I have decided to switch my customer base over to email link sign in with Firebase rather than Google/Email/Apple that I was previously doing.
I got everything set up, tested, and all was working well. Since I have now released customer wide I am starting to run into issues.
Some customers, including gmail users are getting a Suspicious email alert due to having a firebaseapp.com link in it. Today, I created a brand new project for a customer and went to log in for the first time, Gmail as all good, but now Chrome is giving me a "Deceptive site ahead" error page saying this website does phishing (the subdomain is about 6 hours old).
Can anyone think of an appropriate solution for this, or will I have to do some URL rewriting?
It is frustrating the firebase URLs are so blacklisted across the internet(I have had to omit storage url links for pictures and make custom emails altogether since the domain is banned by Exchange), I would think this should be much easier than it is being made out to be.
When I first ran into the Gmail issue the only thing Firebase support gave me as a solution is to build my own custom email handler. In following that, I assume I would either need to rewrite the domain after generating the sign in link, which I am a bit hesitant to do in case there are domain changes in the future or I wondered if updating my email template domain will solve the problem. When I started this process I realized I needed to update my DNS records for this. The problem here is that I whitelabel apps and have 150 projects or so and each customer gets their own project. The management of this is really not feasible.
I have dynamic links enabled for all projects and use the projectid.page.link domain for them if there is some way I can get that to work as well.
Related
Below is the scenarios I have done and facing difficulties in proceeding further.
Firebase deployed - deployed to firebaseapp.com
Created custom domain in firebase,named subdomain.mydomain.com
copied the TXT from the advanced Setting
I have domain in google. named domain.com
In domains.google.com under Custom resource records pasted the TXT text and wrote sub-domain at the place of #.
Below are my doubts
How to make firebase deploy to subdomain.mydomain.com, now
it is deploying to firebase.app.com
What else should I do to make subdomain.mydomain.com to live and show my page
Note: I just brought the domain, only basic setting like enabling security has been done.
Update the question with screenshots
1.Firebase
2.GoogleDomains verification
Thanks Mr. #FrankVanPuffelen,
I spoke with the domains.google.com support team and understood the mistake I have done.
Follow below to avoid mistakes
WARNING: Don't disturb by making any change in setting. wait for atleast 12hours(works max at 6 hours)
If it is not working don't hesitate, contact the support team and talk with them
contact me for any help if you still have an issue 😃
I decided to try Firebase. When I go to the console, I not only see my own project, but two projects that I never created or was supposed to have access to:
Those projects seem to be created by a "Rohit Travel & Tours". I can see some of the details:
When I go to Google Cloud's resource manager, sure enough, the project is also there, along with a few "My First Project" projects that seem to belong to the same people:
I'm not sure why I got access to this. It's either a dangerous bug, or a clueless admin that added one of my emails to the project.
I'd like to remove that project since it's just clutter. However, I can't find a way to remove myself from the project, and since I don't have any kind of admin access, there's nothing I can actually change there. In fact, I can't find my account listed on any of the role/member fields either, so I'm not sure what's the real story there.
So far the admin emails listed on the accounts have been unresponsive when I requested that my account be removed.
There's no way to contact Google Cloud to request that either. Apparently the only way to contact them is with a paid support account of some kind.
So my question is: is there a way for me to ever remove myself from these accounts, so I don't see them on my panels, especially the Firebase dashboard?
Or am I stuck with these app accounts forever?
When such projects show up for me, it's usually because someone added a group that I'm a member of (like all#company.com) as a collaborator to that project. If that is the cause, there is no way to remove me/you as an individual user. One of the owners on the project will have to remove the overly broad group, and replace it by either a better targeted group or by the individual users.
Also see:
How do I remove myself from a project in the Google Developer Console?
We are currently trying to use Concrete5 to create an internal Intranet for the company I work for (this is a web-based server). What we would like to do is allow our employees to sign in using their Gmail and be able to see their personal calendars amongst other things on sign in.
I would like the employees to just sign in once, get automatically asked for granting permissions during the login, and then be taken to the home page.
I'm having trouble figure out how to modify Concrete5's built-in Google login to request these scopes. I am pretty bare-bones in my PHP knowledge and no amount of Google searching has really answered my question specifically for modifying the authentication for Concrete5.
So to sum up my question:
How would someone go about modifying Concrete5's Google authentication to request additional permissions? We are using 5.8.3 and are always updating as necessary, so modifying the core is not really an option to prevent overwrites in the future.
The best way to do that would be to copy the core Google login system to create a new one. You could call it Google Custom or anything you want. You could include it in the folder application/authentication or in a package, with the appropriate modifications.
But to be honest, if you're bare-bones in your PHP knowledge, it all might be a bit too difficult to achieve
Strange problem with Wishlist Member.
I set up the membership script and sent out a registration URL to 20 or so people who were willing to test-drive the site. However, only a handful of them were able to reach the registration page successfully, whereas the others were redirected to the homepage.
I checked the WLM support where it says this can happen if you enter the destination URL rather than the registration URL, but I definitely didn't do that. I copy and pasted the exact registration URL for that member level.
I've never encountered a problem like this before, where one group of people get one result, but another group get a different result from taking the same action.
I'm in contact with the support guys there, but still looking for a resolution. I upgraded the plugin, made sure everything hit the checklist, and asked those test-drivers to try again. One was able to succeed, the others not.
I was wondering if anyone here had any suggestions? It'd be hugely appreciated.
An issue was brought to me involving malware on a WP environment. When I search the brand in Google and click the corresponding link, I'm redirected to a 3rd party spam site.
This has been happening for a while (over a week), but my site hasn't been put on Google's blacklist. Additionally, site scanners like , Norton Safeweb, etc. all claim the site isn't compromised.
Additional details:
I found and deleted some suspicious PHP eval() functions and then did a search and replace in my pages and database for any remaining code. After the site cleared into un-blacklisted status with Google I thought it was all over, ran updates and took numerous measures to protect the site from future infection.
However the issue still persists.
Were the nameservers ever changed by the malware or attackers? Google could have the wrong DNS information for your domain and thinks its hosted at said spam site? Resubmit your site to Google or report the issue to them to resolve (may also be resolved automatically next time Google tries to crawl your domain)?
It is a strange issue I have not seen before either, have you looked at your .htaccess file in the root directory? It is also possible that this has a rewrite condition that if the referrer is Google to redirect you to the spam site.
Solved this issue. At the time when this happened, this redirect attack was fairly new.
HTTP requests from visitors who passed referrer data from Google Search or Bing were being redirected, some of the time.
By targeting only those coming in from search, the webmaster or site owner is less likely to see the issue (until informed by a third party), while still manipulating a decent amount of the traffic (50% of traffic for most sites comes from search engines).
When I originally posted this question in 2012, this attack was new and because the redirect was being served server-side (directly in a lone PHP file, not via .htaccess), malware signatures from scanners didn't detect this.
Running Maldetect (with an updated database) was the best way to quarantine this issue and analyze the extent of the damage caused by malware.
This issue seems due to wp-vcd Malware that creates rogue WordPress admin users and injected spam links. I faced the similar issue and it got resolved after following these steps.
The files you should check for and delete:
wp-feed.php
wp-vcd.php
wp-tmp.php
Multiple copies of class.theme-modules.php, and
remove a bunch of code from the start of all the functions.php files.
For details you can find on this issue at following links...
https://wordpress.org/support/topic/wp-feed-php/
http://labs.sucuri.net/?note=2017-11-13
http://labs.sucuri.net/?note=2017-11-13