this post was submitted on 07 Oct 2024
59 points (88.3% liked)

Selfhosted

40670 readers
580 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I bought a domain from them about 3 months ago (luckily for one year). I decided to choose them because there were good references regarding privacy. So I started to point my self-hosted services (with proper certications and stuff) which were solely used by myself and my family, to the domain and subdomains. So far, so good.

Suddenly, my domains stopped working. I went to the admin dashboard and tried to click on "Manage," but the button wasn't working. I checked the button code, and it was labeled as "disabled." So I contacted support, and I won’t provide much more explanation; I will just paste their response.

Domains not working

open - created 15 hours ago

Whats going on with my domain and its subdomains ? i cant even access to manage them anymore, why?

Replies:

[Reply #1] from Njalla - 13 hours ago

Your account is suspended.

[Reply #2] from you - 8 hours ago

May i have a reason ? What kind of answer is that? If i cant use the service i want my money back

[Reply #3] from Njalla - an hour ago

We don't refund services, and your domain has been suspended for violating our terms of service, for among other things, being flagged as malicious by various browsers.

[Reply #4] from you - now

What terms did I violate and how? Do you have evidence? You are not even providing a notification, nor a reason, nor any evidence. And you just go ahead and suspend my domain??? What kind of service are you providing? Are you self-hosting the servers? For the record, I was just self-hosting my own services and was doing nothing wrong. I don't even understand why this is happening. And if you can't give me a clear reason, I will go ahead and spread everywhere what you did, including the fact that you are not even refunding me.

Edit: adding their “profesional” response. I assumed they just stole my money and my domain. I’m not able to even enter to manage my domain. They just disabled the button … wtf

[Reply #5] from Njalla - 3 hours ago

Why was your domain flagged by security vendors as malicious?

top 28 comments
sorted by: hot top controversial new old
[–] sun_is_ra@sh.itjust.works 33 points 2 months ago (2 children)

few years ago I was contacted by digital ocean because they got reports about myserver being involved in ssh attack or something like that. Turns out my old drupal website had unpatched vulnersbilities that allowed attacker to access my system and use it for attacking others.

am not saying that to defend your provider they should have at least give you a warning. I an saying that to check yiur server as it may have been compromised

[–] Strit@lemmy.linuxuserspace.show 22 points 2 months ago

I had an experience like that. The droplet was used as a seedbox for Linux ISO torrents (truth, not a cover) and after a couple of months they contacted me, saying they where seeing abnormal activity to and from the droplet and I should investigate and take action within a week, else they would turn the droplet off.

After I explained it to them they replied that using a droplet as a seedbox was not allowed, poinnted to the relevant part of their TOS and I agreed to shut it down.

What the OP is experiencing is a poor way of doing business for them.

[–] geography082@lemm.ee 4 points 2 months ago (2 children)

Good possibility. I was actively checking the security and access violations or system changes. I was not able to see nothing strange. Even the only ips stains the services were always mines. Maybe I’m even unaware, but how to know if these people even tell me a thing.

[–] taaz@biglemmowski.win 13 points 2 months ago

Run your ip through ip abuse databases to make sure there is nothing wrong perceived from outside.

[–] sun_is_ra@sh.itjust.works 6 points 2 months ago (1 children)

I'd check https://transparencyreport.google.com/safe-browsing/search because most browsers including mozilla firefox rely on google safe browsing.

The other thing to point out is that if an attacker somehow got root access, they could install a so called "rootkit" and what it does it replacing some of the basic commands like top, ps, ... with altered ones in order to hide the malware activities

[–] geography082@lemm.ee 1 points 2 months ago (1 children)

Yep I figured out ot was google safe browsing . I have no clue why. Meanwhile these guys took over my domain .

[–] MangoPenguin@lemmy.blahaj.zone 2 points 2 months ago (1 children)

Njalla is more private because they own your domain and just allow you rights to use it, the downside is you have less control over things.

Still would be nice if their support was better.

Did your domain come up as flagged on google safe browsing?

[–] geography082@lemm.ee 0 points 2 months ago (1 children)

Yep I understand. Yes it was flagged by google safe browsing. But if they own the domain, and because of that they react like hysterical without investigating, their services are a “delicate” option.

[–] MangoPenguin@lemmy.blahaj.zone 2 points 2 months ago* (last edited 2 months ago) (1 children)

Probably due to their status as a privacy friendly way to have a domain they get a lot more fraud and scams using their services, they're probably dealing with tons of this stuff daily. Being flagged by google safe browsing most of the time means something isn't right, but I'm not sure what they would really be able to investigate on their end.

