Deceptive site ahead for my node-red sites

Hi,

Chrome is showing red Deceptive site ahead when I visit my node-red site.
I have 3 websites running node-red and all stared to give this warning. Any idea on how to get rid of it.

Regards,
Nuri

Sounds like you have a virus or something. Is your node-red instance connected to the internet ?

What, exactly, is it saying? Post a screenshot.

Usually there is a 'more details' option somewhere ...

Are you using HTTP or HTTPS ?

Assuming you are using HTTPS, your certificate is invalid. Has it expired? Or does it have the wrong domain?

Bottom line is that you need to fix the certificate.

Ah, interesting. That implies that there is something about 3dmetri.com that your browser finds unpleasant.

This scan doesn't seem to object: nodered.3dmetri.com - SiteCheck (sucuri.net)

And my Edge browser is quite happy too.

Do you have any other anti-malware software running?

Try accessing from an in-private browser session too (so no extensions loaded).

So what does it say if you click 'Learn more' ?

This is a serious problem. I'm having the same here. All my node red web sites being flagged the same for both chrome and safari browsers. Deceptive site means phishing and google doesnt reveal the algorithm. Any help is apreciated

Various people tried to help @makerstorage by asking questions about their Node-red site.
Because they didn't report back we can only assume that they resolved their problem.

So bearing that in mind, is there any more information you think might help us help you?

This is the error message that i'm seeing. This is one of the many possible similar messages shared by "safe browsing". Deceptive site refers to "phishing" meaning a site that tries to steal your passwords etc.

I masked the site address but i see this on many of my node reds.

This is a Node-red instance in the cloud then?
I don't personally have much knowledge of cloud hosting and HTTPS but for sure other forum contributors do.

This is hosted in the Azure cloud yes. This has nothing to do with https. All certificates valid. Site is technically secure.

I see it on that site too, so it is something specific to your flows or the way it is hosted.
If you run the site locally do you see it?

Is it in your own Azure tenancy or a shared one? If your own, I recommend giving your URL to one or two of the sites that explicitly check for security issues - hopefully that will highlight the problem Google has with it.

A few to try:


Of course, there is also a better, easier and more private way of avoiding this - stop using Google Chrome.

1 Like

Same with safari.

they do a periodic scan of the sites. I don't think it is about the way this is hosted. Your local instance will not get a chance to get scanned by google. This is like indexing, they detect and save the results for your site and browsers would rely on these.

Really - does Safari use Google's "Safe" browsing list? Feels unlikely. And yet Bing chat tells me otherwise! Brave, Chrome, GNOME Web, Firefox, Safari and Vivaldi all use it.

I don't believe that all browsers rely on the Google list. As mentioned earlier in this thread when the original site was blocked in Chrome, it was not blocked in Edge. Microsoft maintain their own security lists.


It seems as though you CAN turn off the safe browsing feature - at least in Safari.

There is also a process for getting your site re-classified.

If your website has been flagged by Google as dangerous or harmful, you can request a review to have it removed from the blocklist. To do this, you will need a verified Google Search Console account. Sign in to your account and select the “Manual Actions” tab. If Google has detected a security issue with your website, it will be listed there

PS: Thanks Bing! (never thought I'd be saying that! :rofl:)

The google search console will apparently also indicate the reasons why it has been flagged as deceptive. Sounds like a good starting point.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.