[Bug]: Google Safe Browsing reported "deceptive #2970

New Issue

Closed

opened 2026-04-25 00:12:32 +02:00 by adam · 10 comments

adam commented 2026-04-25 00:12:32 +02:00

Owner

Copy Link

Copy Source

Originally created by @fritz-fritz on GitHub (Aug 26, 2025).

What happened?

Google decided to flag my domain today for "Deceptive Pages". The only thing served on this domain is the ABS server. I'm confident this is a false flag from their tools and I don't have insight into what caused it to be flagged. However, this could potentially become a more widespread problem?

What did you expect to happen?

I expect Google to not evaluate ABS as a deceptive website.

Steps to reproduce the issue

Unknown on how to reproduce but here's my setup

1. Install ABS on VPS
2. Leverage Cloudflare tunnel to serve web UI
3. Configure Cloudflare Access to serve page without challenge (use ABS auth instead of cloudflare)

Audiobookshelf version

v2.28.0

How are you running audiobookshelf?

Debian/PPA

What OS is your Audiobookshelf server hosted from?

Linux

If the issue is being seen in the UI, what browsers are you seeing the problem on?

None

Logs

Additional Notes

I have upgraded to v2.29.0 and submitted information to Google for review to get the domain un-flagged including the url to this github.

I will follow up with further information if I can obtain any.

I haven't found any further insight into what would trigger this evaluation of ABS by Google but perhaps the webui could use modification?

Originally created by @fritz-fritz on GitHub (Aug 26, 2025). ### What happened? Google decided to flag my domain today for "Deceptive Pages". The only thing served on this domain is the ABS server. I'm confident this is a false flag from their tools and I don't have insight into what caused it to be flagged. However, this could potentially become a more widespread problem? <img width="1175" height="658" alt="Image" src="https://github.com/user-attachments/assets/4732154b-5b82-4473-b66d-54032ddaaf15" /> ### What did you expect to happen? I expect Google to not evaluate ABS as a deceptive website. ### Steps to reproduce the issue Unknown on how to reproduce but here's my setup 1. Install ABS on VPS 2. Leverage Cloudflare tunnel to serve web UI 3. Configure Cloudflare Access to serve page without challenge (use ABS auth instead of cloudflare) ### Audiobookshelf version v2.28.0 ### How are you running audiobookshelf? Debian/PPA ### What OS is your Audiobookshelf server hosted from? Linux ### If the issue is being seen in the UI, what browsers are you seeing the problem on? None ### Logs ```shell ``` ### Additional Notes I have upgraded to v2.29.0 and submitted information to Google for review to get the domain un-flagged including the url to this github. I will follow up with further information if I can obtain any. I haven't found any further insight into what would trigger this evaluation of ABS by Google but perhaps the webui could use modification?

adam added the bug label 2026-04-25 00:12:32 +02:00

adam closed this issue 2026-04-25 00:12:32 +02:00

adam commented 2026-04-25 00:12:32 +02:00

Author

Owner

Copy Link

Copy Source

@Vito0912 commented on GitHub (Aug 26, 2025):

This should no be an issue with ABS, if so many many more users would have this issue. - If so, please correct me.
Please check if you have other services hosted (from the same IP e.g., but other domains), public links shared that contain copyrighted material or in general have things exposed that could be considered not good.

In the end we don't know why Google reports pages as suspicious as there are many factors. Especially if you are using Cloudflare which hides IPs, which Google ofc also knows.

