Hey guys! Great news.

Looks like Google just removed us from the blacklist. Maybe somebody from Google saw this or maybe I got reviewd quickly but I couldn't be happier.

Here are a few things I did

- Removed all inline images (As mentioned in my other comments a lot of virus sites were tagging me base64 embedded due to inline images)

- Disabled test uploads for now. I will probably make the test file expire after 2 mins and never host them on the same domain

- Moving the external scripts to another domain. You never know what can get you blacklisted so best to keep customer facing part separate from main domain.

I cannot be more thankful to all the people who replied and offered suggestions. You guys rock!

P.S. In case you guys still seeing the red screen of death, please let me know.

You say "All test files are deleted after 24 hours.", that implies to me that files people upload _could_ be downloaded too.

If that is the case, that is where you are vulnerable. Free hosting of a file at a trusted domain is worth something.

If people are not intended to be able to download their test files, check your logs, someone might have found a way around it.

That's the best I can think of.

Yes you are correct they can download it too. After thinking about it for the last 4 hours that is all i can think off caused the problem. I have nothing which can be called deceptive text on any of my site otherwise.

I will probably delete files after 2 mins instead of 24 hours.

Another option is I ask for credit card details before I let them try the demo. This can get rid of letting anyone misusing the demo features.

Just as a point, I wouldn’t give you credit card details to try a demo. I don’t think many people would - hard enough to get people to give them for a trial, nevermind to try uploading a file.

You allow anyone to upload random malware and you'll host it for them for 24 hours?

We don't offer any hosting. The demo on our website is way for people to actually see how the uploader will look in their own apps. Most companies like ours offer similar demos to their users too.

You dont seem to understand the concept of hosting then... glad the issue was resolved though.

This is probably the root cause. e.g. Mozilla shut down the "firefox send" service because of their inability to stop inadvertently hosting malware

First and foremost, host the hosted script that you let users use on a different domain - especially if you're letting random people upload random files to your primary domain!

Yes this is 100% correct and I was thinking the same. The homepage, test storage and external script cannot share the domain. I have already started making these changes.

I'd report it as incorrect, but I can't even ignore the warning (Firefox, clicking proceed anyway just pops up an additional 'deceptive site' banner that follows me even after navigation away /shrug) - so I can't really justifiabally report it sight unseen.

Where does the upload go when your customers use it on their site though? Maybe what's deceptive is that if HN shows an upload area in an iframe or whatever, and I upload something, I expect that I'm giving it to HN, but really it's gone straight to you at Uploader.win?

(Fwiw I also think uploader.win is not a great name, your search result looks like it's a good tool, but the name sounds sort of scammy, like the kind of thing you'd get if you searched 'free download exe' or something.)

The upload goes to the customers AWS account or Digitalocean spaces account. We do not host any cutomer's file.

Also it always opens-up a file popup so it can't be used deceptively.

Regarding the name it's short form of 'Uploader window' like Filer Picker. Really can't do much about that.

Thanks for helping it in reporting it as incorrect.

I just had a look on Ahrefs and couldn't notice anything weird.

One thing I did notice, is that you have your jpg's inline. McAfee and other virus protection apps are completely trigger happy anytime you encode a substantial amount of "code" (yes it's an image). I would try removing the inline images and linking them and see if that makes any difference.

Thanks for checking and help.

Yes I too believe this could be one of the cause as I've mentioned below in another comment, virustotal site says 'base64-embedded'.

Those are just svg images I've embedded in the html to reduce the number of requests. But I'm not taking chances and making them seperate files.

Oh sorry I missed that comment. But yes good idea to remove them. I can't see any embedded SVG however, just 3 base64'd pngs and 2 base64'd jpgs

Is Search Console giving any useful info?

FYI your domain seems to be blacklisted by Firefox, McAfee, Sophos among others [0]

[0] https://www.virustotal.com/gui/url/e75b77237f60332ef78b2399c...

This is so strange. Unfortunately I can't find any security issue on the server or any files that caused this.

Here is a screenshot of webmaster tools(1). The pages it lists are html pages and I've checked the source code and there are no script or anything on them.

Also the virustotal site says 'base64-embedded'. Those are just svg images I've embedded in the html to reduce the number of requests. That can't be a trigger right?

(1) https://i.imgur.com/iHYWyG4.png

The virus engines are probably listing it because they check the Google malware listings.

I don't really know any way around other than that we can report the incorrect phishing warning here:

https://safebrowsing.google.com/safebrowsing/report_error/?u...

You domain name confused me when I first saw it : uploader.win seems related to Windows at first sight. Whereas your product has nothing to do with Windows. Something like [catchy-unique-name]-uploader.[com/io/app] seems less misleading.

Obviously you're a small business and this isn't a feasible option, but I wonder if you had a case to sue Google for libel.

They're telling people that your business is dangerous and could harm them.