Domain flagged as malicious by google
Hello everyone,
Ive been using this service for a couple of weeks now and it’s been working pretty well. Last night I started exploring oauth and attempted to create an oauth client in the google dashboard to be used by immich. However, a few seconds after creating the oauth client, my root domain got flagged as malicious with these two urls being the primary offenders: https://photos.mydomain.com/auth/login?continue=/user-settings
https://photos.mydomain.com/user-settings. Now I get a warning from my browser whenever I try to access any of my subdomains and I can’t use googles oauth. I’m currently running immich using docker and the domain is obtained from cloudflare and connected through a cloudflared tunnel. I would greatly appreciate any help I can get with this. Please note that Ive had this domain for a long time now and have been running many other services on it with no issues.
12 Replies
:wave: Hey @BuGabageb,
Thanks for reaching out to us. Please carefully read this message and follow the recommended actions. This will help us be more effective in our support effort and leave more time for building Immich :immich:.
References
- Container Logs:
docker compose logs docs
- Container Status: docker ps -a docs
- Reverse Proxy: https://immich.app/docs/administration/reverse-proxy
- Code Formatting https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline#h_01GY0DAKGXDEHE263BCAYEGFJA
Checklist
I have...
1. :ballot_box_with_check: verified I'm on the latest release(note that mobile app releases may take some time).
2. :ballot_box_with_check: read applicable release notes.
3. :ballot_box_with_check: reviewed the FAQs for known issues.
4. :ballot_box_with_check: reviewed Github for known issues.
5. :ballot_box_with_check: tried accessing Immich via local ip (without a custom reverse proxy).
6. :ballot_box_with_check: uploaded the relevant information (see below).
7. :ballot_box_with_check: tried an incognito window, disabled extensions, cleared mobile app cache, logged out and back in, different browsers, etc. as applicable
(an item can be marked as "complete" by reacting with the appropriate number)
Information
In order to be able to effectively help you, we need you to provide clear information to show what the problem is. The exact details needed vary per case, but here is a list of things to consider:
- Your docker-compose.yml and .env files.
- Logs from all the containers and their status (see above).
- All the troubleshooting steps you've tried so far.
- Any recent changes you've made to Immich or your system.
- Details about your system (both software/OS and hardware).
- Details about your storage (filesystems, type of disks, output of commands like fdisk -l and df -h).
- The version of the Immich server, mobile app, and other relevant pieces.
- Any other information that you think might be relevant.
Please paste files and logs with proper code formatting, and especially avoid blurry screenshots.
Without the right information we can't work out what the problem is. Help us help you ;)
If this ticket can be closed you can use the /close command, and re-open it later if needed.
Successfully submitted, a tag has been added to inform contributors. :white_check_mark:I'm not sure we can do anything here, have you tried contacting Google?
They'll flag domains as malicious for the dumbest things
This just happened to me - my entire domain listed as being a phishing domain. I'm not trying to connect oauth and Google shouldn't know anything about my domain (except that we've probably shared some links via gmail/google chat).
The logon page specifically seems to have been picked up by Google, I strongly suspect its due to the use of colours and logo potentially looking too similar to the Google Photos pinwheel.
I've requested (via search console, and also via safe browsing - https://safebrowsing.google.com/safebrowsing/report_error/?url= ) for the block to be lifted... Will report back.
eg: this page
If you setup a phishing page like this and directed Google users to it to capture Google logons it would probably be "somewhat" effective.
As part of requesting to be unblocked (which I suggest you do @BuGabageb ), I've also added a "Welcome message" in settings (to try to make it clear that this isn't Google):
If you have a <MySite> Immich account, then please login. If you're looking for photos we shared with you, please contact us.
The domain name looking like another domain is typically the cause of this
Recent example
https://www.reddit.com/r/selfhosted/s/2iDSQQmZDQ
Reddit
From the selfhosted community on Reddit
Explore this post and more from the selfhosted community
Thanks everyone for the comments, I contacted google and they removed the flag from my domain. I’m not sure why they flagged it in the first place but it must be somehow related to the immich login page. I’ll email the google support team asking why it was flagged and share my findings here.
You can find lots of sources on Reddit etc and most people say it’s the sub domain name
I had the same happen to Emby
In my case, it's "photos.<my-last-name>.com".
How long did yours take to clear? And did you go via the safe browsing site or via "search console"?
Good luck getting anything in any form useful back from Google support >_>
Mine resolved now too - honestly surprising given how bad Google's support is everywhere else. Keen to hear if you get any words back from them.
In my case - I suspect that my wife accidentally shared an authenticated link (instead of a public link) to someone, and that that someone may have thought it was a Google login and entered their own credentials - assuming they use Chrome, it would be that surprising that this triggered something... Hoping an appropriate welcome message will deter such things in future.
I did it through the “done fixing” button in the search console and mentioned that this must be a false positive in the “how you fixed it” field. It took around 24 hours for them to clear my domain.
Still haven’t heard back from the support team though.
I just got this today, I also had a photos.<mydomain>.com, I also created a OAuth App, as I wanted a simple 2FA to login and filter user to just my google account. Maybe it would have been fine if I used immich.<mydomain>.com it might have worked.