My emby server has been flagged as a Deceptive site.

[pwhodges 1531]

10 hours ago, rbjtech said:

I presume nobody using reverse proxies is having this issues - suggesting it's an Emby Web Server 'issue' that google have.

I'm presuming they're (mainly?) looking at site content, in which case a reverse proxy would be irrelevant.

Paul

[lharris 3]

I was just flagged.  I am running it behind caddy server.  This is the second time now, first it was the whole domain, now it's just the subdomain for emby.  IKD why this keeps happening.

The Google search console says... Social Engineering?  Huh?

 

Edited March 17, 2023 by lharris

[sLIDez0rz 2]

Got flagged yesterday. The worst part is that the whole domain is flagged not just Emby subdomain.

[gillmacca01 150]

I'm getting the same running through ddns

[lharris 3]

Does anyone else's Emby throw a 302 when you load it up?  I think this is the problem,  I am not sure how to deal with this.

[lharris 3]

I can't edit my previous post for some reason... This forum software sometimes lets me do it and sometimes doesn't.....  

Any idea why Emby is throwing a 302?  Could this be an issue with how my reverse proxy is setup?

Edited March 19, 2023 by lharris

[Happy2Play 8282]

Yes these topics are somewhat the same but please post in one or the other.

Just like one can say why does Google Chrome report an issue, but Edge does not with your domain? @lharris

[sLIDez0rz 2]

2 minutes ago, Happy2Play said:

Just like one can say why does Google Chrome report an issue, but Edge does not with your domain? @lharris

They just use different sources for what sites are considered malicious. For the 1st day I could access on Edge, Opera without problems still, then Opera followed Chrome

[Happy2Play 8282]

Unless it is just a matter of time for all users to see this or their overall browser usage but can say I haven't seen this on my domain yet.  But primarily all remote my users use specific clients and not browser.

[lharris 3]

30 minutes ago, Happy2Play said:

Yes these topics are somewhat the same but please post in one or the other.

Just like one can say why does Google Chrome report an issue, but Edge does not with your domain? @lharris

@Happy2Playmy apologies, I have only been posting in the other thread because it seems like actual technical discussion is happening there vs here.   This is def a combined problem.  People on Reddit have also reported it.   Anyway to merge these topics to a general forum? Though I'd know where.  There's something google is not liking and I think it's platform independent.    

Also VirusTotal has 5 other providers that says my site is malicious, it starts off with Google flagging it and then the other providers likely just gleam off that data and then do a crap job of clearing... I've opened tickets with one of them and got no where.

[Happy2Play 8282]

18 minutes ago, lharris said:

@Happy2Playmy apologies, I have only been posting in the other thread because it seems like actual technical discussion is happening there vs here.   This is def a combined problem.  People on Reddit have also reported it.   Anyway to merge these topics to a general forum? Though I'd know where.  There's something google is not liking and I think it's platform independent.    

Also VirusTotal has 5 other providers that says my site is malicious, it starts off with Google flagging it and then the other providers likely just gleam off that data and then do a crap job of clearing... I've opened tickets with one of them and got no where.

Guess it comes back to why some are getting flagged and others not.  As checking your domain yes shows result as it has been flagged but checking mine shows clean as it has not been flagged yet.  I am not using a reverse proxy though.

Really don't know much on this.  Is it something to do with caching?  But will guess this will/could evolve into a bigger everyone issue.  But the experts on this will have to comment futther.

headers

Spoiler

Yours
Headers
Content-Length    3872
Alt-Svc    h3=":443"; ma=2592000
Accept-Ranges    bytes
Server    Caddy, UPnP/1.0 DLNADOC/1.50
Access-Control-Allow-Methods    GET, POST, PUT, DELETE, PATCH, OPTIONS
Date    Sun, 19 Mar 2023 19:38:20 GMT
Access-Control-Allow-Private-Network    true
Access-Control-Allow-Origin    *
Access-Control-Allow-Headers    Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, Want-Digest, X-MediaBrowser-Token, X-Emby-Token, X-Emby-Client, X-Emby-Client-Version, X-Emby-Device-Id, X-Emby-Device-Name, X-Emby-Authorization
Content-Type    text/html; charset=UTF-8

Mine
Headers
Content-Length    3878
Access-Control-Allow-Headers    Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, Want-Digest
Accept-Ranges    bytes
Expires    -1
Server    UPnP/1.0 DLNADOC/1.50
ETag    "9bfacfc9d7bf5756e109c89b467cdfc2"
Pragma    no-cache, no-store, must-revalidate
Cache-Control    no-cache, no-store, must-revalidate
Date    Sun, 19 Mar 2023 19:50:19 GMT
Access-Control-Allow-Private-Network    true
Access-Control-Allow-Origin    *
Access-Control-Allow-Methods    GET, POST, PUT, DELETE, PATCH, OPTIONS
Content-Type    text/html; charset=UTF-8

 

 

[nonyhaha 3]

Hello,

Just posting here to keep track. 

I have also been flagged a few days ago, on Friday. 

I have been running emby server for years behind haproxy with https access only, certificate from letsencrypt. 

