Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document how to troubleshoot when the Matomo instance is showing a warning Chrome due to being added to safe browsing list (or other reasons) #20246

Open
gvo-exante opened this issue Jan 19, 2023 · 29 comments
Open

Document how to troubleshoot when the Matomo instance is showing a warning Chrome due to being added to safe browsing list (or other reasons) #20246

gvo-exante opened this issue Jan 19, 2023 · 29 comments
Labels
c: Documentation For issues related to in-app product help messages, or to the Matomo knowledge base.
Milestone
5.x.0 - Priority ...

Comments

@gvo-exante
Copy link

trying to open my website, where Matomo code installed and here is what it shows:
image

after deleting Matomo code, everything works okay.
@gvo-exante gvo-exante added Potential Bug Something that might be a bug, but needs validation and confirmation it can be reproduced. To Triage An issue awaiting triage by a Matomo core team member labels Jan 19, 2023
@MatomoForumNotifications
Copy link

This issue has been mentioned on Matomo forums. There might be relevant details there:

https://forum.matomo.org/t/chrome-displaying-red-screen-saying-deceptive-site-ahead/49178/5

@peterbo
Copy link
Contributor

peterbo commented Jan 19, 2023
edited
Loading

This is more likely caused by bad IP address reputation (checked with https://scamalytics.com). The reported instances both have scam / fraud scores > 70

@Findus23
Copy link
Member

This looks a lot like your Matomo domain is on the google safe browsing list.
You can check here:
https://transparencyreport.google.com/safe-browsing/search

And report an incorrectly blocked site here:
https://safebrowsing.google.com/safebrowsing/report_error/?hl=en

@bx80 bx80 added answered For when a question was asked and we referred to forum or answered it. and removed Potential Bug Something that might be a bug, but needs validation and confirmation it can be reproduced. To Triage An issue awaiting triage by a Matomo core team member labels Jan 23, 2023
@bx80 bx80 closed this as completed Jan 23, 2023
@sgiehl
Copy link
Member

sgiehl commented Feb 6, 2023

@sandrocantagallo Did someone from Google tell you that you need to remove the tracking to be removed from safe browsing list, or is that an assumption from yourself?

@sgiehl
Copy link
Member

sgiehl commented Feb 6, 2023

Is maybe the domain of the matomo instance on the safe browsing list, causing all sites using that instance to land on the list as well?

@sgiehl
Copy link
Member

sgiehl commented Feb 6, 2023

I'm unfortunately not deep enough into that topic to provide a solution. Also I doubt there is much we can do in the code to solve that issue. Maybe someone else has an idea here...

@FredBl79
Copy link

Just installed Matomo on a sub domain of my plex....same issue as yours. I had inactivated the sub domain and deactivated the plugin WP matomo....only by this way the red flag is removed by Google.
So it is really due to the script loading matomo.js which is sensitive for Google :(

Finally how can you enable matomo ??? I don't understand if it feasible to use it if google is blocking automatically....

@mattab
Copy link
Member

mattab commented Mar 12, 2023

Here I think we would want to create a FAQ to explain how to troubleshoot this use case: imagine your Matomo instance has this problem suddenly, then you expect Matomo to have an FAQ to clearly explain why, the next steps on what to do.

Re-opening and renaming issue to restrict scope.

@mattab mattab reopened this Mar 12, 2023
@mattab mattab changed the title Website security error Document how to troubleshoot when the Matomo instance is showing a warning Chrome due to being added to safe browsing list (or other reasons) Mar 12, 2023
@mattab mattab added c: Documentation For issues related to in-app product help messages, or to the Matomo knowledge base. and removed answered For when a question was asked and we referred to forum or answered it. labels Mar 12, 2023
@mattab mattab added this to the Impact Backlog milestone Mar 12, 2023
@heurteph-ei
Copy link

Hi @mattab
Isn't Google transgress anti-monopoly laws?
By doing like they do, they prevent companies to switch form GA to Matomo on premise...

@mattab
Copy link
Member

mattab commented Mar 15, 2023

So far we have no evidence that there is an issue with this, so we would want to document to the rare people who have an issue like this, how to learn more about the issue. Then in the FAQ we could mention they can reach out to us if they still don't know / understand. Then we could learn if there are some strange things happening. But hopefully not.

@FredBl79
Copy link

I don't know if that can help but on my side, after the matomo deployment, I also installed GA extension in order to retrieve my GA3 data to matomo . By this way, I received an alert email from Google just before the warning page.

I stopped the GA import, deactivate the WordPress plugins and automatically my site was again visible. I requested google to analyse my website and 2 days after I received a clear answer. So I reactivates matomo plugin to track data....no more issue.... everything is ok since 2 weeks

Cross the fingers !
Fred

@vlakam
Copy link

vlakam commented Mar 27, 2023

Last friday google marked my site with self-hosted Matomo analytics as fraud. Classic red banner. Removed Matomo script at saturday and today (monday) everything is okay. Unlucky, gonna migrate to another analytics provider.

