1

Has anybody else had the login page of tt-rss marked by Google as unsafe?

A few weeks ago, tt-rss came up with a red screen, and I had to click through several pages of warnings.

After checking my installation, I requested a rescan and it came up clean.

Then, a week later, they did it again.

Has this ever happened to any of you? What did you do about it?

Thanks,
Ed Greenberg

2
  1. What did the red screen show?
  2. What did the several pages of warning show?

Without knowing that, there’s no way we can even begin to help…

3

Indeed, that was a poorly asked question. Thanks.

When I try to go to my tt-rss page, I get this:

Deceptive site ahead

Attackers on reader.xxx.net may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards). Learn more

When I click details, I get:
Google Safe Browsing recently detected phishing on ***. Phishing sites pretend to be other websites to trick you.

When I choose to visit the unsafe site, I get my usual tt-rss login page.

I checked the tt-rss installation, and all the timestamps indicate that the code is intact.

The last time this happened, I asked Google to rescan the site, and they cleared it. A week later, they were complaining again.

Ed

4

i think safe browsing works by domain, not actual page content. so it’s not like tt-rss login form or whatever triggers it, but - for whatever reason - your website URL.

i think i saw some similar reports recently on r/selfhosted about google safe browsing triggering on random pages, maybe your case is related.

p.s. personally i would suggest not using anything google…

5

It is possible that your ISP is getting blanket banned. Or your domain name is similar enough to another one…

6

Are you using plain http instead of https? I’ve never seen such a warning, but might be a generic warning about non-https, with a slight exaggeration regarding phishing.

7

This is happening to me too. I believe that it relates to use of HTTP for the tt-rss login page.

8

This started happening to me today as well. My login page is Https with a verified certificate.

9

I requested a review for this and have just had the response that it was successful, back to normal now.

I’m using the inbuilt reverse proxy on a Synology NAS (based on Nginx) that doesn’t include some of the security headers so thought it may be related to that. It’s probably an excuse for me to look into using NPM

10

…and the problem is back

After a bit more research it appears to be because I’m using 302 redirects. It works for http->https but not for the redirect to the subdirectory. Anyone know where I’m going wrong?

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

>>> http://rss.*****.com
> --------------------------------------------
> 301 Moved Permanently
> --------------------------------------------
Status: 301 Moved Permanently
Code:   301
Server: nginx
Date:   Wed, 05 Oct 2022 12:14:02 GMT
Content-Type:   text/html; charset=iso-8859-1
Content-Length: 231
Connection: close
Location:   https://rss.*****.com/

>>> https://rss.******.com/
> --------------------------------------------
> 302 Found
> --------------------------------------------
Status: 302 Found
Code:   302
Server: nginx
Date:   Wed, 05 Oct 2022 12:14:03 GMT
Content-Type:   text/html; charset=UTF-8
Connection: close
X-Powered-By:   PHP/8.1.11
Location:   /tt-rss/
Strict-Transport-Security:  max-age=15768000; includeSubdomains; preload

>>> /tt-rss/
> --------------------------------------------
> 200 OK
> --------------------------------------------
Status: 200 OK
Code:   200
Server: nginx
Date:   Wed, 05 Oct 2022 12:14:03 GMT
Content-Type:   text/html; charset=UTF-8
Connection: close
X-Powered-By:   PHP/8.1.11
Cache-Control:  public
Strict-Transport-Security:  max-age=15768000; includeSubdomains; preload