Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Vaultwarden
  3. Flagged as Phishing :(

Flagged as Phishing :(

Scheduled Pinned Locked Moved Vaultwarden
13 Posts 7 Posters 2.5k Views 8 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • doodlemania2D Offline
    doodlemania2D Offline
    doodlemania2
    App Dev
    wrote on last edited by
    #1

    Hey yall, anyone else have their installation of VaultWarden flagged as phishing/malicious by VirusTotal? My registrar just emailed me (NameCheap) and they pointed out that my install had been flagged. They want a copy of my parternship with Bitwarden and I was like, um, here's the link to GitHub and the 923842392348 hits on Google of how to self host. Not sure what else could be the issue.

    Maybe we should open an issue with VaultWarden and have them make the big "BitWarden" logo less BitWardeny?

    fbartelsF MooCloud_MattM 2 Replies Last reply
    1
    • doodlemania2D doodlemania2

      Hey yall, anyone else have their installation of VaultWarden flagged as phishing/malicious by VirusTotal? My registrar just emailed me (NameCheap) and they pointed out that my install had been flagged. They want a copy of my parternship with Bitwarden and I was like, um, here's the link to GitHub and the 923842392348 hits on Google of how to self host. Not sure what else could be the issue.

      Maybe we should open an issue with VaultWarden and have them make the big "BitWarden" logo less BitWardeny?

      fbartelsF Offline
      fbartelsF Offline
      fbartels
      App Dev
      wrote on last edited by
      #2

      Hi @doodlemania2,

      can you upload the text of that mail? Maybe it's too early in the morning for me, but i am wondering why someone would say an installation of Vaultwarden is malicious/used for phishing.

      1 Reply Last reply
      3
      • doodlemania2D doodlemania2

        Hey yall, anyone else have their installation of VaultWarden flagged as phishing/malicious by VirusTotal? My registrar just emailed me (NameCheap) and they pointed out that my install had been flagged. They want a copy of my parternship with Bitwarden and I was like, um, here's the link to GitHub and the 923842392348 hits on Google of how to self host. Not sure what else could be the issue.

        Maybe we should open an issue with VaultWarden and have them make the big "BitWarden" logo less BitWardeny?

        MooCloud_MattM Offline
        MooCloud_MattM Offline
        MooCloud_Matt
        wrote on last edited by MooCloud_Matt
        #3

        @doodlemania2
        normally "phishing" tag in an antispam is triggered by a link that hides a different URL.
        Like cloudron.com, cloudron.com --> pointing to cloudron.io.

        RspamD support, with the addition of some module logo detection, and there could be some issue there, but is pretty rare as a filter because it cost too much in resources for a big install.

        Matteo. R.
        Founder and Tech-Support Manager.
        MooCloud MSP
        Swiss Managed Service Provider

        doodlemania2D 1 Reply Last reply
        1
        • MooCloud_MattM MooCloud_Matt

          @doodlemania2
          normally "phishing" tag in an antispam is triggered by a link that hides a different URL.
          Like cloudron.com, cloudron.com --> pointing to cloudron.io.

          RspamD support, with the addition of some module logo detection, and there could be some issue there, but is pretty rare as a filter because it cost too much in resources for a big install.

          doodlemania2D Offline
          doodlemania2D Offline
          doodlemania2
          App Dev
          wrote on last edited by
          #4

          @MooCloud_Matt SmartScreen (Microsoft) and Google have now picked it up. I disabled sign ups (sad) and replied again that I've disabled signups, but not sure what else to do other than change the URL.

          1 Reply Last reply
          0
          • robiR Offline
            robiR Offline
            robi
            wrote on last edited by
            #5

            Common problem with corporate "scanners" that don't discriminate for benign things even when they're obviously wrong.

            Many vendors deal with this when deploying their equipment in corporate networks. False alarms galore.

            Conscious tech

            doodlemania2D 1 Reply Last reply
            3
            • robiR robi

              Common problem with corporate "scanners" that don't discriminate for benign things even when they're obviously wrong.

