Deceptive Site Ahead after switching to DuckDNS

OK so I finally got my site fixed with Google.

Here is what I did, I click the view more details button and reported my site as incorrectly marked and they didn’t fix anything for 3 weeks.

So I did some more research and ended up taking ownership of my site with Google search and submitting it their search security console page.

https://search.google.com/search-console

When you go to add your site to your account, you have to verify it. To be able to do this you need to send DuckDNS the keys to verify. Select the URL prefix, put in your domain name and select the txt option (Domain name provider) and copy the string in step 3 to a notepad or word doc.

You will then need to edit this string to include your domain name, token and text record that you got from step 3.

https://www.duckdns.org/update?domains=YOURDOMAIN&token=YOURTOKEN&txt=YOURTXTRECORD

When you go to the url (once you update it with your correct information) DuckDNS will respond with a Okay or OK message page letting you know it’s done.

Once done go back to your Google console page and click verify. If all done correctly you should now have ownership of the domain with Google.

Now you can go to your security reports/findings where it says your site is marked as fraud or deceptive and have Google review it. Mine took about 5 days for them to review but they responded back to my report and removed the mark and my domain is now clear.

Hope this will help anyone else or at least give some options!

14 Likes

Same for me…
Google blocked my hass every 7/10 days…
My base domain is verified on google search console
I don’t use duckdns, I have an fixed public IP with an OVH dns in cas of changing my IP…
The IP (and a big range with other users) of my provider seams blacklisted for SPAM.
I don’t know if there is a link with it.
I have few sub-domains. I don’t know which one get this issue…
Thanks for your help.

Add me to the list of folks experiencing this. The only thing I’ve added to my home assistant install in the past month is a winix addon to control my air purifier. No alexas in the house… I just reported it to google, but looks like that won’t last long. So annoying

Same here!
Did more than 5 claims on Google " Report bad phishing warning" without solid success. At a certain point it worked for a few days, but then, it crashes again.

And before doing this, when you open your HA app using url https://homeassistantXXXX.duckdns.org it crashed?
And after this it went back to work?
What was the text you used to describe the issue and report it as safe/owned in the security report as not deceptive?

Worked for me - the site was whitelisted by google in about 1-2 hours.

Ok… let me guess something, after reading this thread, and after making some tests on my configuration. I fall in this thread because I was having the same issue).

Could it be that we have enter the authorization (2FA or whatever) at the Alexa Media Player… using one https:// domain to our home installation of HA, and then, today we are using other domain for getting to our HA server (while reconfiguring nginx on a different machine, which is my case)… and we are using then a different https domain of what we used to authorized alexa… and that is making google mark our new domain as not trusted?.

I say that because in my case:

-I had an old domain like aaa.myduckaccount.duckdns.org
-I used that a year ago to positivate the alexa media player
-This days I have tried to reach my new hassos configuration on a different machine (but loaded HA config from the old computer).
-Then try to create a new domain, for example: bbb.myduckaccount.duckdns.org
-I got RED PAGE ALERT when reaching https://bbb.myduckaccount.duckdns.org
-I went backup to the same https I used a year ago to authorize alexa media player.
-I reach my HA through the old: https://aaa.myduckaccount.duckdns.org, and then:

→ No red page. Home Assistant loaded fine, and with the lock icon closed ok at the address bar.

Could this be the problem that is leading us to the red alert?:

Different domain when we autorized Alexa, and new domain when trying to reach our Home Assistant today

Let me know.

I gave up using sub-domains provided Duckdns or Dynu and used my own domain name. Google eventually blocks them. I registered my street address .com. When I eventually sell my house the domain name goes with it. The domain name can also act as a sales page when you’re ready to sell.

Thanks this worked for me, YOURTEXTRECORD is the code you get from google

2 Likes

After my wife logged in today to the companion app using a recently wiped phone it suddenly displayed this message. I claimed the site using @KyleStilkey method so I’ll see what happens…

Any update on this? I’m fighting this right now…

Now you can go to your security reports/findings where it says your site is marked as fraud or deceptive and have Google review it.

Do you mean when you’re on the Google Search Console, under the left panel where it says ‘Security & Manual Actions → Security Issues’? Do I have to click anything here? ‘Request Review’ is the only option but I can only do this if I claim the issue is already resolved.

I’d have to see a picture to know what you mean, sadly now that I am verified I can’t see the same options.

This worked for me, thank you!