This could also be e.g. newly registered domain, uncommon tld etc. etc.
It's very unlikley that's it is just because of ABS, but ofc never 0%

Edit: Especially some pattern of Subdomains will trigger it. Try a different subdomain and see if it's triggered again

@Vito0912 commented on GitHub (Aug 26, 2025): This should no be an issue with ABS, if so many many more users would have this issue. - If so, please correct me. Please check if you have other services hosted (from the same IP e.g., but other domains), public links shared that contain copyrighted material or in general have things exposed that could be considered not good. In the end we don't know why Google reports pages as suspicious as there are many factors. Especially if you are using Cloudflare which hides IPs, which Google ofc also knows. This could also be e.g. newly registered domain, uncommon tld etc. etc. It's very unlikley that's it is just because of ABS, but ofc never 0% Edit: Especially some pattern of Subdomains will trigger it. Try a different subdomain and see if it's triggered again

adam commented 2026-04-25 00:12:33 +02:00

Author

Owner

Copy Link

Copy Source

@fritz-fritz commented on GitHub (Aug 26, 2025):

@Vito0912 I definitely agree that this shouldn't be any issue with ABS.

This is the only thing I serve on the domain but as I am using Cloudflare in front there is obviously thousands of other sites that also use the same IP's. This in and of itself should trigger anything.

My ABS server has been live on the domain for the last 6 months and only today got flagged, it is served at https://audiobooks.<domain>.com and so I also doubt it is related to any of that.

This flag against the domain literally just popped up and so I am filling the bug report here in case it DOES become a widespread issue so that we can correlate information and attempt to work around. I will follow up with any information I can determine.

@fritz-fritz commented on GitHub (Aug 26, 2025): @Vito0912 I definitely agree that this _shouldn't_ be any issue with ABS. This is the only thing I serve on the domain but as I am using Cloudflare in front there is obviously thousands of other sites that also use the same IP's. This in and of itself should trigger anything. My ABS server has been live on the domain for the last 6 months and only today got flagged, it is served at `https://audiobooks.<domain>.com` and so I also doubt it is related to any of that. This flag against the domain literally just popped up and so I am filling the bug report here in case it DOES become a widespread issue so that we can correlate information and attempt to work around. I will follow up with any information I can determine.

adam commented 2026-04-25 00:12:33 +02:00

Author

Owner

Copy Link

Copy Source

@fritz-fritz commented on GitHub (Aug 30, 2025):

Just to update, I successfully appealed being flagged.

After further research, I believe I have figured out what happened though I have no real confirmation of fact.

I use Google Workspace Business Starter and had an email chain that got erroneously flagged for phishing which contained the server domain, user creds, and a token auth url ( yeah definitely not best practice ).

My belief is that Gmail added the domain to the safe browsing list based off that single email.

@fritz-fritz commented on GitHub (Aug 30, 2025): Just to update, I successfully appealed being flagged. After further research, I believe I have figured out what happened though I have no real confirmation of fact. I use Google Workspace Business Starter and had an email chain that got erroneously flagged for phishing which contained the server domain, user creds, and a token auth url ( yeah definitely not best practice ). My belief is that Gmail added the domain to the safe browsing list based off that single email.

adam commented 2026-04-25 00:12:33 +02:00

Author

Owner

Copy Link

Copy Source

@Vito0912 commented on GitHub (Sep 14, 2025):

@advplyr Imho this should be reopened.
This has been reported multiple times now. Maybe the auth change introduced something Google does not like.
But it looks like OP is correct, that ABS has something to do with it. At that point I don't think it's just coincidence

Edit: Altough no clue why ABS should get flagged

@Vito0912 commented on GitHub (Sep 14, 2025): @advplyr Imho this should be reopened. This has been reported multiple times now. Maybe the auth change introduced something Google does not like. But it looks like OP is correct, that ABS has something to do with it. At that point I don't think it's just coincidence Edit: Altough no clue why ABS should get flagged

adam commented 2026-04-25 00:12:34 +02:00

Author

Owner

Copy Link

Copy Source

@advplyr commented on GitHub (Sep 14, 2025):

I saw one other report in Discord. Is there another I'm not aware of?