@heurteph-ei
Copy link

Hi @vlakam
The problem doesn't come from Matomo but from Google, some kind of monopolistic behavior coming from monopolistic company...
Did you try the workaround suggested by Sandro Cantagalo / Eternity6 in the Matomo forum:

  • The first step is to disable matomo on all portals where there is a tracking code.
  • The second step is to go to Google Search Console → Security Issues → Request review for the portal indicating in the notes that it is a Matomo installation
  • The third step is to wait for google to remove the red flag on the domain where matomo is installed.
  • The fourth step is to put Matomo on upkeep and leave it upkeep all the time. It will continue to track but at least Google won’t see the portal even though the robots.txt file was supposed to keep Google away
  • The fifth point is to reactivate all tracking codes

At this point we just need to cross our fingers and hope that Google doesn’t put the red flag back on the domain

See:
https://forum.matomo.org/t/chrome-displaying-red-screen-saying-deceptive-site-ahead/49178/9

@vlakam
Copy link

vlakam commented Mar 28, 2023

@heurteph-ei Understandable. But i can't afford this risk. Another analytics platform (not GA) does not trigger google warning so i stick with them at the moment

@jamesmpetry
Copy link

I just had this issue happen twice. I did a review request and everything was going well for about five weeks and then the red screen came back. Unfortunately I don't see a legit way to put this code on cleints' sites without doing a server to server implementation. Unless anyone else here has some ideas.

@CyrPen
Copy link

CyrPen commented Apr 20, 2023
edited
Loading

Same Red page after one month without troubles.
How do you put Matomo in maintenance mode ?

@heurteph-ei
Copy link

Hi @CyrPen.
Here is the doc:
https://matomo.org/faq/how-to/faq_111/

@CyrPen
Copy link

CyrPen commented Apr 24, 2023
edited
Loading

Thank U @heurteph-ei,

i finally found an issue by :

  1. Commenting Matomo scripts from all websites to make them work again (hopefully my Matomo installation was on his own server, so only the Matomo server was red flagged)
  2. Declaring @google my server was not dangerous but a Matomo analytics installation : https://safebrowsing.google.com/safebrowsing/report_error/
  3. waiting a few hours for my Matomo server work again
  4. Reactivating Matomo scripts
  5. Crossing fingers

Regards,
CyrPen

@MatomoForumNotifications
Copy link

This issue has been mentioned on Matomo forums. There might be relevant details there:

https://forum.matomo.org/t/chrome-displaying-red-screen-saying-deceptive-site-ahead/49178/20

@boxcleverliam
Copy link

Same issue here. Interested to find out why Google flags these as deceptive.

Is it because of something in the Matomo web interface, and therefore all instances are likely to get flagged? (Google Search Console reported that the index.php URL was flagged)

Or is it because the tracking code tracks sensitive information?

If it’s very common, maybe it should be part of the installation / setup instructions to set up Google Search Console to monitor it.

@boxcleverliam
Copy link

I think that the Matomo login page looks identical for everyone. This could be seen as suspicious by Google. Maybe outputting the name of the current domain in the page content, or an option to set your own logo, would make all instances look unique and potentially less suspicious.

@MatomoForumNotifications
Copy link

This issue has been mentioned on Matomo forums. There might be relevant details there:

https://forum.matomo.org/t/le-site-web-que-vous-allez-ouvrir-est-trompeur/51178/3

@MatomoForumNotifications
Copy link

This issue has been mentioned on Matomo forums. There might be relevant details there:

https://forum.matomo.org/t/chrome-displaying-red-screen-saying-deceptive-site-ahead/49178/29

@MatomoForumNotifications
Copy link

This issue has been mentioned on Matomo forums. There might be relevant details there:

https://forum.matomo.org/t/site-dangereux/51175/6

@MatomoForumNotifications
Copy link

This issue has been mentioned on Matomo forums. There might be relevant details there:

https://forum.matomo.org/t/chrome-displaying-red-screen-saying-deceptive-site-ahead/49178/32

@MatomoForumNotifications
Copy link

This issue has been mentioned on Matomo forums. There might be relevant details there:

https://forum.matomo.org/t/dato-visitatori-unici-non-tracciato-correttamente-utilizzando-il-lettore-logs-di-apache-import-logs-py/54005/3

@shekhov
Copy link

shekhov commented Jan 21, 2024

The same issue happened to me today. I've just finished the installation and placed the instance on subdomain of the website that I have in Google Search Console. A day later I come and see that my website have phishing and deceptive pages issues.

@jcmundy
Copy link

jcmundy commented May 28, 2024

Has any progress been made on this? We've been only using Pixel tracking with our on-premise, as our installation was repeatedly flagged by Google when we were trying to use javascript during setup.

@MatomoForumNotifications
Copy link

This issue has been mentioned on Matomo forums. There might be relevant details there:

https://forum.matomo.org/t/security-problem/59247/2

@textagroup textagroup added this to the 5.x.0 - Priority issues milestone Nov 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
c: Documentation For issues related to in-app product help messages, or to the Matomo knowledge base.
Projects
None yet
Milestone
5.x.0 - Priority issues
Development

No branches or pull requests