Hacker News new | past | comments | ask | show | jobs | submit login

I work at Google but not on this product.. so I escalated your issue to the team that works on the anti-phishing classifier. They're looking into it now, and put you on a temporary whitelist in the mean time (should take effect within 30 mins).

It would be nice if the antiphishing filter also gave some good way for web developers to figure out why this happened and what to do to correct this.

This is harder to do than you'd think, without also giving the bad guys a cookbook for "here's how to avoid detection"

Thank you so much. Much appreciated. We will be more than happy to provide additional information or even access to the server if needed.

Just one more thing. Since our product is self-hosted by our customers under their own domain, white listing just our development domain is unlikely to help our cause.

I believe they actually whitelisted/disabled the part of the classifier that is affecting your site(s) more-generally, so it should be working across all domains. That said I know very little about the internals of that system.

I'm sure they will contact you via regular customer support channels (ie. not HN) if they need any more info to debug the problem.

In fact, whitelisting would tend to hurt your debugging efforts.

The whitelisting already active for this domain now.

Trace showing server overriding the "Phishyness" verdict of the client

[5760:1799:0701/150256:VERBOSE2:phishing_classifier_delegate.cc(211)] Phishy verdict = 1 score = 0.548927

[5751:1799:0701/150256:VERBOSE2:client_side_detection_host.cc(447)] Feature extraction done (success:1) for URL: http://dev1.codelathe.com/ui/core/index.html. Start sending client phishing request.

[5751:1799:0701/150256:VERBOSE2:client_side_detection_host.cc(415)] Received server phishing verdict for URL:http://dev1.codelathe.com/ui/core/index.html is_phishing:0

Applications are open for YC Winter 2024

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact