Skip to content
This repository has been archived by the owner on Mar 14, 2024. It is now read-only.

Needs guidance on false positives #7983

Open
webmink opened this issue May 24, 2022 · 6 comments
Open

Needs guidance on false positives #7983

webmink opened this issue May 24, 2022 · 6 comments
Labels
feature request New feature or request P2 A normal priority task. This is the default for most issues. stale

Comments

@webmink
Copy link

webmink commented May 24, 2022
edited
Loading

Context

Users of the open source self-hosting package Yunohost have found that Google is falsely flagging the domain running the single-sign-on (SSO) provider within the package as malware. The site owner is presented with a list of URLs that are all sign-on requests from the hosted applications, which are frequently on different domains (but all hosted in the same server). I assume the behaviour is being mistaken for open redirects, or the misinterpretation of the (valid) 302 redirect to the SSO.The issue is fairly easily reproducible with a fresh installation of the software. I've opened a ticket for the issue.

Issue

When site owners reach this page for assistance, the information all assumes there is malware to remove from the site. However, these site owners have no malware to remove - the software is working well and as intended without any unwanted software. These site owners need advice on how to get the problem cleared, but the page only considers the case where there is in fact malware and a change can be made.

Resolution

The page needs either an additional section on dealing with false positives, or a link to a new page that does so. I have not been able to find a suitable page to link to.
@webmink webmink added feature request New feature or request P2 A normal priority task. This is the default for most issues. labels May 24, 2022
@stale
Copy link

stale bot commented Sep 21, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. To prevent this from happening, leave a comment.

@stale stale bot added the stale label Sep 21, 2022
@webmink
Copy link
Author

webmink commented Sep 21, 2022

I believe this is a serious and neglected matter at Google and would like to see it addressed. I am disappointed there has been no response at all as there are many small web sites suffering from this issue as evidenced on the support forums.

@webmink
Copy link
Author

webmink commented Dec 12, 2022

I have written a blog post about this problem - if extracts from this post would prove helpful for documentation please let me know.

@stale stale bot removed the stale label Dec 12, 2022
@stale
Copy link

stale bot commented Mar 18, 2023

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. To prevent this from happening, leave a comment.

@stale stale bot added the stale label Mar 18, 2023
@webmink
Copy link
Author

webmink commented Mar 18, 2023

While the issue is not answered, neither is it stale - people are still receiving false positives and being given no assistance in how to resolve them.

@stale stale bot removed the stale label Mar 18, 2023
@stale
Copy link

stale bot commented Aug 12, 2023

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. To prevent this from happening, leave a comment.

@stale stale bot added the stale label Aug 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
feature request New feature or request P2 A normal priority task. This is the default for most issues. stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@webmink