New features: extended phishing protection, preview and scan of shortened links
2 new features added to @keys-defender:
New feature # 1. Shortened URL preview & scan
This defense mechanism helps to prevent users from being tricked into navigating to a malicious site (eg. phishing, malware).
Example: (on Steem - my testing playground)
So, as per screenshot above, the unfurled URL gets also checked against the known phishing domains as if the link in the comment/post was not shortened to begin with.
At the moment, the preview is automatically generated for the following URL Shorteners:
- https://tinyurl.com/
- https://goo.gl/
- https://bit.ly/
- https://ow.ly/
- https://buff.ly/
- https://is.gd/
- https://adf.ly/
- https://bit.do/
- https://rb.gy/
- https://rebrand.ly/
- https://polr.me/
- https://b.link/
- https://t2m.io/
- https://gestyy.com/
- https://zpr.io/
More will be added in the future.
Furthermore, comments and posts that include links using http instead of https will now get a warning too.
To prevent spamming, this comment gets out only 1 out of 10 times since apparently many users share HTTP (no HTTPS) links.
Example: (on Steem - my testing playground)
NOTE: feedback is welcome! Please let me know if it gets too spammy and I'll reduce these type of comments even further!
(As per screenshots, users can already prevent future comments replying OFF if they're bothered by it)
This is also the first step into not providing my services for steem users: steem accounts that do NOT have the same keys on Hive won't be notified by this bot when they come across a link that is flagged as phishing in my database.
So.. sorry, this feature is only for Hive users. Steem users, you already have Justin Sun taking care of you and making sure you are safu! (lol)
See also my last post on @gaottantacinque for more details and a code snippet you can re-use in your project for the same purpose.
UPDATE 1:
- Added whitelist of shortened URLs. Eg. Actifit uses 2 bit.ly links in all their automated posts.
- While the shortened urls preview and scan feature was working well on steem, it seems to have some issues here on hive as some of the requests required in its steps fail due to node issues. Will investigate further and work around those with a temporary patch. PS. Decided for the time being to remove the checks to prevent multiple replies when the author edits a post/comment containing a shortened URL. Will bring it back when the nodes issues are gone.
UPDATE 2
- The auto-replies with the shortened URLs previews got a couple of OFF as reply so I decided that until I preview all shortened links in the post in a single message and keep in the cache users that I recently notified, I will only preview shortened links in comments and not in posts. This should reduce the clutter by one order of magnitude.
- Auto-replies for HTTP links reduced from 1/10 to 1/20 to further reduce spam.
UPDATE 3
- HTTP notifier updated to check whether automatic redirection to https is in place for the http links it finds. If it is, the user does not get notified as it's already safe. In all the other cases the user gets notified: the http link does not work, its https site exists but the https redirection is not in place, its https site exists but it errors out.
- Now periodically (every hour) retrieving and checking against @guiltyparties's list of phishing/compromised domains..
..and phishing users..
..in order to counteract these threats!!
- Introductory post for @keys-defender launch
- Automatic-posts on leak detection, weekly reports
Other features:
- Phishing protection
- Re-posting detection
- Shortened URLs preview and scan
- XSS vulnerabilities in hive-db.com
- XSS vulnerabilities in scribe.hivekings.com
- XSS vulnerabilities in hiveblockexplorer.com
- Malicious ads redirecting all Steemit iOS users to a phishing site
- Reverse tabnabbing and clickjacking in steem.chat and steeemit registration page
To support this bot..
Keep on defending those keys. There will always be those who need you.
!BEER
😎 👍
A few updates above! =]
{ guglee.co.nf -> known phishing domain test }
@b0t5-testing Your comment cointains a link that is on my blacklist ❗ ❗ ❗ ❗
@keys-defender, do NOT click on the link above in their comment.
Link: "guglee.co.nf*" => DO NOT CLICK
More info: https://hive.blog/hive/@keys-defender/new-feature-phishing-detection-and-auto-reply
Comment 10% downvoted to make it less visible. This message is self-voted to be more visible among others.
@keys-defender
Shortened links test: https://bit.ly/1c92v5e
Now checking it against my database of known compromised or unsafe domains.. you'll see another reply if it's in there. If not, it's likely safe to open.
More info on this service here. For more information about risks involved in shortened URLs, read this article by Forbes..
