Mydomain.duckdns.org marked as Dangerous after pasting passwords

After making my HA instance remotely accessible using DuckDNS, everything looks fine and the certificate is valid.

Whenever I type or paste any password stored in my Chrome Password Manager, Chrome marks the HA site as Dangerous and gives a popup stating the following:

CheckPasswords

Does anyone know what this is about?

Chrome might have marked duckdns as a potentially risky domain, there are probably scamming / phishing sites connected to the duckdns domain.

1 Like

Misleading topic title.

It’s not “HA marked as Dangerous”. It’s duckdns.org.

That is true, changed it!

i had to send a request google to unlist my duckdns domain

1 Like

Did you have the same error? Were you figure out what caused it in the first place? And where did you put in this request?

Google chrome was showing me a warning page about deceptive website and I followed last section ( My site or software is marked dangerous or suspicious) in this page: Manage warnings about unsafe sites - Computer - Google Chrome Help

1 Like

Thank you for sharing this.

  • Can you please let me know how the request to google was submitted?
  • How long did Google take to respond to your request and eventually for the issue to get fixed?

I did some searching and submitted a request to this URL.
https://safebrowsing.google.com/safebrowsing/report_error/

1 Like

I just started receiving the “Deceptive site ahead” Warning, I tried to register in Google Search Console but I cannot place files on HA website root folder so I only registered /local part and tried to send from there a request to remove the warning, only been a day and I will post results if anything changes.

I do want to note: it’s not just a warning, many times I cannot even access HA, the link “proceed to unsafe site” just does not work at times, for minutes, this never happened before, I did not update anything from the previous working phase to this, I think there are other issues also from this warning and whatever it disables, I get the warning on my phones and tablets on HA app also, not just on website, it is not looking good and I am running out of ideas (I cannot find anything wrong and definately not phishing as there is nothing to phish lol.

1 Like

I’m facing similar issue as well.

I’m using HA with DuckDNS since a couple of year, but only starting from today I have similar alert.

What’s up ?

1 Like

Same here since today almost 2 years using HA without problem, now google detect de ha web interface as a Phishing Site! The worst is android phone app crash because of this :S

1 Like

Same here, started a couple of days ago, very annoying red screen.

1 Like

Same same. I’ve requested that they ‘unflag’ this… I guess we can only wait (and revert to the necessary evil of another browser).

UPDATE:
…and the next morning, it’s all safe again (not it ever wasn’t).

Same for me today, I can access via the red screen of doom using a browser but the app just crashes out. I filled out the Google link to unlock, let’s see if they resolve. I guess Google now owns the internet…

Resolved within 24 hours, Google can be my friend again

I have had this happen to me aswell on seemingly random occasions/periods and then it suddenly goes away, this also introduce a a problem connecting(authenticating) to HA as a custom app in Google assistant. I usually try a a few times and it goes away but since i reported it to google using the link/solution in the post by @fuatakgun and @Tinkerpop it works fine

1 Like

There are multiple options to fix/work around this depending on your solutions.

In my case I’m using DDNS (dyndns.org) in combination with a reverse proxy NGINX and
I was able to fix it using this:
Go to https://search.google.com/u/1/search-console/welcome?pli=1
Enter my external HA URL under “URL prefix” and click “Continue”
Copy the html file name (e.g. google4199f7d8xxxxxxxx.html)
In the NGINX config, go to “Edit Proxy Host” and open the “Advanced” tab
Enter the following (of course replace the file name with yours):

    location = /google4199f7d8xxxxxxxx.html {
            rewrite ^/(.*)  $1;
            return 200 "google-site-verification: $uri";
    }

Under “Custom Nginx Configuration” and “Save” the change.
Go back to the “Google Search Console” and click “Verify” (or similar).

Again, this solved the issue for my setup. Depending on your configuration, it might be different.

2 Likes

Your link doesn’t work to me. Can you use a different one so I can try your solution?

I need to review my instruction once I’m at a computer (only having my mobile phone with me). But you could check out Google’s support page for now:
https://support.google.com/webmasters/answer/34592

If you use DuckDNS you can also update the DNS TXT-Record with the google-site-verification token.

1 Like

Any hint on how to do that DNS TXT-Record?
I’m running the duck dns addon