3speak.co is compromised, use 3speak.tv - all funds are safe

in #hivedev5 months ago (edited)

@guiltyparties and @hivewatchers (ie. @spaminator @steemcleaners) marked 3speak.co as a phishing website in one of the APIs that @keys-defender consumes. This was done in order to safeguard users because the .co domain was compromised.

This temporary blacklist will remain in place until the issue is resolved. Please hang in there.

The downvotes were automated and we’ll try to remove them afterwards.


UPDATE: New posts using the old domain will now not be downvoted.


Clarifications from GP:

C1C88BB6-DEF1-4FC0-8E6F-7B67FF719F4E.jpeg

image.png


Update/clarification:

Got my 4-day old baby crying in my arms all day so I could not be on top of this.

Recently I gave partial control of my bot to @spaminator @hivewatchers @steemcleaners and they added the 3speak.co link to their blacklist that my bot uses.

  • If you're marked as a phished account you'll get the auto-replies that warn other users ( example )
  • If your post or the metadata of your post still uses the 3speak.co domain you'll get the auto-reply that warns other users about the compromised domain ( example )

Please reach out to the admins of their discord server so that they can decide whether to remove you from @spaminator's list of phished accounts:

https://discord.gg/dfUGwbBy


Update:

Changes that I just released:

  • From now on the bot will check if the phished account message contains a link before replying (still risky because the attacker could just post a link like "new airdrop, visit: t.ly/air9" and users could copy and paste it)
  • Added workaround for metadata issue

Take care, kd

——-

Update - from hivewatchers discord:

FB599A90-3F89-4060-9B3C-1CD8CA49292C.jpeg


Final update: the issue seems now resolved and the domain has been restored -> https://peakd.com/threespeak/@threespeak/important-announcement-we-have-control-of-all-top-level-domains-including-3speakco

Sort:  

To be clean on this: 3speak the site is now at 3speak.tv. The .co domain they had has been stolen by a malicious party and they are working tirelessly to get it back. We will inform everyone the moment it is successfully recovered.

The 3Speak website and service, which are hosted at 3speak.tv as I mentioned, are safe to use and secure.

Hi @guiltyparties, can you check my last post, @keys-defender is warning all my commentators not to click on my links. Any help would be appreciated, my friend.

   
tbnfl4sun is a hacker/hacked account.
@guiltyparties please do not click on any links it may post. More info: 1 | 2. Sincerely, @keys-defender
Comment 10% downvoted to make it less visible. This message is self-voted to be more visible among others.

You likely were temporarily put in the blacklist because you had 3speak set as recovery account

Your bot is putting warnings on 3speak.tv links as well so better fix that.

@sketch.and.jam My bot consumes spaminator's API and the .tv domain is not in there. Asking the other devs that are looking into the issue.

Do you have an example link?

PS. I just saw your post and if you notice it only uses .co not .tv: https://hiveblocks.com/hive-193816/@sketch.and.jam/dgkceidz#@keys-defender/antiphish-keys-defender-bot-1615141129268

When I edited the post to show the .tv embed I got a bunch more bot replies saying it was on the naughty list. I finally just pasted a youtube embed in there and deleted the video off 3speak.tv. Who knows seems that post is epically fubar. Here's a link to the post to see all the bot replies, I think it even got one with the youtube embed so maybe the .co is still somewhere embedded in the original post somehow... https://peakd.com/hive-193816/@sketch.and.jam/dgkceidz

It looks like the metadata still has .co - see here:
https://hive-db.com/hive-193816/@sketch.and.jam/dgkceidz/edits

Aha that would do it. If only there was a way to delete a post entirely off the blockchain.

Yes I tried to do the same and I couldn't. Just erase the video from 3speak but the post with the down vote is there yet and was for a contest 🙈😔

what goes on the blockchain stays on the blockchain... womp I just pasted in a youtube embed on the actual post after deleting from 3speak.

I had to do the same change the video plataform, even i posted from 3speak.tv i received down vote. Now I don't understand.

Yo, why are my comments getting your warning?

   
tbnfl4sun is a hacker/hacked account.
@keys-defender please do not click on any links it may post. More info: 1 | 2. Sincerely, @keys-defender
Comment 10% downvoted to make it less visible. This message is self-voted to be more visible among others.

No link to more info? Are my hundreds of 3speak links all now dangerous, and not to be used? What a disaster. How are we supposed to build things when the frame keeps collapsing? If links aren't permanent, all my blogs are pretty much useless, and that's years of daily work.

Removing the downvotes would be nice! I've done nothing wrong. This is on 3speak and//or their hackers.