This auto-reply is self-voted to be more visible among others. {average of post/comments with Shortened links I found per hour: n/a}. This auto-reply (on posts) is throttled 1/20 to reduce spam but if it still bothers you reply "OFF FURL" - (I'll still check previews against my database)
A few updates above! =]
(and a test here: guglee.co.nf)
@b0t5-testing is on @guiltyparties's list of phished accounts ❗ ❗ ❗
@steevc, for your safety do NOT interact with the comment above.
More info: https://hive.blog/hive/@keys-defender/new-feature-phishing-detection-and-auto-reply
Comment 10% downvoted to make it less visible. This message is self-voted to be more visible among others.
@keys-defender
View or trade
BEER.Hey @keys-defender, here is a little bit of
BEERfrom @steevc for you. Enjoy it!Learn how to earn FREE BEER each day by staking your
BEER.Recently these warnings seems to pop up filling many comment sections. Had one comment on my post and was getting this phishing WARNING ad repeated daily, one after another. Personally cannot see any benefit from these bots filling the blockchain with useless information for 99,9% of users.
A free platform does not need "justice warrior" bots to tell people what to do, cannot save people from stupidity. At least make that an optional service to subscribe in, instead of system-wide annoyance.
For the shortened urls and http links they are already throttled 1/20th and anyone can opt-out replying OFF. The latter is helping with the phishing campaigns that have been ongoing recently both on steem and hive, the attacker is using shortened urls that point to their phishing sites.
Is this a bot answer too? Please stop spamming your "advertisement" everywhere. Perhaps the meaning is well, but should think about this a bit longer, who are you to say what is mandatory and what is not?
Advertisement of what? I add references to my old posts in the comments to make people understand I'm legit and what the bot is doing. I spent many hours coding this bot and I make nothing out of it and it pisses me off how instead of thanking me some people like you just bitch about it (the majority thinks otherwise so who cares!).
Maybe you are right though, I should stop spamming my replies to phishing links and just let them steal from users...
I should not say what is mandatory and what is not (eg. protecting users from funds theft). I should stop working for free and pay for my own server expenses and just shut down everything. Thank you for enlightening me. 😏// sarcasm end
There were some node issues so my check to prevent a new reply when a comment was edited was not working properly. If you are willing to provide constructive criticism of what should be improved, point me to an example so that I can investigate and fix it if it's a bug. That, instead of just bitching, would help.
No need to take it personally. Bitching is a word used, when one is unable to understand criticism. Perhaps some people like your approach, but this might become a platform used by a million people, and the bot would be filling the chains in no-time.
Like I said, would be better to have a subscription-based service, than a system-wide "justice bot". In the end, you decide what is flagged and what is not. The abuse potential is huge, so it is a fair warning from my side.
So what next, adding my account to your DANGER list?
So no communication, well that clearly shows the motives are highly questionable. For money, for recognition, for dumb memes for sure. Just tried to tell you people are not stupid and will see, what you are doing with the little "project" :D
"For money" -> not really here for that, I invested 5 grand in HIVE in the past 3 years because I believe in it. Also, look at what the average salary in NY is for a senior software engineer and stop pestering me. The other reasons.. whatever, think what you want.
You don't like me, stop interacting with me and mute me. Bye!
Please stop your incessant, unwarranted spam comments on my posts.
I don’t see any comments of mine on your posts, got a link?
(You are also on a few blacklists and those are not controlled by me(
Don't worry... this is my channel on YouTube and post this video because the platform of 3speak was troubles
@keys-defender thank you for the warning and we appreciate that you keep an eye out for all of us.
I hope that you saw that the link was to one of our newspapers regarding a published interview with my wife about our charity work.
So what I have done now is that I have deleted the short link in the reply and explained to @farm-mom that I will send her the full URL of the article that also starts with https:
@papilloncharity after 4 years on hive has a clean record and we have never had any intentions to spam anyone.
Absolutely, I have now whitelisted both you and her so you won't be bothered anymore. Keep up the good work
Thank you for whitelisting me and @farm-mom and I am glad that the issue was resolved.
Keep up your good work to keep us all safe.
!BEER
View or trade
BEER.Hey @keys-defender, here is a little bit of
BEERfrom @papilloncharity for you. Enjoy it!Learn how to earn FREE BEER each day by staking your
BEER.