Flagged as Phishing :(

fbartels

Hi @doodlemania2,

can you upload the text of that mail? Maybe it's too early in the morning for me, but i am wondering why someone would say an installation of Vaultwarden is malicious/used for phishing.

MooCloud_Matt

@doodlemania2
normally "phishing" tag in an antispam is triggered by a link that hides a different URL.
Like cloudron.com, cloudron.com --> pointing to cloudron.io.

RspamD support, with the addition of some module logo detection, and there could be some issue there, but is pretty rare as a filter because it cost too much in resources for a big install.

doodlemania2

@MooCloud_Matt SmartScreen (Microsoft) and Google have now picked it up. I disabled sign ups (sad) and replied again that I've disabled signups, but not sure what else to do other than change the URL.

robi

Common problem with corporate "scanners" that don't discriminate for benign things even when they're obviously wrong.

Many vendors deal with this when deploying their equipment in corporate networks. False alarms galore.

doodlemania2

@robi Yeah, I'm not stressed as I'm confident in my position and just did a scan of the container and all is well. I did disable registration but there's no way to hide the registration button itself per VaultWarden (it just prevents it from happening). Offered to move the URL, not sure what else to do so as to keep me from getting bounced by NameCheap.

imc67

@doodlemania2 could it be that:

1. there are self registered "users" you don't know
2. that these users use your Vaultwarden Send to send spam maybe even with ("phishing") attachments?

I think it's good to have a look at the users and their Sends?

necrevistonnezr

Is it possible that they assume that a "malicious" Vaultwarden tries to impersonate itself as the "benign" Bitwarden, i.e. they believe someone created a malicious version of Bitwarden to lure people in giving up their passwords?

robi

@necrevistonnezr said in Flagged as Phishing :

Is it possible that they assume that a "malicious" Vaultwarden tries to impersonate itself as the "benign" Bitwarden, i.e. they believe someone created a malicious version of Bitwarden to lure people in giving up their passwords?

lol, just send them the github link and other news links describing what it is?

doodlemania2

@robi @necrevistonnezr - yeah that's my guess, I did send them the GitHub information and confirmation that I wasn't phishing and they closed the "we are about to suspend you" case but it's still flagged in virustotal. Filled out some forms for Google Safe Search and Microsoft SmartScreen, we'll see.

Vaultwarden should replace the big Bitwarden logo IMO

fbartels

This was also discussed upstream at https://github.com/dani-garcia/vaultwarden/discussions/2353

humptydumpty

In Cloudron --> Vaultwarden app settings --> Security --> Robots.txt, I have "disable indexing" saved. Maybe this could help you.

doodlemania2

@fbartels oh that's very interesting!