New features: extended phishing protection, preview and scan of shortened links

in Hive Projects3 months ago (edited)

2 new features added to @keys-defender:

Logs




New feature # 1. Shortened URL preview & scan
This defense mechanism helps to prevent users from being tricked into navigating to a malicious site (eg. phishing, malware).



Example: (on Steem - my testing playground)

image.png

So, as per screenshot above, the unfurled URL gets also checked against the known phishing domains as if the link in the comment/post was not shortened to begin with.

At the moment, the preview is automatically generated for the following URL Shorteners:

- https://tinyurl.com/
- https://goo.gl/
- https://bit.ly/
- https://ow.ly/
- https://buff.ly/
- https://is.gd/
- https://adf.ly/
- https://bit.do/
- https://rb.gy/
- https://rebrand.ly/
- https://polr.me/
- https://b.link/
- https://t2m.io/
- https://gestyy.com/
- https://zpr.io/


More will be added in the future.

Furthermore, comments and posts that include links using http instead of https will now get a warning too.
To prevent spamming, this comment gets out only 1 out of 10 times since apparently many users share HTTP (no HTTPS) links.

Example: (on Steem - my testing playground)

image.png

NOTE: feedback is welcome! Please let me know if it gets too spammy and I'll reduce these type of comments even further!
(As per screenshots, users can already prevent future comments replying OFF if they're bothered by it)


New feature # 2. Since recently a few Hive users fell victim of a phishing campaign on Steem, I decided to proceed with protecting Steem users that still have the same private keys on Hive. 👉 👉


This is also the first step into not providing my services for steem users: steem accounts that do NOT have the same keys on Hive won't be notified by this bot when they come across a link that is flagged as phishing in my database.

So.. sorry, this feature is only for Hive users. Steem users, you already have Justin Sun taking care of you and making sure you are safu! (lol)

See also my last post on @gaottantacinque for more details and a code snippet you can re-use in your project for the same purpose.




5:50 AM, time to sleep!! 🙈🙈 Take care, @keys-defender / @gaottantacinque
                   


UPDATE 1:

  • Added whitelist of shortened URLs. Eg. Actifit uses 2 bit.ly links in all their automated posts.
  • While the shortened urls preview and scan feature was working well on steem, it seems to have some issues here on hive as some of the requests required in its steps fail due to node issues. Will investigate further and work around those with a temporary patch. PS. Decided for the time being to remove the checks to prevent multiple replies when the author edits a post/comment containing a shortened URL. Will bring it back when the nodes issues are gone.


UPDATE 2

  • The auto-replies with the shortened URLs previews got a couple of OFF as reply so I decided that until I preview all shortened links in the post in a single message and keep in the cache users that I recently notified, I will only preview shortened links in comments and not in posts. This should reduce the clutter by one order of magnitude.
  • Auto-replies for HTTP links reduced from 1/10 to 1/20 to further reduce spam.


UPDATE 3

  • HTTP notifier updated to check whether automatic redirection to https is in place for the http links it finds. If it is, the user does not get notified as it's already safe. In all the other cases the user gets notified: the http link does not work, its https site exists but the https redirection is not in place, its https site exists but it errors out.
  • Now periodically (every hour) retrieving and checking against @guiltyparties's list of phishing/compromised domains..

image.png

..and phishing users..

image.png

..in order to counteract these threats!!

Example of discord notification for known phished users' activity

image.png


 


To support this bot..
                                       
- Delegation links:
10, 20, 30, 40 HP
50,100, 200 HP,
500 HP, 1000 HP
- Curation trail
Follow my curation trail on hive.vote to upvote all my posts with a fixed weight.

Sort:  

Keep on defending those keys. There will always be those who need you.

!BEER

😎 👍

Shortened links test: https://bit.ly/1c92v5e

A few updates above! =]

{ guglee.co.nf -> known phishing domain test }

@b0t5-testing Your comment cointains a link that is on my blacklist ❗ ❗ ❗ ❗

@keys-defender, do NOT click on the link above in their comment.

Reason: PHISHING
Link: "guglee.co.nf*"     => DO NOT CLICK


More info: https://hive.blog/hive/@keys-defender/new-feature-phishing-detection-and-auto-reply


Comment 10% downvoted to make it less visible. This message is self-voted to be more visible among others.


@keys-defender

A few updates above! =]

(and a test here: guglee.co.nf)

@b0t5-testing is on @guiltyparties's list of phished accounts ❗ ❗ ❗

@steevc, for your safety do NOT interact with the comment above.




More info: https://hive.blog/hive/@keys-defender/new-feature-phishing-detection-and-auto-reply

Comment 10% downvoted to make it less visible. This message is self-voted to be more visible among others.


@keys-defender


Hey @keys-defender, here is a little bit of BEER from @steevc for you. Enjoy it!

Learn how to earn FREE BEER each day by staking your BEER.

Recently these warnings seems to pop up filling many comment sections. Had one comment on my post and was getting this phishing WARNING ad repeated daily, one after another. Personally cannot see any benefit from these bots filling the blockchain with useless information for 99,9% of users.

A free platform does not need "justice warrior" bots to tell people what to do, cannot save people from stupidity. At least make that an optional service to subscribe in, instead of system-wide annoyance.

  • The auto-reply for phishing links won't be disabled as it prevents theft of funds

For the shortened urls and http links they are already throttled 1/20th and anyone can opt-out replying OFF. The latter is helping with the phishing campaigns that have been ongoing recently both on steem and hive, the attacker is using shortened urls that point to their phishing sites.

Is this a bot answer too? Please stop spamming your "advertisement" everywhere. Perhaps the meaning is well, but should think about this a bit longer, who are you to say what is mandatory and what is not?

Advertisement of what? I add references to my old posts in the comments to make people understand I'm legit and what the bot is doing. I spent many hours coding this bot and I make nothing out of it and it pisses me off how instead of thanking me some people like you just bitch about it (the majority thinks otherwise so who cares!).

Maybe you are right though, I should stop spamming my replies to phishing links and just let them steal from users...

Screen Shot 2020-11-02 at 1.35.44 AM.png

I should not say what is mandatory and what is not (eg. protecting users from funds theft). I should stop working for free and pay for my own server expenses and just shut down everything. Thank you for enlightening me. 😏// sarcasm end

was getting this phishing WARNING ad repeated daily

There were some node issues so my check to prevent a new reply when a comment was edited was not working properly. If you are willing to provide constructive criticism of what should be improved, point me to an example so that I can investigate and fix it if it's a bug. That, instead of just bitching, would help.

No need to take it personally. Bitching is a word used, when one is unable to understand criticism. Perhaps some people like your approach, but this might become a platform used by a million people, and the bot would be filling the chains in no-time.

Like I said, would be better to have a subscription-based service, than a system-wide "justice bot". In the end, you decide what is flagged and what is not. The abuse potential is huge, so it is a fair warning from my side.

So what next, adding my account to your DANGER list?

So no communication, well that clearly shows the motives are highly questionable. For money, for recognition, for dumb memes for sure. Just tried to tell you people are not stupid and will see, what you are doing with the little "project" :D

"For money" -> not really here for that, I invested 5 grand in HIVE in the past 3 years because I believe in it. Also, look at what the average salary in NY is for a senior software engineer and stop pestering me. The other reasons.. whatever, think what you want.

You don't like me, stop interacting with me and mute me. Bye!