Q-Droid 657 Posted May 6, 2023 Share Posted May 6, 2023 I'll ask again since I haven't seen a response. Trying to identify a pattern for this in addition to the already suspected causes. There are so many who are not being flagged including forum regulars. - What ports are the flagged sites using? Not that the ports are an issue but I'm wondering if common ports are more likely to get scanned and flagged. - Are the flagged sites using a sub-domain such as emby.<domain>? These might appear to be even more suspect as impersonators than FQDN which doesn't include emby in the name. Once the sub-domain is flagged then it would be logical that the entire domain gets flagged if not free DNS/DDNS. Link to comment Share on other sites More sharing options...
pwhodges 1534 Posted May 6, 2023 Share Posted May 6, 2023 I have not been flagged. I use a domain starting emby.xxx which requires https on port 443 (80 also works, but only by virtue of immediately redirecting to 443). I do not expose Emby's own default ports, and I'm running the beta (so hopefully I am now safer from this nuisance). Paul Link to comment Share on other sites More sharing options...
Animosity022 6 Posted May 6, 2023 Share Posted May 6, 2023 Just now, pwhodges said: I have not been flagged. I use a domain starting emby.xxx which requires https on port 443 (80 also works, but only by virtue of immediately redirecting to 443). I do not expose Emby's own default ports, and I'm running the beta (so hopefully I am now safer from this nuisance). Paul I use a emby.xxx only on port 443, no redirect. Almost identical to you minus the 80 part. I've removed Emby again and will probably take me another year or so before I decide to check it out again as I seem to always come back to see how things are. Link to comment Share on other sites More sharing options...
rbjtech 4302 Posted May 6, 2023 Share Posted May 6, 2023 Same here emby.x.x on 443/80 redirect. From the nginx web logs, I can clearly see (uk) Google probing - I've been on the beta for a while, but these header changes were only made fairly recently - but I've never been flagged. Link to comment Share on other sites More sharing options...
pwhodges 1534 Posted May 6, 2023 Share Posted May 6, 2023 My base domain gets a fair amount of unrelated usage; I wonder if that contributes to their assessment of the domain as a whole. Paul Link to comment Share on other sites More sharing options...
Q-Droid 657 Posted May 6, 2023 Share Posted May 6, 2023 (edited) 44 minutes ago, pwhodges said: I have not been flagged. I use a domain starting emby.xxx which requires https on port 443 (80 also works, but only by virtue of immediately redirecting to 443). I do not expose Emby's own default ports, and I'm running the beta (so hopefully I am now safer from this nuisance). Paul I asked because mine does not include emby in the name and uses the default port value externally even though behind a reverse proxy. It rarely gets scanned, most recently a few months ago by internet-measurement.com and on a different WAN IP (recent ISP change). I'm running the stable release and manually updated the meta tags mentioned earlier in the thread but if the site wasn't probed/scanned before then likely doesn't matter. My server gets very little external traffic and it's unknown if activity might also be a factor. Edit: Another thing - if using Google DNS (8.8.8.8) for name resolution could that pique their interest in a site? Edited May 6, 2023 by Q-Droid Link to comment Share on other sites More sharing options...
Spaceboy 2500 Posted May 6, 2023 Share Posted May 6, 2023 (edited) i got flagged today. its annoying because personally i connect remotely through an openvpn server hosted on my pfsense router but i have some less technical family members that access my server and they would struggle with installing a vpn and ensuring it remains connected when they want use it. so i will be following these instructions very shortly... edit - oh you have to be on beta.... well they'll have to wait then... Edited May 6, 2023 by Spaceboy Link to comment Share on other sites More sharing options...
Q-Droid 657 Posted May 6, 2023 Share Posted May 6, 2023 If you want to try it you can still modify the index.html in the stable release. These are the lines I removed from mine but I am not a good test case since I haven't been flagged. # diff -b index.html.mod index.html.orig 7a8 > <meta name="description" content="Emby Server"> 13a15 > <meta name="application-name" content="Emby"> 14a17,23 > <meta property="og:title" content="Emby"> > <meta property="og:site_name" content="Emby"> > <meta property="og:url" content="https://emby.media"> > <meta property="og:description" content="Energize your media."> > <meta property="og:type" content="article"> > <meta property="fb:app_id" content="1618309211750238"> > <meta name="apple-itunes-app" content="app-id=992180193"> Link to comment Share on other sites More sharing options...
worthmo 10 Posted May 8, 2023 Share Posted May 8, 2023 I removed the following from my index.html <meta name="description" content="Emby Server"> <meta name="application-name" content="Emby"> <meta property="og:title" content="Emby"> <meta property="og:site_name" content="Emby"> <meta property="og:url" content="https://emby.media"> <meta property="og:description" content="Energize your media."> <meta property="og:type" content="article"> <meta property="fb:app_id" content="1618309211750238"> <meta name="apple-itunes-app" content="app-id=992180193"> Requested a review from google. Was cleared on 5/7 and reflagged again on 5/8. Has anybody else that manually cleared out these values been re-flagged? Link to comment Share on other sites More sharing options...
worthmo 10 Posted May 8, 2023 Share Posted May 8, 2023 What is the process to uninstall beta and re-install 4.8 when it becomes available? I do not want to lose any settings, users, or watched status. Link to comment Share on other sites More sharing options...