The day after this was reported an internal admin site at work had the same thing happen. Which made me think that Google updated something with their algorithm

@advplyr commented on GitHub (Sep 14, 2025): I saw one other report in Discord. Is there another I'm not aware of? The day after this was reported an internal admin site at work had the same thing happen. Which made me think that Google updated something with their algorithm

adam commented 2026-04-25 00:12:34 +02:00

Author

Owner

Copy Link

Copy Source

@Vito0912 commented on GitHub (Sep 15, 2025):

There where two in Discord and one in the Router Base Path issue.
But maybe you are right. Not thought about that possibility

@Vito0912 commented on GitHub (Sep 15, 2025): There where two in Discord and one in the Router Base Path issue. But maybe you are right. Not thought about that possibility

adam commented 2026-04-25 00:12:34 +02:00

Author

Owner

Copy Link

Copy Source

@davidquinney commented on GitHub (Nov 13, 2025):

I have the same issue, Google flags my audiobookshelf server behind a cloudflare tunnel. I host multiple services hosted via a cloudflare tunnel, and its only audiobookshelf that gets flagged on the /audiobookshelf/login URL.
This is detected as "Social engineering content" so I suspect google does not like the way authentication is done.
I have appealed, but it keeps coming back. Are there any fixes we can do on audiobookshelf to stop the domain getting flagged?

@davidquinney commented on GitHub (Nov 13, 2025): I have the same issue, Google flags my audiobookshelf server behind a cloudflare tunnel. I host multiple services hosted via a cloudflare tunnel, and its only audiobookshelf that gets flagged on the /audiobookshelf/login URL. This is detected as "Social engineering content" so I suspect google does not like the way authentication is done. I have appealed, but it keeps coming back. Are there any fixes we can do on audiobookshelf to stop the domain getting flagged?

adam commented 2026-04-25 00:12:34 +02:00

Author

Owner

Copy Link

Copy Source

@Vito0912 commented on GitHub (Nov 13, 2025):

Do you use OIDC?

@Vito0912 commented on GitHub (Nov 13, 2025): Do you use OIDC?

adam commented 2026-04-25 00:12:34 +02:00

Author

Owner

Copy Link

Copy Source

@davidquinney commented on GitHub (Nov 13, 2025):

Do you use OIDC?

I am not using OIDC, I was considering setting it up but this means I would need to change all my mobile clients to use custom headers - which could be a challange considering they are various non-technical family members

@davidquinney commented on GitHub (Nov 13, 2025): > Do you use OIDC? I am not using OIDC, I was considering setting it up but this means I would need to change all my mobile clients to use custom headers - which could be a challange considering they are various non-technical family members

adam commented 2026-04-25 00:12:34 +02:00

Author

Owner

Copy Link

Copy Source

@Vito0912 commented on GitHub (Nov 13, 2025):

No, what you mean is forward auth. OIDC is integrated into the apps. But that's another topic. Just wanted to make sure, because most reports were with users using OIDC.

@Vito0912 commented on GitHub (Nov 13, 2025): No, what you mean is forward auth. OIDC is integrated into the apps. But that's another topic. Just wanted to make sure, because most reports were with users using OIDC.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