Have you figured out why you were flagged? I've seen similar stuff from self hosters before where they have a compromised service exposed to the internet and didn't realize it.

[–] geography082@lemm.ee 0 points 2 months ago (1 children)

Nope y checked here for the domain status and stills shows as unsafe. Since I’m not the owner of the domain and I was suspended I have no idea about the reason. Anyway I gave up, so I turned all my services inside my home network and vpn.

https://transparencyreport.google.com/safe-browsing/search

[–] MangoPenguin@lemmy.blahaj.zone 1 points 2 months ago (1 children)

Annoying that it doesn't give more details!

I think you might need to add your site to google search console to see more details on specifically why it was listed as unsafe.

Some info here: https://web.dev/articles/use-search-console

[–] geography082@lemm.ee 0 points 2 months ago

Thank you :)

[–] db0@lemmy.dbzer0.com 16 points 2 months ago (3 children)

Wait, if they suspended your domain, can you even transfer it away? if not, that's really fucking scary.

I don't have good interaction with them either, but nothing as bad. I used one of their VPS to hold the reverse proxy for my lemmy instance like a year ago. Randomly it went down and the support was non-existent. Eventually it came back on its own after some days but I had already moved everything away from them

[–] starshipwinepineapple@programming.dev 15 points 2 months ago* (last edited 2 months ago) (1 children)

Wait, if they suspended your domain, can you even transfer it away? if not, that's really fucking scary.

Njalla takes ownership of every domain purchased on their platform. They do let you transfer domains to another registrar where you could be the owner if your account is in good standing but seems like that may not be the case here (since account suspended)

That may be great for some domain use cases but for most stuff it would be better to have your name on the domain registration

[–] db0@lemmy.dbzer0.com 7 points 2 months ago

Ye, going for extreme privacy like this has these kind of downsides.

[–] MangoPenguin@lemmy.blahaj.zone 4 points 2 months ago

Njalla is more private because they actually register the domain themselves, and just allow you rights to edit the settings.

It's quite different from a typical registrar like Cloudflare where you actually are directly registering the domain yourself.

[–] geography082@lemm.ee 2 points 2 months ago (1 children)

Yep they just disabled the “manage” button on the html . It is like a kiosk. Holly crap , yes they reply like if they were selling vegetables in the street. We need to advice other people

[–] db0@lemmy.dbzer0.com 4 points 2 months ago (1 children)

Ye, generally I would only use njalla for discardable services and domains.

[–] geography082@lemm.ee 0 points 2 months ago

Good advice

[–] troed@fedia.io 2 points 2 months ago (1 children)

If you were just selfhosting services for you and your family, would really browsers be flagging your site?

[–] Count042@lemmy.ml 9 points 2 months ago* (last edited 2 months ago) (2 children)

Yes.

I made the mistake of naming my emby instance https://emby.example.com

On emby, if you don't have a session cookie, it opens on an authentication page.

I've had Google label it as a mitm attack and get labeled malware three times. It gets fixed in a day or two upon review, but all major browsers block it during that time.

[–] troed@fedia.io 1 points 2 months ago (1 children)

But why are random people visiting your instance?

[–] Count042@lemmy.ml 3 points 2 months ago (1 children)

They weren't.

Google runs it's own scans against domains.

[–] troed@fedia.io 2 points 2 months ago

That sounds problematic. Where do they detail this?

Wikipedia:

Google Safe Browsing "conducts client-side checks. If a website looks suspicious, it sends a subset of likely phishing and social engineering terms found on the page to Google to obtain additional information available from Google's servers on whether the website should be considered malicious".

[–] geography082@lemm.ee 0 points 2 months ago (1 children)

I have the vague idea it was because I named one of subdomains “linkding” , the bookmarks app, because was one of the last things I was doing on my services.

[–] Sunny@slrpnk.net 1 points 2 months ago (2 children)

Just out of curiosity, was your services pointing out to the public Internet? If yes, wouldn't it be better to use a vpn?

[–] MangoPenguin@lemmy.blahaj.zone 1 points 2 months ago

Yeah I would not be exposing stuff like Linkding to the public internet unless I really wanted to spend the time to isolate the server and networking, and really make sure it's locked down.

[–] geography082@lemm.ee 1 points 2 months ago* (last edited 2 months ago)

Yep from my side I was too exposed. I didn’t thought having just some family services and access just by us would end up like this. Also I was doing so for a very short period, before I was using vpn. Seems more, delicate than I though