Luke 37151 Posted May 8, 2023 Share Posted May 8, 2023 5 minutes ago, worthmo said: What is the process to uninstall beta and re-install 4.8 when it becomes available? I do not want to lose any settings, users, or watched status. Just install stable over the top once the version number catches up. Link to comment Share on other sites More sharing options...
pwhodges 1534 Posted May 8, 2023 Share Posted May 8, 2023 Specifically, you can't go back to 4.7 without rebuilding everything in a new installation, because of changes in the database structure. There may be ways to back up and restore (after rebuilding) the information you specify, but I don't have that info at my fingertips right now. Paul Link to comment Share on other sites More sharing options...
n8tie 1 Posted May 9, 2023 Share Posted May 9, 2023 i use nginx as a revese proxy (80+443 on an subdomain) and got flagged the third time, just a few days after removal it starts again on all of my *.domain. was thinking about https://www.nginx.com/resources/wiki/modules/substitutions/ but until now i was tooo lazy and the apps work fine. just 1 or 2 members of my family asked about their red browser Link to comment Share on other sites More sharing options...
DarkZrobe 3 Posted May 9, 2023 Share Posted May 9, 2023 11 hours ago, n8tie said: i use nginx as a revese proxy (80+443 on an subdomain) and got flagged the third time, just a few days after removal it starts again on all of my *.domain. was thinking about https://www.nginx.com/resources/wiki/modules/substitutions/ but until now i was tooo lazy and the apps work fine. just 1 or 2 members of my family asked about their red browser Are you on 4.8 yet? I havnt been reflagged as far as I know since moving to 4.8 Link to comment Share on other sites More sharing options...
n8tie 1 Posted May 9, 2023 Share Posted May 9, 2023 no, i stay on stable :) Link to comment Share on other sites More sharing options...
trinected 7 Posted May 22, 2023 Share Posted May 22, 2023 Hi, a week ago, it started: Google is complaining all my sites to have phishing contents: Checking the Google Search Console: Installed v4.7.11.0 by Docker on Linux, but it's complaining about the web-ui of Emby - none other. So, it seems to be irrelevant how it is installed, isn't it? The last time I clicked the "Request Review", after a few days it has been removed from their list. But now it is coming again. What could be the problem? The login-page is not valid to be accessible over the internet? Thank you for your assist. @trinected Link to comment Share on other sites More sharing options...
pwhodges 1534 Posted May 22, 2023 Share Posted May 22, 2023 Have you read the thread you've added your report to? - it includes a discussion of possible causes. Recently, the Emby landing page has been modified in beta, which it is hoped will stop this happening; since the specific cause is not actually known (that's to say, Google doesn't give any real detail), it is not absolutely certain this is the final answer, but there have been no reports of the issue happening to people running the beta since the change was made (as far as I know). I presume this has not been back-ported to the stable version yet because it is still considered to be under evaluation. Paul Link to comment Share on other sites More sharing options...
zepx 1 Posted May 22, 2023 Share Posted May 22, 2023 Just reporting in that after using the beta for close to a month now and my site hasn't been flagged. I previously tried modifying the docker image's metadata each time, but still got flagged. My guess is that the metadata was too simple like "Personal Server" and probably other users had the same name. 1 Link to comment Share on other sites More sharing options...
BigToach 0 Posted May 23, 2023 Share Posted May 23, 2023 My domain just got flagged with this too. emby.domain.com proxied via Traefik and DNS/SSL through cloudflare. The error is: Quote These pages attempt to trick users into doing something dangerous, such as installing unwanted software or revealing personal information. Learn more I'll try removing the meta tags and see how it goes. Link to comment Share on other sites More sharing options...
rbjtech 4302 Posted May 23, 2023 Share Posted May 23, 2023 (edited) I think this is another case of a 'fix' being held too long in Beta - and zero formal communication. This is not a highly complex functionality change, it is simply the headers being changed/removed - so personally, I think this should have been released as a preventitive security related Patch on the Stable release simply to avoid the impact of potentially damaging the reputatation of emby should mis-information get into the main social media channels ... Edited May 23, 2023 by rbjtech 2 Link to comment Share on other sites More sharing options...
Luke 37151 Posted May 23, 2023 Share Posted May 23, 2023 We're looking at putting together a new stable maintenance release with this update. Thanks guys. 3 Link to comment Share on other sites More sharing options...
trinected 7 Posted May 30, 2023 Share Posted May 30, 2023 Spoiler: the update does not help. Unmarked, one day later marked again. Link to comment Share on other sites More sharing options...
darkassassin07 432 Posted May 30, 2023 Share Posted May 30, 2023 2 minutes ago, trinected said: Spoiler: the update does not help. Unmarked, one day later marked again. The most recent update was purely a security update in regards to the massive security breach that's been the hot topic all week. Wait for v4.8 Link to comment Share on other sites More sharing options...
KMBanana 84 Posted May 30, 2023 Share Posted May 30, 2023 3 minutes ago, darkassassin07 said: The most recent update was purely a security update in regards to the massive security breach that's been the hot topic all week. Wait for v4.8 4.7.12 stable also contained the changes that Emby devs hoped would prevent this. https://github.com/MediaBrowser/Emby.Releases/releases "Adjust web app html tags to avoid false detection from Chrome as impersonating the Emby domain" Link to comment Share on other sites More sharing options...
darkassassin07 432 Posted May 30, 2023 Share Posted May 30, 2023 (edited) -redacted- I can't read.... Edited May 30, 2023 by darkassassin07 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now