Got my 4 day old baby crying in my arms all day so I could not be on top of this.

I gave partial control of my bot to @spaminator @hivewatchers @steemcleaners and they added the 3speak.co link to the blacklist that my bot consumes.

  • If you're marked as a phishing account you'll get the auto-replies warning other users ( example )
  • If your post or the metadata of your post still uses the 3speak.co domain you'll get the auto-reply warning users about the compromised domain ( example )

Please reach out to the admins of their discord server so that they can decide whether to remove you from the phished accounts list:
https://discord.gg/dfUGwbBy

That's awesome! Congrats to you and your partner. @MediKatie and I now have a 16 month old boy - he was born (here in British Columbia) just before the first cases were identified (in China). So his whole life has been in isolation, with no end in sight - that's why I fight!
Well, I'm not a spambot or whatever, so what's my best solution? Go through all my posts that link to 3Speak (50 or so) and edit them with the new URL? Will that get rid of your ugly warning signs? And will that URL be permanent, or will it too need to be edited before long?
Thanks for removing the downvotes (assuming you've had a chance to do so).

Please see the latest update on my post. This should now be resolved for new posts. As soon as possible we sort out the downvotes.

Okay, I've read the update. I still don't know what to do.
From my perspective, I'm a 3Speak user, who posts to Hive. That's not illegal, immoral, against the rules, or wrong in any way. Yet suddenly my posts have huge warnings on them suggesting that I may be up to no good. This isn't just an eyesore. My posts are meant as part of the permanent record, and I go back and update them regularly, and I link to them from other posts and sites. I consider my content important information. For you to sully my posts with that warning is beyond inconvenient and rude, it's potentially damaging to my message. Since I consider my message pretty much the most important thing in the world right now (some may argue), I'm pretty upset at ANYTHING detracting from that. Get it? I don't really care that it's not your fault, or that you're busy with life at home. You've created something which has harmed me, and you're not really doing anything about it. You COULD delete your useless warnings, but you don't, and my message continues to be dirtied.

Please make time and delete your spammy, threatening, misleading comments on my posts.

@logic was supposed to remove 3speak.co today. I’ll check again tomorrow and will try to delete messages from your posts.

Please do the same with my post. I didn't understand why even i post from 3speak.tv and received this down vote and the key defender comments like ten times.

I have the same problem with my post.

Done

Every time you edit a post containing a compromised or phishing domain it triggers the bot. I had a check in place for this but I had to remove it because it caused issues in the bot behavior when the hive nodes are struggling.

Ok, well it's one thing to have a bot that automatically tells you you've written a haiku and it's another thing to have a bot that labels you as a hacker or hacked.

   
montycashmusic is a hacker/hacked account.
@keys-defender please do not click on any links it may post. More info: 1 | 2. Sincerely, @keys-defender
Comment 10% downvoted to make it less visible. This message is self-voted to be more visible among others.

Everything I post comes with an entourage... EVERYTHING... Even posting a link to this post mentioning the problem... Somehow within the darkness in this rift of time my fate has been inextricably linked with 3speak dot co...

Who will come to save humanity this time?

My power to create comment bombs in the Hive-verse is a super power of destruction......

How will I deal with this development? An internal mutation of my very pure self!

Fight our warriors of light! Take your battle hence to the front lines and show no mercy! Reclaim three speak dot co with your indelible glory and weapon finesse!

I bless you with the strength of one thousand dragons!

🙏

   
montycashmusic is a hacker/hacked account.
@montycashmusic please do not click on any links it may post. More info: 1 | 2. Sincerely, @keys-defender
Comment 10% downvoted to make it less visible. This message is self-voted to be more visible among others.

Sword-Fight.gif

This bot shouldn't have picked on me on my first coffee in the morning... On guard!

I hope someone out there in the universe finds this amusing.. Hehe

   
montycashmusic is a hacker/hacked account.
@keys-defender please do not click on any links it may post. More info: 1 | 2. Sincerely, @keys-defender
Comment 10% downvoted to make it less visible. This message is self-voted to be more visible among others.
   
montycashmusic is a hacker/hacked account.
@keys-defender please do not click on any links it may post. More info: 1 | 2.  Sincerely, @keys-defender
Comment 10% downvoted to make it less visible. This message is self-voted to be more visible among others.
   
montycashmusic is a hacker/hacked account.
@keys-defender please do not click on any links it may post. More info: 1 | 2. Sincerely, @keys-defender
Comment 10% downvoted to make it less visible. This message is self-voted to be more visible among others.
   
montycashmusic is a hacker/hacked account.
@keys-defender please do not click on any links it may post. More info: 1 | 2. Sincerely, @keys-defender
Comment 10% downvoted to make it less visible. This message is self-voted to be more visible among others.

