Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Flagged as Phishing :(

Scheduled Pinned Locked Moved Vaultwarden
13 Posts 7 Posters 519 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • doodlemania2D Offline
    doodlemania2D Offline
    doodlemania2 App Dev
    wrote on last edited by
    #1

    Hey yall, anyone else have their installation of VaultWarden flagged as phishing/malicious by VirusTotal? My registrar just emailed me (NameCheap) and they pointed out that my install had been flagged. They want a copy of my parternship with Bitwarden and I was like, um, here's the link to GitHub and the 923842392348 hits on Google of how to self host. Not sure what else could be the issue.

    Maybe we should open an issue with VaultWarden and have them make the big "BitWarden" logo less BitWardeny?

    fbartelsF MooCloud_MattM 2 Replies Last reply
    1
  • fbartelsF Offline
    fbartelsF Offline
    fbartels App Dev
    replied to doodlemania2 on last edited by
    #2

    Hi @doodlemania2,

    can you upload the text of that mail? Maybe it's too early in the morning for me, but i am wondering why someone would say an installation of Vaultwarden is malicious/used for phishing.

    1 Reply Last reply
    3
  • MooCloud_MattM Offline
    MooCloud_MattM Offline
    MooCloud_Matt
    replied to doodlemania2 on last edited by MooCloud_Matt
    #3

    @doodlemania2
    normally "phishing" tag in an antispam is triggered by a link that hides a different URL.
    Like cloudron.com, cloudron.com --> pointing to cloudron.io.

    RspamD support, with the addition of some module logo detection, and there could be some issue there, but is pretty rare as a filter because it cost too much in resources for a big install.

    Matteo. R.
    Founder and Tech-Support Manager.
    MooCloud MSP
    Swiss Managed Service Provider

    doodlemania2D 1 Reply Last reply
    1
  • doodlemania2D Offline
    doodlemania2D Offline
    doodlemania2 App Dev
    replied to MooCloud_Matt on last edited by
    #4

    @MooCloud_Matt SmartScreen (Microsoft) and Google have now picked it up. I disabled sign ups (sad) and replied again that I've disabled signups, but not sure what else to do other than change the URL.

    1 Reply Last reply
    0
  • robiR Offline
    robiR Offline
    robi
    wrote on last edited by
    #5

    Common problem with corporate "scanners" that don't discriminate for benign things even when they're obviously wrong.

    Many vendors deal with this when deploying their equipment in corporate networks. False alarms galore.

    Life of sky tech

    doodlemania2D 1 Reply Last reply
    3
  • doodlemania2D Offline
    doodlemania2D Offline
    doodlemania2 App Dev
    replied to robi on last edited by
    #6

    @robi Yeah, I'm not stressed as I'm confident in my position and just did a scan of the container and all is well. I did disable registration but there's no way to hide the registration button itself per VaultWarden (it just prevents it from happening). Offered to move the URL, not sure what else to do so as to keep me from getting bounced by NameCheap.

    imc67I 1 Reply Last reply
    1
  • imc67I Offline
    imc67I Offline
    imc67 translator
    replied to doodlemania2 on last edited by
    #7

    @doodlemania2 could it be that:

    1. there are self registered "users" you don't know
    2. that these users use your Vaultwarden Send to send spam maybe even with ("phishing") attachments?

    I think it's good to have a look at the users and their Sends?

    1 Reply Last reply
    3
  • necrevistonnezrN Offline
    necrevistonnezrN Offline
    necrevistonnezr
    wrote on last edited by
    #8

    Is it possible that they assume that a "malicious" Vaultwarden tries to impersonate itself as the "benign" Bitwarden, i.e. they believe someone created a malicious version of Bitwarden to lure people in giving up their passwords?

    robiR 1 Reply Last reply
    0
  • robiR Offline
    robiR Offline
    robi
    replied to necrevistonnezr on last edited by
    #9

    @necrevistonnezr said in Flagged as Phishing 😞:

    Is it possible that they assume that a "malicious" Vaultwarden tries to impersonate itself as the "benign" Bitwarden, i.e. they believe someone created a malicious version of Bitwarden to lure people in giving up their passwords?

    lol, just send them the github link and other news links describing what it is?

    Life of sky tech

    doodlemania2D 1 Reply Last reply
    0
  • doodlemania2D Offline
    doodlemania2D Offline
    doodlemania2 App Dev
    replied to robi on last edited by
    #10

    @robi @necrevistonnezr - yeah that's my guess, I did send them the GitHub information and confirmation that I wasn't phishing and they closed the "we are about to suspend you" case but it's still flagged in virustotal. Filled out some forms for Google Safe Search and Microsoft SmartScreen, we'll see.

    Vaultwarden should replace the big Bitwarden logo IMO

    1 Reply Last reply
    2
  • fbartelsF Offline
    fbartelsF Offline
    fbartels App Dev
    wrote on last edited by
    #11

    This was also discussed upstream at https://github.com/dani-garcia/vaultwarden/discussions/2353

    doodlemania2D 1 Reply Last reply
    2
  • humptydumptyH Offline
    humptydumptyH Offline
    humptydumpty
    wrote on last edited by
    #12

    In Cloudron --> Vaultwarden app settings --> Security --> Robots.txt, I have "disable indexing" saved. Maybe this could help you.

    1 Reply Last reply
    6
  • doodlemania2D Offline
    doodlemania2D Offline
    doodlemania2 App Dev
    replied to fbartels on last edited by
    #13

    @fbartels oh that's very interesting!

    1 Reply Last reply
    0

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.