this post was submitted on 07 Oct 2024
59 points (88.3% liked)

Selfhosted

40173 readers
1067 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I bought a domain from them about 3 months ago (luckily for one year). I decided to choose them because there were good references regarding privacy. So I started to point my self-hosted services (with proper certications and stuff) which were solely used by myself and my family, to the domain and subdomains. So far, so good.

Suddenly, my domains stopped working. I went to the admin dashboard and tried to click on "Manage," but the button wasn't working. I checked the button code, and it was labeled as "disabled." So I contacted support, and I won’t provide much more explanation; I will just paste their response.

Domains not working

open - created 15 hours ago

Whats going on with my domain and its subdomains ? i cant even access to manage them anymore, why?

Replies:

[Reply #1] from Njalla - 13 hours ago

Your account is suspended.

[Reply #2] from you - 8 hours ago

May i have a reason ? What kind of answer is that? If i cant use the service i want my money back

[Reply #3] from Njalla - an hour ago

We don't refund services, and your domain has been suspended for violating our terms of service, for among other things, being flagged as malicious by various browsers.

[Reply #4] from you - now

What terms did I violate and how? Do you have evidence? You are not even providing a notification, nor a reason, nor any evidence. And you just go ahead and suspend my domain??? What kind of service are you providing? Are you self-hosting the servers? For the record, I was just self-hosting my own services and was doing nothing wrong. I don't even understand why this is happening. And if you can't give me a clear reason, I will go ahead and spread everywhere what you did, including the fact that you are not even refunding me.

Edit: adding their “profesional” response. I assumed they just stole my money and my domain. I’m not able to even enter to manage my domain. They just disabled the button … wtf

[Reply #5] from Njalla - 3 hours ago

Why was your domain flagged by security vendors as malicious?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 month ago (8 children)

If you were just selfhosting services for you and your family, would really browsers be flagging your site?

[–] [email protected] 9 points 1 month ago* (last edited 1 month ago) (2 children)

Yes.

I made the mistake of naming my emby instance https://emby.example.com

On emby, if you don't have a session cookie, it opens on an authentication page.

I've had Google label it as a mitm attack and get labeled malware three times. It gets fixed in a day or two upon review, but all major browsers block it during that time.

[–] [email protected] 1 points 1 month ago (1 children)

But why are random people visiting your instance?

[–] [email protected] 3 points 1 month ago (1 children)

They weren't.

Google runs it's own scans against domains.

[–] [email protected] 2 points 1 month ago

That sounds problematic. Where do they detail this?

Wikipedia:

Google Safe Browsing "conducts client-side checks. If a website looks suspicious, it sends a subset of likely phishing and social engineering terms found on the page to Google to obtain additional information available from Google's servers on whether the website should be considered malicious".

[–] [email protected] 0 points 1 month ago (1 children)

I have the vague idea it was because I named one of subdomains “linkding” , the bookmarks app, because was one of the last things I was doing on my services.

[–] [email protected] 1 points 1 month ago (2 children)

Just out of curiosity, was your services pointing out to the public Internet? If yes, wouldn't it be better to use a vpn?

[–] [email protected] 1 points 1 month ago

Yeah I would not be exposing stuff like Linkding to the public internet unless I really wanted to spend the time to isolate the server and networking, and really make sure it's locked down.

[–] [email protected] 1 points 1 month ago* (last edited 1 month ago)

Yep from my side I was too exposed. I didn’t thought having just some family services and access just by us would end up like this. Also I was doing so for a very short period, before I was using vpn. Seems more, delicate than I though

load more comments (5 replies)