Flagged as Phishing :(
-
Hey yall, anyone else have their installation of VaultWarden flagged as phishing/malicious by VirusTotal? My registrar just emailed me (NameCheap) and they pointed out that my install had been flagged. They want a copy of my parternship with Bitwarden and I was like, um, here's the link to GitHub and the 923842392348 hits on Google of how to self host. Not sure what else could be the issue.
Maybe we should open an issue with VaultWarden and have them make the big "BitWarden" logo less BitWardeny?
-
Hi @doodlemania2,
can you upload the text of that mail? Maybe it's too early in the morning for me, but i am wondering why someone would say an installation of Vaultwarden is malicious/used for phishing.
-
@doodlemania2
normally "phishing" tag in an antispam is triggered by a link that hides a different URL.
Like cloudron.com, cloudron.com --> pointing to cloudron.io.RspamD support, with the addition of some module logo detection, and there could be some issue there, but is pretty rare as a filter because it cost too much in resources for a big install.
Matteo. R.
Founder and Tech-Support Manager.
MooCloud MSP
Swiss Managed Service Provider -
@MooCloud_Matt SmartScreen (Microsoft) and Google have now picked it up. I disabled sign ups (sad) and replied again that I've disabled signups, but not sure what else to do other than change the URL.
-
Common problem with corporate "scanners" that don't discriminate for benign things even when they're obviously wrong.
Many vendors deal with this when deploying their equipment in corporate networks. False alarms galore.
-
@robi Yeah, I'm not stressed as I'm confident in my position and just did a scan of the container and all is well. I did disable registration but there's no way to hide the registration button itself per VaultWarden (it just prevents it from happening). Offered to move the URL, not sure what else to do so as to keep me from getting bounced by NameCheap.
-
@doodlemania2 could it be that:
- there are self registered "users" you don't know
- that these users use your Vaultwarden Send to send spam maybe even with ("phishing") attachments?
I think it's good to have a look at the users and their Sends?
-
Is it possible that they assume that a "malicious" Vaultwarden tries to impersonate itself as the "benign" Bitwarden, i.e. they believe someone created a malicious version of Bitwarden to lure people in giving up their passwords?
-
@necrevistonnezr said in Flagged as Phishing
:Is it possible that they assume that a "malicious" Vaultwarden tries to impersonate itself as the "benign" Bitwarden, i.e. they believe someone created a malicious version of Bitwarden to lure people in giving up their passwords?
lol, just send them the github link and other news links describing what it is?
-
@robi @necrevistonnezr - yeah that's my guess, I did send them the GitHub information and confirmation that I wasn't phishing and they closed the "we are about to suspend you" case but it's still flagged in virustotal. Filled out some forms for Google Safe Search and Microsoft SmartScreen, we'll see.
Vaultwarden should replace the big Bitwarden logo IMO
-
This was also discussed upstream at https://github.com/dani-garcia/vaultwarden/discussions/2353
-
In Cloudron --> Vaultwarden app settings --> Security --> Robots.txt, I have "disable indexing" saved. Maybe this could help you.
-
@fbartels oh that's very interesting!
