Bitwarden self-hosted site marked as "Dangerous" by Google

nothing here to see anymore, just a troll feed

My guess is that your domain name is similar enough to the Bitwarden vault or Bitwarden domain that someone reached your site via a search engine and then flagged it as a phishing site. I think all you can do is figure out how to contact Google to get it removed from their blacklist.

I’m having the same issue today as well. It’s been working for years. Coincidence it happened to both of us on the same day? I also have a self-hosted setup. One thing to add - the Desktop client works fine. It’s just the browser extension & website. The extension also seems unable to Sync due to this issue.

Out of curiosity, are you guys actually running the official Bitwarden server software? Or is there a chance you installed something else? There are Bitwarden imposters out there - software that presents itself as Bitwarden server, but is actually not the same codebase as what Bitwarden produces but is meant to look and act just like it. Perhaps that’s the reason for the warning of malicious software by Google?

Post your server version information, the type of device you are using and its operating system if you aren’t sure.

No, I’m running: Docker Hub - so my server is running in a docker container / Ubuntu / oDroid.

It seemed like a safe alternative. Should I be concerned?

The imposters run in Docker as well. If you didn’t download the software directly from Bitwarden.com, I am guessing that is the source of your issue. And above, @spikeygg says he downloaded the software from Home Assistant, which is a huge red flag because Bitwarden only provides its software through its website.

You guys are running something else. Something potentially malicious.

None of my domain is in the results of Google’s indexing! That’s what makes this so weird. I can search specifically for my domain name using https://www.google.com/advanced_search “Site or domain” field and nothing comes up. Furthermore, using their Google Search Console coverage page, shows that none of it is indexed citing: “URL is not on Google”.

That seems to support my second suggestion then, that you are running something other than Bitwarden, perhaps a malicious imposter.

I am using a version which was published by a well respected member of the Home Assistant community: Home Assistant Community Add-on: Bitwarden RS - Home Assistant OS - Home Assistant Community which comes from open source code found here: GitHub - hassio-addons/addon-bitwarden: Vaultwarden (Bitwarden) - Home Assistant Community Add-ons

Anyway, I guess it’s your opinion that we’re just running malicious software because we didn’t get it directly from Bitwarden. Not particularly helpful, but thanks for weighing in.

What do you mean when you say this? Is there an application you run that connects to your served instance? When I use chrome on desktop or mobile, I’m met with the red screen. If I use the Android Bitwarden app it works without any complaints on both local WiFi and a 4G/LTE connection.

I didn’t say it was malicious - I said there was a potential. I was just trying to help diagnose the source of the Google DANGEROUS warning, and this seems like a plausible cause.

But if you knew you weren’t running Bitwarden software, but rather an imposter from someone else, why are you posting here.?

He probably means that the actual Bitwarden software works fine, which is expected.

I think we have established that this is not a Bitwarden issue. I encourage both of you to seek support from the developer of the server software, if anything exists. So I’m going to close this thread now. Thanks.

1 Like