Jump to content

My emby server has been flagged as a Deceptive site.

RDSII64

By RDSII64
in General/Windows

 Share

Recommended Posts

nonyhaha

nonyhaha   3

Posted
Posted

Just an update on my side. After 2 days of being free of deceptive site warnings, my dinamic dns provider - dynu.com - dropped support for all my domains redirects. 

My domain names do not get resolved anymore and i cant reach my server from outside of my home network.

While submitting a ticket with dynu they asked me about the google search console messages about my servers. 

This is awful. 

Is there anyway to find out what is generating the initial issue? I need to stop this because i am using multiple services behind my domain.

  • Agree 1
Link to comment
Share on other sites
crusher11

crusher11   851

Posted
Posted
On 3/17/2023 at 7:39 PM, rbjtech said:

Ah ok - so maybe it's a vulnerabilities issue on the sites.  It would be interesting to see what score they get on something like ssllabs/qualys -  https://www.ssllabs.com/ssltest/index.html

edit ..

maybe emby.media wanna try to improve things as well while they are looking (capped to B as they still support TLS 1.0/1.1) .. 🤔

image.png.bc4df9509c2e64d760c9a340ba5df6a0.png

I haven't had the flagged-as-deceptive issue but I just ran this on my server and got the same result, is there anything I can do about it?

Link to comment
Share on other sites
nonyhaha

nonyhaha   3

Posted
Posted
54 minutes ago, visproduction said:

Non,

Have you seen this service at dynu?  It looks like it might help.
 https://www.dynu.com/Resources/Tutorials/DynamicDNS/Advancedfeatures/How-To-Set-Up-DNSSEC

 

I managed to buy a member account this morning, but I do not have the dnssec option available yet. 

I will wait until tomorrow morning to see if it will appear, otherwise ill submit another ticket :(

Link to comment
Share on other sites
pwhodges

pwhodges   1531

Posted
Posted
30 minutes ago, crusher11 said:

I haven't had the flagged-as-deceptive issue but I just ran this on my server and got the same result, is there anything I can do about it?

See what's keeping the result down to B and use reverse proxy settings to change it (e.g. forbidding TLS1.0/1.1).  If you're using Emby's SSL without a reverse proxy, then it's down to Emby to change (I don't know if they need to, though).

Paul

Link to comment
Share on other sites
crusher11

crusher11   851

Posted
Posted
1 minute ago, pwhodges said:

See what's keeping the result down to B and use reverse proxy settings to change it (e.g. forbidding TLS1.0/1.1).  If you're using Emby's SSL without a reverse proxy, then it's down to Emby to change (I don't know if they need to, though).

Paul

Like I said, it's exactly the same result: B due to TLS.

So it's an NGINX setting somewhere? 

Link to comment
Share on other sites
pwhodges

pwhodges   1531

Posted
Posted (edited)

Sure to be - but I use Caddy :)

https://ixnfo.com/en/how-to-disable-tls-1-0-and-tls-1-1-in-nginx.html

Incidentally, Caddy no longer even allows TLS older than 1.2 to be enabled!  (Though if you sponsor them with enough money you could probably get them to set up a personal fork for you with the code re-included.)

Paul

Edited by pwhodges
Link to comment
Share on other sites
crusher11

crusher11   851

Posted
Posted
1 hour ago, pwhodges said:

Sure to be - but I use Caddy :)

https://ixnfo.com/en/how-to-disable-tls-1-0-and-tls-1-1-in-nginx.html

Incidentally, Caddy no longer even allows TLS older than 1.2 to be enabled!  (Though if you sponsor them with enough money you could probably get them to set up a personal fork for you with the code re-included.)

Paul

Ironically, I can't see that link because the secure connection failed.

Link to comment
Share on other sites
crusher11

crusher11   851

Posted
Posted

Well I fixed that up, but now I'm apparently missing a DNS CAA, and I have no idea what to enter for that.

Link to comment
Share on other sites
pwhodges

pwhodges   1531

Posted
Posted (edited)

That's not essential as far as I can see; but if it affects your score, then why not?  You can add a CAA record to your DNS entries, which specifies what certificate authority is allowed to issue your certificates, and thus prevents any other CA from issuing one; I have one which says my certificates only come from LetsEncrypt.com |(but I don't remember specifying it - maybe I did it to get my score up! Ah, well...).