book_tags_genres_dedupe

episode_download_fallback

Issue-4540-SortBy-StartedDate-and-FinishedDate

episode_meta_tagging

fix_authorize_race_condition

redirect_transcode_requests

progress_updated_sort

fix_ereader_socket_event

fix_change_empty_root_password

fix_podcast_session_track_index

fix_set_token

session_modal_user

localize_durations

fix_oidc_create_user

jwt_auth_refactor

fix_scanner_deleting_single_file_books

fix_mediaprogress_updatedat_2

experimental_next_client

podcast_episode_duration

episode-timestamps-clickable

book_author_secondary_sort_title

podcast_useragents

pathexists_user_access

fix_pathexists_join

book_author_secondary_sort

clean_duplicate_mediaprogress

sanitize_html_description

trix_prevent_attachments

check_path_api_fix

fix_mediaprogress_updatedat

increase_express_json_limit

fix_dockerfile_nunicode

search_episodes

audiobook_tools_update

episode_secondary_sorts

hls_stream_url_update

new_session_track_endpoint

audiobook_tools_enhancements

watcher_rescans_update

player_track_tooltip

fix_exclude_prefixes_crash

socket_item_events

fix_podcast_episode_scanner_promise

new_stats_controller

count_cache_for_userpermissions

parsing-opf-v3

validate_migration_files

fix-quick-match-all-crash

fix-chapter-end-sleep-timer

stringify_sequelize_query

remove-col-ambiguity

fix_next_prev_edit_description

details_trim_whitespace

fix_content_url_basepath

fix_logger_fatal

progress_bar_visibility

batch-edit-populate-map-details

feed_generator_updates

bookmark-modal-updates

migrate-library-item-in-scanner

migrate-new-library-items

migrate-podcasts-new-library-item-2

migrate-podcasts-new-library-item

fix-remove-episode-from-playlist

playback-session-use-new-library-item

refactor-library-item

fix-heatmap-caption

feed-episodes-upsert

share-media-player-media-session-api

remove-old-playlist

remove_old_collection_object

plugin-implementation-demo

feed_migration

refactor-feeds-from-item

fix_remove_authors_no_books

v2.17.3-fk-constraints-migration

migrations-first-upgrade

sqlite_2

feature/nuxt-target-server

waveform

sqlite

playlists

video

v2.35.1

v2.35.0

v2.34.0

v2.33.2

v2.33.1

v2.33.0

v2.32.1

v2.32.0

v2.31.0

v2.30.0

v2.29.0

v2.28.0

v2.27.0

v2.26.3

v2.26.2

v2.26.1

v2.26.0

v2.25.1

v2.25.0

v2.24.0

v2.23.0

v2.22.0

v2.21.0

v2.20.0

v2.19.5

v2.19.4

v2.19.3

v2.19.2

v2.19.1

v2.19.0

v2.18.1

v2.18.0

v2.17.7

v2.17.6

v2.17.5

v2.17.4

v2.17.3

v2.17.2

v2.17.1

v2.17.0

v2.16.2

v2.16.1

v2.16.0

v2.15.1

v2.15.0

v2.14.0

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.0

v2.10.1

v2.10.0

v2.9.0

v2.8.1

v2.8.0

v2.7.2

v2.7.1

v2.7.0

v2.6.0

v2.5.0

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.23

v2.2.22

v2.2.21

v2.2.20

v2.2.19

v2.2.18

v2.2.17

v2.2.16

v2.2.15

v2.2.14

v2.2.13

v2.2.12

v2.2.11

v2.2.10

v2.2.9

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.5

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.24

v2.0.23

v2.0.22

v2.0.21

v2.0.20

v2.0.19

v2.0.18

v2.0.17

v2.0.16

v2.0.15

v2.0.14

v2.0.13

v2.0.12

v2.0.11

v2.0.10

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v1.7.2

v1.7.1

v1.7.0

v1.6.0

v1.5.5

v1.5.0

v1.4.11

v1.4.9

v1.4.7

v1.4.6

v1.4.4

v1.4.2

v1.4.0

v1.4.1

v1.3.4

v1.3.3

v1.3.1

v1.2.8

v1.2.6

v1.2.5

v1.2.4

v1.2.1

v1.1.15

v1.1.14

v1.1.13

v1.1.12

v1.1.11

v1.1.10

v1.1.9

v1.1.8

v1.0.0

0.9.61-beta.0

0.9.61-beta

Labels

Clear labels

authentication

backlog

bug

chapter editor

config-issue

ebooks

encoding/embedding

enhancement

help wanted

listening sessions & progress

planned

possible plugin

progress sync

pull-request

Mirrored from GitHub Pull Request

sorting/filtering/searching

unable to reproduce

upload

users & permissions

waiting

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam (Adam Melkus)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/audiobookshelf#2970