Getting phishing warnings when connecting to frontend

A few days ago, Malwarebytes started complaining about “phishing link detected” when I point my browser to my front end. Has anyone else experienced this?

The messages seem to have started just after a virus definitions update, so I’m inclined to believe that this is a Malwarebytes issue.

But for the sake of being cautious, is it possible that my Hass.io install has somehow been compromised? How would I know?

Thanks,

Eric

Are you using DuckDNS with LetsEncrypt?

The SSL certificate for this is for your duckdns domain only. Using the local IP address of your HA server via https will look like a man in the middle attack (invalid SSL certificate).

Easy way to check: do you get the same warning when you visit your duckdns domain rather than the local IP address?

Hi Tom,

Thanks for taking the time to respond! Here are the answers to your questions:

Yes, I’m using the DuckDNS addon.

Malwarebytes gives me the phishing warnings when using my DuckDNS domain to access the front end. I’ve tried it from my laptop on my local network as well as externally using my cell phone on the cell network. It gives me the same warning either way.

I actually use my DuckDNS domain exclusively. I never use the direct IP address.

Thanks,

Eric

Ok that’s discounted that problem then.

Have you tried contacting Malwarebytes support?

They would be in a better position to interpret the Malwarebytes logs and work out why you are getting this warning.

I have not contacted Malwarebytes yet, but that certainly wouldn’t hurt. Thanks again!

I reckon the most likely scenario is that they have a general warning against duckdns as it has been used in phishing campaigns to impersonate URLs. But still worthwhile checking with them what is going on.

Just to follow up on this issue:

Malwarebytes responded to my trouble ticket and the issue appears to be resolved. They didn’t say specifically what was wrong, but they did say it was fixed in the latest database update. After updating the database to the latest, I no longer receive the phishing warning.

1 Like