              Many vendors deal with this when deploying their equipment in corporate networks. False alarms galore.

              doodlemania2D Offline
              doodlemania2D Offline
              doodlemania2
              App Dev
              wrote on last edited by
              #6

              @robi Yeah, I'm not stressed as I'm confident in my position and just did a scan of the container and all is well. I did disable registration but there's no way to hide the registration button itself per VaultWarden (it just prevents it from happening). Offered to move the URL, not sure what else to do so as to keep me from getting bounced by NameCheap.

              imc67I 1 Reply Last reply
              1
              • doodlemania2D doodlemania2

                @robi Yeah, I'm not stressed as I'm confident in my position and just did a scan of the container and all is well. I did disable registration but there's no way to hide the registration button itself per VaultWarden (it just prevents it from happening). Offered to move the URL, not sure what else to do so as to keep me from getting bounced by NameCheap.

                imc67I Offline
                imc67I Offline
                imc67
                translator
                wrote on last edited by
                #7

                @doodlemania2 could it be that:

                1. there are self registered "users" you don't know
                2. that these users use your Vaultwarden Send to send spam maybe even with ("phishing") attachments?

                I think it's good to have a look at the users and their Sends?

                1 Reply Last reply
                3
                • necrevistonnezrN Offline
                  necrevistonnezrN Offline
                  necrevistonnezr
                  wrote on last edited by
                  #8

                  Is it possible that they assume that a "malicious" Vaultwarden tries to impersonate itself as the "benign" Bitwarden, i.e. they believe someone created a malicious version of Bitwarden to lure people in giving up their passwords?

                  robiR 1 Reply Last reply
                  0
                  • necrevistonnezrN necrevistonnezr

                    Is it possible that they assume that a "malicious" Vaultwarden tries to impersonate itself as the "benign" Bitwarden, i.e. they believe someone created a malicious version of Bitwarden to lure people in giving up their passwords?

                    robiR Offline
                    robiR Offline
                    robi
                    wrote on last edited by
                    #9

                    @necrevistonnezr said in Flagged as Phishing 😞:

                    Is it possible that they assume that a "malicious" Vaultwarden tries to impersonate itself as the "benign" Bitwarden, i.e. they believe someone created a malicious version of Bitwarden to lure people in giving up their passwords?

                    lol, just send them the github link and other news links describing what it is?

                    Conscious tech

                    doodlemania2D 1 Reply Last reply
                    0
                    • robiR robi

                      @necrevistonnezr said in Flagged as Phishing 😞:

                      Is it possible that they assume that a "malicious" Vaultwarden tries to impersonate itself as the "benign" Bitwarden, i.e. they believe someone created a malicious version of Bitwarden to lure people in giving up their passwords?

                      lol, just send them the github link and other news links describing what it is?

                      doodlemania2D Offline
                      doodlemania2D Offline
                      doodlemania2
                      App Dev
                      wrote on last edited by
                      #10

                      @robi @necrevistonnezr - yeah that's my guess, I did send them the GitHub information and confirmation that I wasn't phishing and they closed the "we are about to suspend you" case but it's still flagged in virustotal. Filled out some forms for Google Safe Search and Microsoft SmartScreen, we'll see.

                      Vaultwarden should replace the big Bitwarden logo IMO

                      1 Reply Last reply
                      2
                      • fbartelsF Offline
                        fbartelsF Offline
                        fbartels
                        App Dev
                        wrote on last edited by
                        #11

                        This was also discussed upstream at https://github.com/dani-garcia/vaultwarden/discussions/2353

                        doodlemania2D 1 Reply Last reply
                        2
                        • humptydumptyH Offline
                          humptydumptyH Offline
                          humptydumpty
                          wrote on last edited by
                          #12

                          In Cloudron --> Vaultwarden app settings --> Security --> Robots.txt, I have "disable indexing" saved. Maybe this could help you.

                          1 Reply Last reply
                          6
                          • fbartelsF fbartels

                            This was also discussed upstream at https://github.com/dani-garcia/vaultwarden/discussions/2353

                            doodlemania2D Offline
                            doodlemania2D Offline
                            doodlemania2
                            App Dev
                            wrote on last edited by
                            #13

                            @fbartels oh that's very interesting!

                            1 Reply Last reply
                            0
                            Reply
                            • Reply as topic
                            Log in to reply
                            • Oldest to Newest
                            • Newest to Oldest
                            • Most Votes


                            • Login

                            • Don't have an account? Register

                            • Login or register to search.
                            • First post
                              Last post
                            0
                            • Categories
                            • Recent
                            • Tags
                            • Popular
                            • Bookmarks
                            • Search