a CAA record to your DNS entries, which specifies what certificate authority is allowed to issue your certificates, and thus prevents any other CA from issuing one; I have one which says my certificates only come from LetsEncrypt.com |(but I don't remember specifying it - maybe I did it to get my score up! Ah, well...). Paul https://letsencrypt.org/docs/caa/ My certificate just comes from CloudFlare, though...you'd think they'd handle that themselves. Link to comment Share on other sites More sharing options...
pwhodges 1537 Posted March 26, 2023 Share Posted March 26, 2023 This record is in your DNS - where is that held? Paul Link to comment Share on other sites More sharing options...
crusher11 857 Posted March 27, 2023 Share Posted March 27, 2023 8 hours ago, pwhodges said: This record is in your DNS - where is that held? Paul I know how to add a CAA in CloudFlare, I just don't know what to enter into the fields. Link to comment Share on other sites More sharing options...
pwhodges 1537 Posted March 27, 2023 Share Posted March 27, 2023 I'm sure that CloudFlare will document that (as LetsEncrypt do in the link I gave). Obviously it needs to be correct, or certificate renewal will fail. Paul Link to comment Share on other sites More sharing options...
crusher11 857 Posted March 27, 2023 Share Posted March 27, 2023 CloudFlare implies it's done, but hidden: https://developers.cloudflare.com/ssl/edge-certificates/custom-certificates/caa-records#caa-records-added-by-cloudflare But I have no idea how to run that dig thing, and that testing site is flagging it as an issue. Link to comment Share on other sites More sharing options...
cypher0117 4 Posted March 27, 2023 Share Posted March 27, 2023 Not having your DNA CAA specified doesn't appear to affect the score of the SSL test. Mines not specified, but I get an A+ from that SSL test link. Link to comment Share on other sites More sharing options...
TheKamakaZi 15 Posted April 8, 2023 Share Posted April 8, 2023 (edited) So I've done the boring thing and read through Google's definitions of deceptive sites, recommendations, etc, and I believe I may have figured out the crux of the issue. They think we're all imitating Emby! Well, emby.media, or app.emby.media, but you get my point. There's no concrete evidence of this, but simply looking at the examples, it seems that all our instances share strings, images (logos), and login patterns. As Emby has become an established entity in media streaming, it seems natural for those of lesser moral fibre to imitate its looks and logins in an effort to gain access. @Luke@pir8radioWould it be at all possible to customise the look and feel of the UI, even as a once off test to see if this satisfies the Google god? Edited April 8, 2023 by TheKamakaZi 1 Link to comment Share on other sites More sharing options...
AmIBeingObtuse 2 Posted April 11, 2023 Share Posted April 11, 2023 (edited) On 24/03/2023 at 17:12, Luke said: I think what we'll do is just remove those from the built-in web app. Will these changes occur in a beta? How fast will this be implemented. Thanks for the response to all this. @Luke Edited April 11, 2023 by AmIBeingObtuse Tagged admin Link to comment Share on other sites More sharing options...
Luke 37179 Posted April 11, 2023 Share Posted April 11, 2023 1 hour ago, AmIBeingObtuse said: Will these changes occur in a beta? How fast will this be implemented. Thanks for the response to all this. @Luke HI, yes this should be in soon. Thanks. Link to comment Share on other sites More sharing options...
zepx 1 Posted April 22, 2023 Share Posted April 22, 2023 @Luke Is there any update on this issue? Link to comment Share on other sites More sharing options...
Luke 37179 Posted April 22, 2023 Share Posted April 22, 2023 7 minutes ago, zepx said: @Luke Is there any update on this issue? The beta server has removed a number of things from the web app html that might have caused this. If you've already been flagged then you'll have to go through the process with google as mentioned above to get unflagged. Hopefully the changes will help prevent it from happening again. 1 Link to comment Share on other sites More sharing options...
indianaguy 2 Posted April 22, 2023 Share Posted April 22, 2023 (edited) My domains also been flagged. Not sure if this is what could be causing recent peoples connection problems or what? One user couldnt get connect to work so i gave them direct ip. worked for a day they went back to device and was logged out. They tried connecting again just to get a error:1408f10b:SSL routines:SSL3_get_record:wrong version number . Not sure if thats related to any of this stuff going on or not but everybody else seems to be connecting fine. Edited April 22, 2023 by indianaguy Link to comment Share on other sites More sharing options...
Luke 37179 Posted April 22, 2023 Share Posted April 22, 2023 59 minutes ago, indianaguy said: My domains also been flagged. Not sure if this is what could be causing recent peoples connection problems or what? One user couldnt get connect to work so i gave them direct ip. worked for a day they went back to device and was logged out. They tried connecting again just to get a error:1408f10b:SSL routines:SSL3_get_record:wrong version number . Not sure if thats related to any of this stuff going on or not but everybody else seems to be connecting fine. Hi, no, not related. The topic in this thread is related to using the built-in web app. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now