top | item 26326528

Help HN: Google just blocked my site as deceptive site

40 points| uploaderwin | 5 years ago

I run a website called Uploader window (www.uploader.win) that helps users to add an upload widget to their own apps or websites.

This morning I got a message from google that my site has been blocked for being Deceptive and it has listed my homepage as the deceptive URL. Anybody who will open the site gets a big red screen with a warning.

I've checked the source code by hand and everything I could check and I can't find any reason for hack or any security issues.

The only possible reason I can think off is we have a demo on our homepage which allows users to upload test files to try out the uploader and we offer a 20MB test space to help users during development. All test files are deleted after 24 hours. I have also disabled both these features since. But Google didn't say if this was the cause.

I've submitted a review to Google but not sure how long it will take.

We have a paying customers and all sites which have our script are now showing this warning too.

I am feeling super helpless and super scared how this is going to affect them.

Do you know of any way I can expidite the review? Any thing you can suggest to help me?

21 comments

uploaderwin|5 years ago

Hey guys! Great news.

Looks like Google just removed us from the blacklist. Maybe somebody from Google saw this or maybe I got reviewd quickly but I couldn't be happier.

Here are a few things I did

- Removed all inline images (As mentioned in my other comments a lot of virus sites were tagging me base64 embedded due to inline images)

- Disabled test uploads for now. I will probably make the test file expire after 2 mins and never host them on the same domain

- Moving the external scripts to another domain. You never know what can get you blacklisted so best to keep customer facing part separate from main domain.

I cannot be more thankful to all the people who replied and offered suggestions. You guys rock!

P.S. In case you guys still seeing the red screen of death, please let me know.

romland|5 years ago

You say "All test files are deleted after 24 hours.", that implies to me that files people upload _could_ be downloaded too.

If that is the case, that is where you are vulnerable. Free hosting of a file at a trusted domain is worth something.

If people are not intended to be able to download their test files, check your logs, someone might have found a way around it.

That's the best I can think of.

uploaderwin|5 years ago

Yes you are correct they can download it too. After thinking about it for the last 4 hours that is all i can think off caused the problem. I have nothing which can be called deceptive text on any of my site otherwise.

I will probably delete files after 2 mins instead of 24 hours.

Another option is I ask for credit card details before I let them try the demo. This can get rid of letting anyone misusing the demo features.

ikiris|5 years ago

You allow anyone to upload random malware and you'll host it for them for 24 hours?

uploaderwin|5 years ago

We don't offer any hosting. The demo on our website is way for people to actually see how the uploader will look in their own apps. Most companies like ours offer similar demos to their users too.

ptbello|5 years ago

This is probably the root cause. e.g. Mozilla shut down the "firefox send" service because of their inability to stop inadvertently hosting malware

_-___________-_|5 years ago

First and foremost, host the hosted script that you let users use on a different domain - especially if you're letting random people upload random files to your primary domain!

uploaderwin|5 years ago

Yes this is 100% correct and I was thinking the same. The homepage, test storage and external script cannot share the domain. I have already started making these changes.

OJFord|5 years ago

I'd report it as incorrect, but I can't even ignore the warning (Firefox, clicking proceed anyway just pops up an additional 'deceptive site' banner that follows me even after navigation away /shrug) - so I can't really justifiabally report it sight unseen.

Where does the upload go when your customers use it on their site though? Maybe what's deceptive is that if HN shows an upload area in an iframe or whatever, and I upload something, I expect that I'm giving it to HN, but really it's gone straight to you at Uploader.win?

(Fwiw I also think uploader.win is not a great name, your search result looks like it's a good tool, but the name sounds sort of scammy, like the kind of thing you'd get if you searched 'free download exe' or something.)

uploaderwin|5 years ago

The upload goes to the customers AWS account or Digitalocean spaces account. We do not host any cutomer's file.

Also it always opens-up a file popup so it can't be used deceptively.

Regarding the name it's short form of 'Uploader window' like Filer Picker. Really can't do much about that.

Thanks for helping it in reporting it as incorrect.

Matsta|5 years ago

I just had a look on Ahrefs and couldn't notice anything weird.

One thing I did notice, is that you have your jpg's inline. McAfee and other virus protection apps are completely trigger happy anytime you encode a substantial amount of "code" (yes it's an image). I would try removing the inline images and linking them and see if that makes any difference.

uploaderwin|5 years ago

Thanks for checking and help.

Yes I too believe this could be one of the cause as I've mentioned below in another comment, virustotal site says 'base64-embedded'.

Those are just svg images I've embedded in the html to reduce the number of requests. But I'm not taking chances and making them seperate files.

arkitaip|5 years ago

Is Search Console giving any useful info?

FYI your domain seems to be blacklisted by Firefox, McAfee, Sophos among others [0]

[0] https://www.virustotal.com/gui/url/e75b77237f60332ef78b2399c...

uploaderwin|5 years ago

This is so strange. Unfortunately I can't find any security issue on the server or any files that caused this.

Here is a screenshot of webmaster tools(1). The pages it lists are html pages and I've checked the source code and there are no script or anything on them.

Also the virustotal site says 'base64-embedded'. Those are just svg images I've embedded in the html to reduce the number of requests. That can't be a trigger right?

(1) https://i.imgur.com/iHYWyG4.png

tmikaeld|5 years ago

The virus engines are probably listing it because they check the Google malware listings.

reconquestio|5 years ago

I don't really know any way around other than that we can report the incorrect phishing warning here:

https://safebrowsing.google.com/safebrowsing/report_error/?u...

stity|5 years ago

You domain name confused me when I first saw it : uploader.win seems related to Windows at first sight. Whereas your product has nothing to do with Windows. Something like [catchy-unique-name]-uploader.[com/io/app] seems less misleading.

unknown|5 years ago

[deleted]

markdown|5 years ago

Obviously you're a small business and this isn't a feasible option, but I wonder if you had a case to sue Google for libel.

They're telling people that your business is dangerous and could harm them.