Hive blockchain "moonwalk scan" triggered by on-chain phishing reports

in HiveDevs3 years ago (edited)



Feature update:


Phishing reports from trusted users will now trigger a parallel scan backwords of the Hive blockchain in order to detect and respond to newly reported phishing links.

This should make @keys-defender response to phishing waves more effective. The attacker's phishing messages from now on will remain pristine out there only for a bunch of minutes/seconds and hopefully no one will fall for them.

This feature relies on the community to report phishing!
The soon you report phishing with my !PHISHING command (eg. "@keys-defender !PHISHING https://some-phishing-link.com") the less chances the phisher has to be successful in his attack. If he does not manage to steal any HIVE with his attacks, he'll get discouraged and stop attacking Hive with the phishing waves he has been spreading for months.

{ For other available on-chain commands use "@keys-defender !INFO" }

 

Testing performed:

 
1. I left a comment with a fake phishing link:

(https://hiveblocks.com/tx/ee98313641c66e64e6b01e066dae73a776fcaa68)

image.png

image.png

 
2. A few seconds later I reported the fake phishing link with the !PHISHING command:

(https://hiveblocks.com/tx/04737ea2ac814b6f1a0eefd016d3120fea0fc22c)

image.png

image.png

 
OUTCOME:

@keys-defender correctly started a parallel scan backwards and detected+responded to the phishing link.   ✔️ ✔️ ✔️

(https://peakd.com/hive-167922/@b0t5-t3sting/qvjxee)
image.png

 
Logs for n3rds:



Enjoy this new feature and keep your keys safe!
Take care,
@keys-defender
Oh, and clearly I keep submitting thousands of fake credentials into the attacker's websites.. ;)

 

My security disclosures for Hive:
- XSS vulnerabilities in #########.com
- XSS vulnerabilities in hive-db.com
- XSS vulnerabilities in scribe.hivekings.com
- XSS vulnerabilities in hiveblockexplorer.com
- Malicious ads redirecting all Steemit iOS users to a phishing site
- Reverse tabnabbing and clickjacking in steem.chat and steeemit registration page

Other contributions:
- Universal script to prevent phishing in all Hive frontends
- Commands for community reports and ban/mute lists

 Future development:   plan

Keys-Defender features:

- Keys protection [live scan of transfers/posts/comments/other_ops. Warnings (reply and memo), auto-transfers to savings until fully restored, auto-reset of keys, ..] {see automatic posts on leak and monthly reports}
- Phishing protection [live scan of comments and posts to warn users against known phishing campaigns and compromised domains or accounts, scan of memos and auto-replies, anti phishing countermeasures - eg. fake credentials]
- Re-posting detection [mitigates the issue of re-posters]
- Code injections detection [live scan of blocks for malicious code targeting dapps of the Hive ecosystem]
- Anti abuse efforts [counteracts spam from hive haters and milking campaigns]

Discord chat
To support this project..
- Delegations:
10, 50, 100, 200 HP,
500 HP, 1000 HP
- Curation trail
Follow my curation trail on hive.vote to upvote all my posts with a fixed weight.

 

 

UPDATE - 07/14/21

I am now able to start on-chain targeted moonwalk scans 😎 👇
https://hive.blog/hive-167922/@keys-defender/qw9lmb

#hive #tech #feature #abuse #leo #pob
3 years ago in HiveDevs by
$6.33
  • Past Payouts $6.33
  • - Author $3.18
  • - Curators $3.15
222 votes
Reply 5
Sort:  
  • Trending
    • [-]
     3 years ago  
    $0.27
    • Past Payouts $0.27
    • - Author $0.13
    • - Curators $0.13
    2 votes
    Reply
    [-]
     3 years ago  

    That's impressive and a lot to sift through.

    $0.04
    • Past Payouts $0.04
    • - Author $0.02
    • - Curators $0.02
    1 vote
    Reply