The downvotes were automated and we’ll try to remove them afterwards.

@keys-defender please, can you remove the downvote from my post?

https://peakd.com/hive-193816/@mipiano/zgwvotne

Thank you.

Thank you 😇😇😇

@mes Proof that you do not have issues if you use the .tv domain: at some point you edited your post and it used the .co domain -> https://scribe.hivekings.com/?url=https%3A%2F%2Fhive.blog%2Fhive-106474%2F%40mes%2Fzbcfycdq

Interesting. Although I did not do that personally myself. Might be an automated edit via 3Speak.

I never use it but I know a lot of people did and that's it but I saw you doing other posts earlier about it thank you for the great information I reblogged

Because this is such an awesome post, here is a BBH Tip for you. . Keep up the fantastic work

Sad to see this; hope they sort it out soon.

This temporary blacklist will remain in place until the issue is resolved. Please hang in there.

Ok, thank you I really didn't know that. So now it is better to upload our music post through youtube until resolved, I guess :)

The downvotes were automated and we’ll try to remove them afterwards.

🙏🙏🙏 Would be appreciated if anyhow possible 😇

Thank you

Can you please remove your comment/flagging of my post in hive pets. thank you.
https://ecency.com/hive-196708/@unorgmilitia/skkrmnpr

Is now fixed the problem with 3soeak?i still see the dienvites on my link :(

All good. Great work. It was a bit of a pain at the time but was needed. Again great work and sorry if I over reacted.

!BBH

Command accepted!

I uploaded via .tv and still got the blacklist.

   
bradleyarrow is a hacker/hacked account.
@keys-defender please do not click on any links it may post. More info: 1 | 2. Sincerely, @keys-defender
Comment 10% downvoted to make it less visible. This message is self-voted to be more visible among others.

@keys-defender I have never posted to nor used 3Speak for anything.
You've marked my post from yesterday and downvoted it, in that post I used ONLY images OF MY HAND, which I took MYSELF, and one .gif I snagged off the internet.
My post was placed in the Qurator community feed.

   
jerrytsuseer is a hacker/hacked account.
@keys-defender please do not click on any links it may post. More info: 1 | 2. Sincerely, @keys-defender
Comment 10% downvoted to make it less visible. This message is self-voted to be more visible among others.

I saw the comment on Hive watchers last night where @guiltyparties said I was good to go.
@keys-defender what I do not understand though, why all this was on my butt in the first place.
I've NEVER POSTED TO 3speak, NEVER used it for ANYTHING, and after this started I left that community to be on the safe side.

It may be because you created your account through their service and therefore you had them still set as your recovery account?

@keys-defender and @guiltyparties , I created my account in STEEMIT in 2017.
If 3 speak existed then, I didn't know about it.
I think I subscribed to their community because I do occasionally post original videos. but now I am not sure what their community was all about.
To my knowledge as best I remember, I never posted anything, never used their tag nor anything else, other than subscribing to their community page.

If I'm not mistaken, I have Qurator set as my recovery account, but I can't find where that is annotated right now.

It's all good, lets just move past this please.

Thanks 👍

!BBH

Command accepted!

Because this is such an awesome post, here is a BBH Tip for you. . Keep up the fantastic work

   
bradleyarrow is a hacker/hacked account.
@keys-defender please do not click on any links it may post. More info: 1 | 2. Sincerely, @keys-defender
Comment 10% downvoted to make it less visible. This message is self-voted to be more visible among others.

I have to say I didn't use 3speak.co for upload I used 3speak.tv for upload and I received down vote too 🙈 and I was participating in a contest with this. So I didn't understand why I received down vote. I had to change my video to other plataform for can participate in the contest and now this horrible down vote is in my blog 😔

@paolazun Your comment cointains a link that is on my blacklist ❗ ❗ ❗ ❗

@keys-defender, do NOT click on the link above in their comment.

Reason: COMPROMISED DOMAIN
Link: "3speak.co*"     => DO NOT CLICK


More info: https://hive.blog/hivedev/@keys-defender/3speak-is-compromised-at-the-moment-please-do-not-use-it-until-resolved


Comment 10% downvoted to make it less visible. This message is self-voted to be more visible among others.


@keys-defender

Please remove this is insane now all my comments have pishing? What is going on here? Please fix it. This is insane and incoherent

Read the updates above

Ok thanks