Chrome flagging my Zoneminder login page

Discussions related to the 1.36.x series of ZoneMinder
Post Reply
tycon
Posts: 6
Joined: Sun Jun 26, 2022 3:30 pm

Chrome flagging my Zoneminder login page

Post by tycon »

When I visit my zoneminder login page Chrome gives a "This page is Dangerous" warning. Apparently Chrome thinks it is some sort of phishing site. It is possible to bypass but annoying. I went through the process of claiming the page in Google webmaster tools. The server uses 2fa for ssh and key login only. The pages in question are (domain name removed):

https://my-dyn-domain.net/zm/
https://my-dyn-domain.net/zm/index.php? ... NEuShswNqd
https://my-dyn-domain.net/zm/index.php?view=login

The only one that stands out is the view=RJlNEuShswNqd page. When I goto this page there is nothing there. The only log request for this page was referred from Google. I have extensively checked the login page code etc. I made a request for review by Google - we will see what happens. Has anyone ever run into this sort of issue?
tycon
Posts: 6
Joined: Sun Jun 26, 2022 3:30 pm

Re: Chrome flagging my Zoneminder login page

Post by tycon »

Here is the description Google is giving me of the problem:

Code: Select all

Deceptive pages:
Your site includes content that tricks visitors into doing something dangerous, such as revealing confidential information or downloading software. Google Safe Browsing protects web users by warning them before they visit pages that consistently display deceptive content.

Web pages are considered deceptive when they either:

Pretend to act, or look and feel, like a trusted entity, like your own device or browser, or the website itself, or
Try to trick you into doing something you’d only do for a trusted entity, like sharing a password, or calling a tech support number, or downloading software.
This type of deceptive content is called social engineering. Learn more about social engineering or see examples of deceptive pages.
ScottyG
Posts: 6
Joined: Sat May 22, 2021 12:33 am

Re: Chrome flagging my Zoneminder login page

Post by ScottyG »

This actually started yesterday as well on my site for any browser. Same error as yours, except only for the following pages:

https://[mydomain.com]/zm/
https://[mydomain.com]/zm/index.php?view=login

my SSL cert shows valid under Google's troubleshooter as well
tycon
Posts: 6
Joined: Sun Jun 26, 2022 3:30 pm

Re: Chrome flagging my Zoneminder login page

Post by tycon »

Are you using a DDNS? I am thinking this might have to do with the fact the TLD for my zoneminder site is probably the same as somebody else out there. Mine is something like myname.dyn-dns.com so if there is another person with a zoneminder login at hisname.dyn-dns.com it looks like my site is trying to pose as another site to capture login info.

I have extensively checked for any malicious code or evidence of a compromised system but was not able to find anything.
Not too keen on rebuilding my whole system only to find out this was a bug in the way these sort of sites are detected.
ScottyG
Posts: 6
Joined: Sat May 22, 2021 12:33 am

Re: Chrome flagging my Zoneminder login page

Post by ScottyG »

tycon wrote: Thu May 11, 2023 5:16 pm Are you using a DDNS? I am thinking this might have to do with the fact the TLD for my zoneminder site is probably the same as somebody else out there. Mine is something like myname.dyn-dns.com so if there is another person with a zoneminder login at hisname.dyn-dns.com it looks like my site is trying to pose as another site to capture login info.

I have extensively checked for any malicious code or evidence of a compromised system but was not able to find anything.
Not too keen on rebuilding my whole system only to find out this was a bug in the way these sort of sites are detected.
Not using a DDNS... my DNS is through godaddy... with a static IP. Thanks.
tycon
Posts: 6
Joined: Sun Jun 26, 2022 3:30 pm

Re: Chrome flagging my Zoneminder login page

Post by tycon »

I think I finally got to the bottom of this - I think. I believe Google can classify the Zone minder login as "Deceptive" if you have not changed the login screen page title and prompt in your Zoneminder config. This is because my stock Zoneminder login looks identical to somebody else's stock Zoneminder login. Google thinks my login page is trying to pose as another Zoneminder login page on a similar domain. This problem is especially true if you use a DDNS since I might have tycon.my-ip.com and somebody else has tycoon.my-ip.com.
I changed the config option which sets the Login screen message so it says "Tycon's Server Login - Private Login only!". I then submitted a review to Google and the problem has been resolved since.
Post Reply