Now all my other services display the same warning, and I have problems connecting with other apps, like home assistant from outside home network. 

I have submitted a request on google search console and also a message on main warning page. 

[SenatorIvy 12]

Same thing happened to me this weekend. Finally got around to taking a look at it and figured it was a case of "oh just need to do a reverse proxy finally" but I guess it's doing it to those as well? I reported it as false in the meantime and added the description that it was my personal media server as a user above had also done.  It was unflagged in minutes.

[sLIDez0rz 2]

Got unflagged today, took them 3 days. Submitted review through Google Search Console and mention that it's a private media server that uses free software that is used by many users. In my case also a installation of Picoshare on a different subdomain got flagged at the same time.

Edited March 20, 2023 by sLIDez0rz

[Quicksand Jesus 1]

I was just flagged as well. I've submitted a request to Google. We shall see. Very strange....

[marlon006 1]

I for one was not affected while using Haproxy with Pfsense, but my friend has also got flagged. He uses Nginxproxymanager, however he has the same deceptive site ahead on more of his proxies. Also Unraid and Authelia were affected according to the Google cloud console. It first started last week only on Emby, but after trial and error, more websites have been flagged by chrome. We for instance tried swapping domains and prohibiting crawlers in his proxy(nginxproxymanager) (which might not have been correct, but it certainly did not prevent the problem).

Edited March 23, 2023 by marlon006
spelling and interpunction

[Douglas_D 0]

Another data point. I was flagged yesterday and am waiting for a review from Google. As a Reddit post suggested, I tried altering the index.html metadata... no idea if that will do anything though to the bots.

[Luke 37071]

1 minute ago, Douglas_D said:

Another data point. I was flagged yesterday and am waiting for a review from Google. As a Reddit post suggested, I tried altering the index.html metadata... no idea if that will do anything though to the bots.

What changes did you make?

[Douglas_D 0]

52 minutes ago, Luke said:

What changes did you make?

I feel like I'm kind of throwing darts at the board to see what sticks at this point. Who knows if it will make any difference when reviewed. I did it based on this comment on Reddit that who knows if it has any basis in reality: Reddit Link

I'd copy this in as html code, but it strips out my change indications (bold/underlined)

Quote

 

 <meta name="description" content="My Server">
    <meta name="format-detection" content="telephone=no">
    <meta name="msapplication-tap-highlight" content="no">

    <meta http-equiv="X-UA-Compatibility" content="IE=Edge">
    <meta name="apple-mobile-web-app-capable" content="yes">
    <meta name="mobile-web-app-capable" content="yes">
    <meta name="application-name" content="My Media">
    <meta name="robots" content="noindex, nofollow, noarchive">
    <meta property="og:title" content="My Media">
    <meta property="og:site_name" content="My Media">
    <meta property="og:url" content="https://my.url.com">

 

Also to note, I already had a reverse proxy setup through SWAG and setup Emby to use nginx to handle the secure connection mode. Not sure if that means Emby isn't using 302 redirects, but I couldn't detect any when I looked at the network tab in Chrome developer tools.

Edited March 23, 2023 by Douglas_D

[Quicksand Jesus 1]

Mine is restored from Google. I removed the non-SSL ports from public access and changed the standard HTTPS port to a custom port. It seems to be good so far. 

[Douglas_D 0]

Google unflagged all sites on my domain except Emby  Doesn't look like I have http 8096 open to the public, so not sure if that is playing a part of it?

My reverse proxy did have the following line as I was messing with the ability to have Emby load as a sub-page within something like Organizr, but just commented it out and am going to ask for another review to see if that does anything.

 

 

    add_header X-Frame-Options "ALLOW-FROM Douglas_Ds_domain.com";

Edited March 24, 2023 by Douglas_D

[visproduction 123]

Related post: Reddit forum deceptive site issue Emby
 

Quote

kapilmahawar

·15 days ago·edited 15 days ago

 

I solved this by changing metatags of index.html, error gone within a day. I also waited for almost 2months for error to go away but despite continuously reporting nothing happened. So then I tried changing meta tags.

Path to file - /opt/emby-server/system# cd dashboard-ui/index.html

<meta name="description" content="XXXXXServer"> <meta name="application-name" content="XXXXX"> <meta property="og:title" content="XXXXX"> <meta property="og:site_name" content="XXXXX"> <meta property="og:url" content="https://XXXXXXXX">

these are the changes I have made. Fill out something different than emby.

Hope that helps.

Edited March 25, 2023 by visproduction

[Luke 37071]

26 minutes ago, visproduction said:

Related post: Reddit forum dece[tive site issue Emby
 

Hope that helps.

I think what we'll do is just remove those from the built-in web app.

[TMCsw 122]

I deleted those entries and tested both local and remote connections work fine for me, although I've never been flagged so far .

[Luke 37071]

58 minutes ago, TMCsw said:

I deleted those entries and tested both local and remote connections work fine for me, although I've never been flagged so far .

Yea I think what this all comes down to is it ends up looking like you are trying to impersonate Emby, and that's why this happens.