Paul

https://letsencrypt.org/docs/caa/

Edited by pwhodges
Link to comment
Share on other sites
crusher11

crusher11   851

Posted
Posted
30 minutes ago, pwhodges said:

That's not essential as far as I can see; but if it affects your score, then why not?  You can add a CAA record to your DNS entries, which specifies what certificate authority is allowed to issue your certificates, and thus prevents any other CA from issuing one; I have one which says my certificates only come from LetsEncrypt.com |(but I don't remember specifying it - maybe I did it to get my score up! Ah, well...).

Paul

https://letsencrypt.org/docs/caa/

My certificate just comes from CloudFlare, though...you'd think they'd handle that themselves. 

Link to comment
Share on other sites
crusher11

crusher11   851

Posted
Posted
8 hours ago, pwhodges said:

This record is in your DNS - where is that held?

Paul

I know how to add a CAA in CloudFlare, I just don't know what to enter into the fields.

Link to comment
Share on other sites
pwhodges

pwhodges   1531

Posted
Posted

I'm sure that CloudFlare will document that (as LetsEncrypt do in the link I gave).

Obviously it needs to be correct, or certificate renewal will fail.

Paul

Link to comment
Share on other sites
cypher0117

cypher0117   4

Posted
Posted

Not having your DNA CAA specified doesn't appear to affect the score of the SSL test.  Mines not specified, but I get an A+ from that SSL test link.

Link to comment
Share on other sites
  • 2 weeks later...
TheKamakaZi

TheKamakaZi   15

Posted
Posted (edited)

So I've done the boring thing and read through Google's definitions of deceptive sites, recommendations, etc, and I believe I may have figured out the crux of the issue.

They think we're all imitating Emby!
Well, emby.media, or app.emby.media, but you get my point.

There's no concrete evidence of this, but simply looking at the examples, it seems that all our instances share strings, images (logos), and login patterns. As Emby has become an established entity in media streaming, it seems natural for those of lesser moral fibre to imitate its looks and logins in an effort to gain access.

@Luke@pir8radioWould it be at all possible to customise the look and feel of the UI, even as a once off test to see if this satisfies the Google god?

Edited by TheKamakaZi
  • Agree 1
Link to comment
Share on other sites
AmIBeingObtuse

AmIBeingObtuse   2

Posted
Posted (edited)
On 24/03/2023 at 17:12, Luke said:

I think what we'll do is just remove those from the built-in web app.

Will these changes occur in a beta? How fast will this be implemented. Thanks for the response to all this.

 

@Luke

Edited by AmIBeingObtuse
Tagged admin
Link to comment
Share on other sites
Luke Emby Team

Luke   37068

Posted
Posted
1 hour ago, AmIBeingObtuse said:

Will these changes occur in a beta? How fast will this be implemented. Thanks for the response to all this.

 

@Luke

HI, yes this should be in soon. Thanks.

Link to comment
Share on other sites
  • 2 weeks later...
Luke Emby Team

Luke   37068

Posted
Posted
7 minutes ago, zepx said:

@Luke

Is there any update on this issue?

The beta server has removed a number of things from the web app html that might have caused this. If you've already been flagged then you'll have to go through the process with google as mentioned above to get unflagged. Hopefully the changes will help prevent it from happening again.

  • Like 1
Link to comment
Share on other sites
indianaguy

indianaguy   2

Posted
Posted (edited)

My domains also been flagged. Not sure if this is what could be causing recent peoples connection problems or what?

One user couldnt get connect to work so i gave them direct ip. worked for  a day they went back to device and was logged out. They tried connecting again just to get a error:1408f10b:SSL routines:SSL3_get_record:wrong version number .  Not sure if thats related to any of this stuff going on or not but everybody else seems to be connecting fine.

 

 

image.png.66e4ad94868998ee2c2724e805d16443.png

Edited by indianaguy
Link to comment
Share on other sites
Luke Emby Team

Luke   37068

Posted
Posted
59 minutes ago, indianaguy said:

My domains also been flagged. Not sure if this is what could be causing recent peoples connection problems or what?

One user couldnt get connect to work so i gave them direct ip. worked for  a day they went back to device and was logged out. They tried connecting again just to get a error:1408f10b:SSL routines:SSL3_get_record:wrong version number .  Not sure if thats related to any of this stuff going on or not but everybody else seems to be connecting fine.

 

 

image.png.66e4ad94868998ee2c2724e805d16443.png

Hi, no, not related. The topic in this thread is related to using the built-in web app.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...