I’m the current engineer on call. I’m not sure if the list of plugins would help, but it definitely wouldn’t hurt. If it’s not too much trouble, I’d appreciate it!
4 Likes
Happy Sunday 
3 Likes
What we know right now:
-
A few individual apps have been reported to Avast. If you see a url of the form [some long string of letters].cdn.bubble.io reported as blocked, that’s most likely related to your app; please report that url to Avast as a false positive.
-
Some of Bubble’s system urls have also been reported to Avast (which may contain assets referenced by either plugins or other apps). We are working on changing those. Meanwhile, we strongly encourage that if you are linking to files (logos, fonts, etc) originally uploaded to bubble.io, you download and re-upload those files to your own app
3 Likes
Cool that a founder of @bubble is responding on a sunday to these errors, while it would be also fine if a support engineer like @mark.chu-carroll did that!
Shows how much @bubble does care about the stability!!
9 Likes
DM’d you. Thank you both!
Didn’t say this explicitly in my last message, but if you need to use the bubble editor or your app, it is safe to tell your antivirus software to ignore the warning and proceed anyway. I know that some of you can’t do this (especially if it’s being blocked by your ISP), but for those of you who can, feel free to disable Avast / AVG for the relevant sites
5 Likes
(also, sorry for the status page spam – somehow resolving the other infrastructure incident we were just responding to cleared the status page entry for this incident)
4 Likes
Latest update:
- The Bubble editor is no longer being flagged and should be fully usable
- Our homepage is still being flagged, but we should be resolving that shortly
- We’ve rotated urls for shared assets, which we think should resolve the situation for some but not all user apps. If your app is still being blocked, things to check:
- What is the specific url that is being blocked? A tool like Avast will show you the actual url, which will often look like “https://[something].cdn.bubble.io/some-file-name”. If that “something” is “meta-l” or “meta”, that URL is bad and you should change it by downloading that file, uploading it directly to your app (or anywhere else on the web), and updating the URL in your app, assuming your app is referencing that url somewhere
- If the “something” is a long string of characters, like afuwge23asdf2, please report that as a false positive directly to Avast (which shares a database with AVG and other anti-virus providers)
- If you can’t figure out what url is being blocked, please contact support by opening a bug report or replying to your already open bug report and we can try to help you figure out where it is coming from
We’re going to leave the status page message up overnight and probably into early next week, since we expect that while we’ll be able to get most apps back online over the next 24 hours, there may be a long tail of blocked + bad urls that we’ll need to help users work through app by app. We will update this thread if there is a major change in the above status, or if we see a major surge in bug reports related to this issue; otherwise, this is likely to be the state of affairs for the next 24-48 hours
7 Likes
yep having to turn off webshield to edit. and turning off webshield is doing something to my wifi signal. yes very weird.
My situation is with AVG. Here’s what I’m seeing in the live app:
Note: I typically use MS Edge for live execution of the app.
The problem doesn’t seem to be appearing when I fire up the backend editor.
1 Like
The flagging I am getting shared with me is related to https://meta.cdn.bubble.io/f1678588430465x230578802325048350/icons.js which seems to be to do with the Hero Icons plugin. Anyone else using this plugin who is also getting reports of issues here? How to fix for something like this?
I haven’t been able to reproduce, but this is what a user sent us. Apparently, Google login was blocking us too.
Yes as we move into Monday morning now Asia time, I am getting more and more reports of this and there doesn’t seem to be a way to solve it. Sometimes I am shown a link and sometimes I receive a screenshot showing HTML:Script-inf [Susp]. How to solve this? It is mightily frustrating for us as well as users.
@josh
To confirm the steps to take here:
- report the “fkjhsfkj3242…cdn.bubble” link
- remove any the “meta…” link (in my case related to the hero icons plugin)
For 1. I have removed all of my custom fonts from settings but somehow they are still triggering avast? the rest of them are related to plugins.
For 2. (@lizzie) to deal with the Hero Icons link, I had to fork the plugin. Then change the link in the plugin source. Then go through my app and manually replace each of the icons.
I have reported the links to Avast
(I did that on Saturday now, and still havn’t heard or seen any improvement)
@josh when attempting to replace “meta…” links in plugin source code, whenever you upload a file to the plugin editor under the “shared assets and resources” you still only get meta-q links. Is that ok or should I be doing something else?
All
The response so far is very positive. As a newbie sold on bubble there is lots of ‘meta, links in plugin in source code, 1. report the “fkjhsfkj3242…cdn.bubble” link’ which are probably obvious to many of you.
But the ‘no code - citizen developer model’ requires us less tech savy to have a bit more plain language guide on what to do. We have live apps and are a bit in the dark as to how to action this.
All and any help gratefully received
Glad I’m not affected by this (yet)
Curious, how this can be prevented in the future, @josh? From my understanding the URLs being flagged to Avast are the domain or subdomain or Bubble’s which in return causes a chain reaction and affects multiple Bubble apps when it’s flagged.
Is there a way to switch the resources that are hosted on Bubble’s domain to resources that are hosted on each individual’s app custom domain or bubbleapps.io subdomain?
Or is there a way to ask Avast to not flag Bubble domains except for actual apps hosted on a subdomain or bubbleapps.io 
1 Like
@josh any updates? Microsoft Defender for 365 also reports it
Really curious about the why if ever someone has more details or context.
Would that come from a specific site being flagged and affecting all other subdomains or could it be a manual mass report?