Google keeps flagging VitalPBX servers as "deceptive/dangerous"

Google keeps flagging all of my VitalPBX installs as dangerous/deceptive sites. Please see attached screenshot.

It seems that something VitalPBX is presenting is triggering Google to flag all VitalPBX instances like this. This is happening on 100% of my VitalPBX installs. My SSL certificates are valid and issued by Let’s Encrypt.

Maybe because of your main domain? So all Subdomains are affected.
Might something happened or going on recently.

You use something like WordPress or so in your main domain?

Some information that I found:

Detect the Cause of the Problem

To resolve the warning, you need to locate the source of the problem. First, use Google Safe Browsing to verify your site’s status. This free Google tool will detect any malware or phishing threats that made the web browser deem the website unsafe.

Alternatively, deep scan your website using a malware scanner. This method is ideal for users with limited technical knowledge, as the tool will do all the work for you. Plenty of online malware scanners like SiteGuarding and Quttera offer this service for free.

Reasons for the warnings include:

  • Your site has been infected with malware
  • Your site contains phishing pages
  • There’s an issue with your SSL certificate
  • Your website has questionable links
  • You offer suspicious downloads

Warning meaning

Deceptive Site Ahead

This warning refers specifically to websites that might be phishing sites. For example, it could be a page designed to look like it belongs on your website but used to steal users’ personal information.

did u get to the bottom of this? I have the same problem…

Are you getting the same exact error?
Could you upload a screenshot and what certificate are you using selfgenerated or from Letsencrypt?

this happens sometimes because Google tries to index the site (VitalPBX) and when finding a Login request at the beginning and seeing that the site is not a web page as such and cannot do SEO, it sends it to put it as a suspicious site.

To solve this problem and tell Google not to index it, follow the following procedure from the console:

Create the robots.txt file

nano /usr/share/vitalpbx/www/robots.txt

Add the following content:

User-agent: *
Disallow: /

In future versions, we will include this file to avoid this inconvenience.


Hi Sir,

The above guide has been carried out, but still appears “Deceptive site ahead”

Even I have changed the domain


Maybe a recrawl helps?

Request Google to Review Your Site

On Chrome, try Ctrl + Shift + R to reload the page ignoring cached content.

1 Like


I have the latest vitalpbx v3 (3.2.5-2) with the robots.txt fix and so on, but this happened to me as well.

Found out it’s from
Problem is that this subdomain will have impact on the whole domain.

No hack or anything can be found when i searched some.
No recent changes to any file.

Can you please investigate further on this why this happens?



Do you have all the addons updated?


Thanks maynor for the reply.

Yes I do. Just checked again even with clean cache and then check online.
All add-ons up to date.

1 Like

still having the same issue from July’s 4th


Please ensure you have the latest version of VitalPBX and also of any installed add-ons. Additionally, please verify if the file /usr/share/vitalpbx/www/robots.txt contains the following content:

User-agent: *
Disallow: /

You can also report incorrect phishing warning in the following link:

Best regards,

Did you ever Test any scripts or so in the WWW Folder?
Some playing around with ChatGPT code maybe?

thanks! everything is working as usual now

1 Like

What did you do exactly?

And please answer my question:
“Did you ever Test any scripts or so in the WWW Folder?
Some playing around with ChatGPT code maybe?”


1 Like