I have a personal website hosted using my provider's DNS name (i.e. myname.provider.com
) on my personal hardware at home. The web server (both HTTP and HTTPS) is Apache on Debian Wheezy (which is rather dated), but I update it regularly. It has an OwnClound instance, a simple PHP form to send an SMS to my phone and my wife's, and a photo gallery with some art stuff my wife made. The site has an up to date Letsencrypt certificate. There's also an open SSH port for remote maintenance.
Recently, this website got classified as 'phishing' by Blue Coat Web Filter list, so neither me nor my wife can access it at work. Using the tool from this post shows no further problems.
I'm thinking about sending them a review request, but before I do, I would like to understand what could have gotten me blacklisted in the first place, to see if I can fix the problem beforehand. Is this because of OwnCloud? Web gallery? Letsencrypt certificate? Provider's DNS? Dated Apache? Open SSH port? Or do they just blacklists all URLs starting with 'D' because it's February?
What are the most common red flags which are used to blacklist websites?