Google keeps marking my Emby domain as a deceptive/phishing site.

[PeterHing 3]

I've just been hit by Google too. I'm not doing anything special with my configuration:  Domain > Static IP > Emby.

Originally they had blacklisted the domain which also killed my Home Assistant server. I filed a False Positive report on both Home Assistant and Emby URLs. Home Assistant has been permitted, Emby is still blocked. There are suggestions you can see why in the Google Search Console. I'm going to get that setup now to see if there's any indication.

[PeterHing 3]

5 minutes ago, PeterHing said:

There are suggestions you can see why in the Google Search Console. I'm going to get that setup now to see if there's any indication.

Google Search Console doesn't go into any helpful detail.

[Q-Droid 989]

There are a couple of threads about this, should they be merged?

I've been wondering if the reason is that the default landing page is a credential collector (login page). So if another click was required to get to the login would this keep the warnings at bay? Has or can anyone try a test with a simple Emby banner/logo or portal page with a link to the login?

[Q-Droid 989]

Then there's also a manifest.json with links referencing the Emby app in the stores. I don't know how deep Google or MS go into the sites for inspection and whether this would look suspicious to them.

{
  "name": "Emby",
  "short_name": "Emby",
  "start_url": "/web/index.html",
  "description": "Your media, your way.",
  "lang": "en-US",
  "related_applications": [
    {
      "platform": "play",
      "url": "https://play.google.com/store/apps/details?id=com.mb.android"
    },
    {
      "platform": "itunes",
      "url": "https://itunes.apple.com/us/app/emby/id992180193?ls=1&mt=8"
    }

 

[spipe 1]

After I posted, I submitted for a review and they removed the blacklist for my domain. In the google console, it showed the same thing as @PeterHing, but I was using a reverse proxy (traefik) for port 80 and 443 instead of port 80 and 8920.

Edited March 16, 2023 by spipe

[budokaiman 4]

I've submitted multiple requests for review, and it gets removed for a little while, then gets blocked again.

[KMBanana 116]

I have not been blocked, but I figure putting some baseline information together could help identify what is causing these flags. 

Behind Cloudflare proxy/tunnel: No
Country based on server IP: United States
Indexing blocked: No
Residential IP: Yes
https://www.ssllabs.com/ score: A+
Subdomain or domain includes "Emby": No
https: Required
TLD: .com
Cert provider: LetsEncrypt

[spipe 1]

Behind Cloudflare proxy/tunnel: No
Country based on server IP: Germany
Indexing blocked: No
Residential IP: No, dedicated box from hetzner.
https://www.ssllabs.com/ score: A+
Subdomain or domain includes "Emby": Yes
https: Required
TLD: .one
Cert provider: LetsEncrypt

Edited March 16, 2023 by spipe

[baaahb 2]

I'm having this same issue as well after running Emby and my domain for several years.  I use google for my domain and DNS.  The site was flagged a week or so ago, and I have reported it as a false positive, but it hasn't been removed yet.  Just wanted to let y'all know you aren't alone.  Something has changed about google's scans that is clearly catching Emby sites.

[AmIBeingObtuse 3]

Just happened to me for the first time ever. Had it running for over 2 years.

Behind Cloudflare proxy/tunnel: No
Country based on server IP: United Kingdom
Indexing blocked: No
Residential IP: I use dynu.com witch points to my pc and ip updater updates dynu with my dynamic address.
https://www.ssllabs.com/ score: A+
Subdomain or domain includes "Emby": No mine starts as watch.domain.com
https: Required
TLD: .one
Cert provider: certify the web which I think uses letsencrypt

[Nebarik 7]

My baseline that has not been flagged:

Behind Cloudflare proxy/tunnel: Yes
Country based on server IP: Australia
Indexing blocked: No
Residential IP: No, VPS. 
https://www.ssllabs.com/ score: A+
Subdomain or domain includes "Emby": No
https: Required
TLD: .au
Cert provider: Cloudflare full (strict)

Edited March 16, 2023 by Nebarik

[lharris 3]

I had it my whole domain flagged a few weeks ago and now they just flagged my site https://emby.hnet.online/

If you register your site at https://search.google.com/search-console you can request a review. 

[Happy2Play 9780]

Using the above info here https://transparencyreport.google.com/safe-browsing/search shows this.  @Luke

 

Edited March 17, 2023 by Happy2Play

[lharris 3]

@Luke@Happy2Play

See below, google is finally calling out the page.    Also my apologies I run windows and found this post first.  I also commented on the windows post here:  

 

So for reference, I pay my ISP $6 for a month for a static IP (a smaller rural fiber provider that is awesome) and I run this from a Dell r720xd and an r510 from my basement, behind an Ubiquiti UDM Pro with threat management turned on and set to block.   It runs in vmware.  Everything is behind a reverse proxy running a relatively current version of Caddy, if it's not they current version.

Any detail you need or want let me know and I'll provide it. 

 

Here's a snippet from the caddy file:

emby.<redacted>.online:8920, emby.<redacted>.online {
    log {
        output file ./logs/emby_access.log {
            roll_size 10mb
            roll_keep_for 720h
        }
    }

    import godaddy
    reverse_proxy emby.<redacted>.home:8096
}

 

Edited March 18, 2023 by lharris

[lharris 3]

How can we stop Emby from throwing a 302?  Is this somehow an interaction with my reverse proxy?  

 

[Happy2Play 9780]

3 minutes ago, lharris said:

How can we stop Emby from throwing a 302?  Is this somehow an interaction with my reverse proxy?  

 

Don't believe you can as you are redirected to different locations depending on authentication status.  "localhost" does the exact same thing.

Example

http://localhost:8095/

Redirects

http://localhost:8095/web/index.html#!/startup/login.html?serverId={serverid}

Redirrects will vary depending user config options on what page will appear.

[lharris 3]

I'd really like to hear from the devs about why Emby throws a 302.   Seems like there's a lot of info out there about Google being a huge jerk about it.   I did some Googling and I think I removed to 302 with Caddy server, which happens to be my reverse proxy, but I need to do some testing to make sure Emby is not broken.

There is a reddit discussion with an nginx example here and my Caddy Example is below: 

   Caddy Example:

emby.<redacted>.online:8920, emby.<redacted>.online {
        log {
            output file ./logs/emby_access.log {
                roll_size 10mb
                roll_keep_for 720h
            }
        }
        
        import godaddy
        
        @paths path /
    
        redir @paths https://emby.<redacted>.online/web/index.html permanent
        
        reverse_proxy emby.<redacted>.home:8096
        
        header {
            X-Robots-Tag none;
        }

 

 

[lharris 3]

Apparently the fixes above did not work.  I got Google to lift the flagging on the 20th and now a week and a half later it's back

[spipe 1]

Aaaaaaand its back....

Having to request another review in hopes of getting it removed again..

[Nebarik 7]

After a long time of it not affecting me. Google picked me up again. 

Using Cloudflare. 

[EODCrafter 181]

Isn't there a setting in your Browser you can disable this?

[DarkZrobe 3]

Mine just popped. Butting in for a review. Did anyone figure out how to fix this?

[Luke 42077]

The upcoming 4.8. Server release has made some changes to hopefully prevent this from happening.

[adamrussak 2]

Awesome news!!!

 

 

[DarkZrobe 3]

I patched to the 4.8 Beta last night and got google to reverse the flag. Ill post if anything changes.