We’ve received a number of reports from users having trouble with email deliverability and accessing their Glide apps. We’ve traced the cause to a Glide app being used for phishing.
A handful of ISPs have flagged the glide.page domain as malicious. While the scope of this is currently limited, there is a chance that additional ISPs will flag the domain.
Configure your device’s DNS settings to bypass local ISPs. There are a number of free, public DNS options available from Google, Cloudflare, and OpenDNS.
If you are unable to configure your device’s DNS, you can use a VPN.
We are actively working to get our status restored with affected ISPs. We’re also creating a workaround for glide.page users to prevent further service interruptions.
We’ll keep this thread updated with details as they’re available.
Interesting! I cannot recall the details because I dismissed it, but a few days or weeks ago I received a suspicious email indicating I had published a new app. I think that was the email but I’m not sure at all. I knew when I received the email that I hadn’t published anything new (or at least I knew I wasn’t supposed to have received the email I did), so I dismissed the email as a mistake or a bug
Hi there - disturbing news that our apps may be blocked by some isps.
If we move our app to a new domain - I am assuming we would have to also change the QR code. One of my apps has 2,000 users - the hassle of updating dozens of documents with the QR code - and dozens of NFC fobs with the url would make this incredibly daunting. Is there a simple way to do a redirect from the Glide side to avoid the QR code and url having to change? Russ
So my question @rwdaigle@NoCodeAndy is will Glide be able to fix this problem? I’m making sure from now on I only ever use my own domain and maybe I’ve been a bit naive, I certainly was when I started this low-code journey (don’t get me wrong Glide has helped me build a great business) but they probably could have made it a lot clearer (from glide) that they strongly recommend you use your own domain’s. I have blindly used their turnkey solution which included their domain not thinking of a situation like this and now have a couple of embarrassing conversations ahead of me. Although not in a position like @snooprussyruss I still have about 20 businesses that I now wish had their own domains, I’m going to have to roll out updates which (because of their users) won’t go down that well but , lesson well learned.
I was affected by the recent issue that now sees some users not being able to access apps due to blacklisting of Glide URL’s as a security thread (caused by 1 user creating a suspicious app).
My fix was to go to a URL provider and buy a custom shortcut URL. Not expensive and not a big issue. But it requires experience and patience to go through the steps of setting up the DNS to ensure it links up with your Glide app.
If this is the future, I’m wondering what Glide feels about this new requirement. Is this the new norm?
So @Simon_Hill I have all my apps affected, I’m now doing the self hosted URL thing but I have about 300 users across a couple of apps, am I right in thinking they will all have to redownload and re-install from the new URL app to get things back to normal again, is that that the way you see it.
I’m afraid so. My understanding is that any users affected will need to visit the new short cut URL and replace any home screen shortcuts or bookmarks they previously used…
Wanted to address some of your comments/questions:
Agreed. We will be documenting best practices for production apps and being able to have DNS flexibility in a way that doesn’t affect your existing install base will be a major point.
I don’t believe it will be a requirement, but as I mentioned above there are several steps necessary to run a truly resilient production app on the internet. Some of them, including controlling the domain name, will require your involvement if you want to maintain an uptime high standard. But that is a recommendation vs. a requirement.
Unfortunately, yes. Users with a PWA installed on their mobile devices will need to update their shortcut along with any other hard-coded references to the blacklisted domain.
Quick update from Glide as I know many of you are grappling with the lack of options available that avoid your customers having to update their links.
We have an appeal in process to the entity that we believe is responsible for flagging glide.page as a phishing site. However, these entities are typically quite opaque and non-responsive. Of course, we will let you know if we hear back from our appeal and glide.page is restored as a valid domain, but we must proceed as though this will not happen.
We have an alternative domain currently provisioned as a drop-in replacement for glide.page that is available for anybody currently blocked. DM me or submit a ticket to Support if you would like access. There are still a few caveats and known gotchas which is why we haven’t publicly posted this option yet.
Longer term we are looking at a variety of options, including:
Scanning of apps posted on Glide for phishing content
A built-in proxy service to provide a layer of Glide routing flexibility to be more resilient to these types of contaminations
Better documentation around how to provision production caliber apps on Glide
Apologies for this situation. Running a public platform on the internet requires a high level of vigilance and can sometimes be challenging. Occasionally situations will arise that are outside of our control. Glide remains committed to continuously improving the reliability and availability of our platform and will make every effort to mitigate these situations when they do arise for the benefit of our customers.
Thanks @rwdaigle really appreciate the response. Can I get your advice, I will always use my own domain from this point. Looking ahead to what you might implement, can you see any problems if I use a domain like xyz.app and then subdomain all my clients? eg client1.xyz.app client2.xyz.app 2nd question ( and this is kind of a bonus if this works) I run a lot of separate clients off the one team instance (that’s probably incorrect but it’s the same app with small variations for each client) I incrementally update (which is a pain because I have to do each one) but with my own domain now, if I dupe an app, prep the update and then switch it out with the same domain, will that have the effect of changing the client’s version without them having to re-download? What are my drawbacks to doing this?
@rwdaigle Is there going to be any type of compensation for us paying customers who are affected by your current systems failure to better protect our work? I’ve lost countless hours and more money than I’d like to mention apologising to and refunding paying users of my affect app. I’m sure I’m not the only one.
We have provisioned glide.app as an alternative domain that can be used as a drop-in replacement for glide.page. If you or your customers are experiencing issues accessing apps on the glide.page domain, you may now direct them to use glide.app.
The two domains can be used interchangeably, so you only have to let affected customers know of the new domain option without having to tell your whole customer base.
Customers that have saved app bookmarks or web shortcuts will have to re-install them to update the linked domain.
We consider this incident resolved, though we are still exploring longer term efforts to make our platform more robust, which will be communicated as product updates.
If you have any further technical or account-specific questions regarding this incident please contact Glide Support.
Thank you for your understanding on this matter, and we apologize for any impact on your businesses.
