Since yesterday, one of our Matomo installations (Version 4.12.3, no special plugins) was marked as unsafe by Google’s transparency report. The reason given reads:
This site is unsafe
The site stats.example.net contains harmful content, including pages that:
- Try to trick visitors into sharing personal info or downloading software
Yeah well, I do not agree that we “trick” visitors into something, but to collect “personal info” is, to a certain degree, the intention behind running Matomo, obviously.
I added the installation to the Google Search Console now because I thought that there will be detailed information available there. Unfortunately, the same generic message is shown. At this time, I just requested a review and wrote them in the comment that we’re not aware of any wrongdoing.
I run some dozens more Matomo installation where I did not run into this problem so far. Has anyone else encountered such issues, or can someone shed more light on the inner workings of Google’s safe browsing technology, so we can assess countermeasures?
Thank you in advance for any feedback,
Maybe it’s so obvious that you didn’t mention it, but have you examined the webspace thoroughly? Malware infections do happen, and they might not always be in obvious ways. You might have some unwanted “guests” on your webspace. The infection doesn’t have to originate within your Matomo install, once a threat actor gets access to your webspace, they will usually spread anywhere they can, regardless.
Is there anything else that is hosted at “
stats.example.net”? Is this a shared server? Do you manage it directly? Is it host on shared hosting? Can you check on the HTTP logs if there is unknown (and suspicious) hits other that the ones of Matomo?
I failed to mention that, but yes, I checked everything carefully, and I’m pretty certain that nothing malicious is going on.
No, the hostname is used solely for this Matomo instance. It is a shared server with a handful of other Matomo installations. I do manage the complete system, which uses the same stack as thousands of other PHP websites we host. The respective shared instances are tied down pretty close, and we monitor everything carefully, so I doubt that there could be some interference.
I also checked the logs again and did not find anything suspicious. As of know, it still looks to me as if the unsafe rating were given solely on the grounds of us using Matomo.
@innocraft, did you ever get this kind of feedback?
After submitting a reconsideration request to Google, the listing was removed manually. We did not receive any feedback, so we think the site was marked accidentally.