Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When a domain which is part of this list is wrongly added to Google Safe Browsing phishing list #798

Closed
urcadox opened this issue Apr 3, 2019 · 1 comment
Closed

When a domain which is part of this list is wrongly added to Google Safe Browsing phishing list #798

urcadox opened this issue Apr 3, 2019 · 1 comment

Comments

@urcadox
Copy link

urcadox commented Apr 3, 2019
edited
Loading

Hello everyone,

This is not an issue with the list itself nor is it about adding a domain to the list.

This is a question about a domain which is already in this list: cleverapps.io.

The context

Clever Cloud is a hosting platform. Clever Cloud users can create subdomains of cleverapps.io for their applications. New users are given a few credits when they sign up so they can start testing our product right away.

Of course, sometimes, people will abuse this and start cryptomining applications, spam applications or even phishing applications.

What happened

Today, the cleverapps.io domain has been added to Google's Safe Browsing phishing list; most likely because of reports on one or multiple subdomains.

To get info about this and ask for a domain to be removed from the list after a new check; one has to validate the ownership of the domain on the Google Search Console (formerly Google Webmaster Tools).

The issue

The issue we are having is that we cannot add cleverapps.io as our property in the Google Search Console. Google considers that it's not a valid domain, because it's a part of the public suffix list.

So, here's the question: Did this happen to anyone else here and how did you contact Google to resolve this?

Side notes

  • We have a tool which tries to find suspicious applications. It did find some phishing applications in the last couple of days; those alerts had not been dealt with yet. We did go through all of the reports now and found and banned a few Dropbox phishing apps.
  • It seems that not all browsers use this phishing list the same way; my browser (Firefox 66 on Linux) does not show an error for all of cleverapps.io, only a few of the relevant apps we found. Some of our users though see the error for all of their cleverapps.io domains (which, for most of them, are only used for development / staging purposes only as we recommend; it's still quite annoying though).
@dnsguru dnsguru mentioned this issue Apr 9, 2020
Closed
@dnsguru
Copy link
Member

dnsguru commented Apr 16, 2020

This seems like it is misdirected at this volunteer group, closing.

@dnsguru dnsguru closed this as completed Apr 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dnsguru @urcadox