Maybe once a rogue memo is discovered (containing a malicious link) the front-ends could flag the memo in the wallet feed.
So something like this: Received from accountname
Would become something like this: Received from accountname Hacking Attempt
Or something along those lines.
As I recall, we do have an automated utility under the account name @keys-defender which spots account hacks/hack attempts, but this sort of thing may be outside their scope, since there — on the surface — is nothing malicious about the submitted URL.
Articles:
- !phishing command and universal script
- !scam, !unsafe and !info commands
_ Vote for our WITNESS to support this FREE service!
- !phishing {link}
- !scam {link}
- !unsafe {link}
- !hacked @{user}
- !recovered @{user}
- !info
Yeah I am aware of that service and tend to think this sort of thing is 'outside their scope' as well... hence my suggestion to integrate a protection mechanism into the wallet feed itself.
Perhaps it can be expanded to do that but I think a front-end approach would be more effective... or at least more 'in your face' when looking at the memos.
When a link or author is marked as malicious, their memo are immediately followed by mine warning the user that received it.
Integrating the wallet feature to grey out memos from malicious users would be better though. (see thread below)
cc: @curatorcat
Nice solutions!
It was discussed that the best option would be to grey out a memo once the community flagged an author or link as malicious.
It's up to the Hive frontends to implement this, though.
ie. @peakd @ecency @leofinance @quochuy (hive.blog) etc
The community uses my bot (this) to mark authors and links as phishing (see info about my !phishing command at the bottom of this recent post of mine about this same topic as this post) and the flagged users/domains are available to everyone HERE.
Note: top-40 witnesses can blacklist users/links OR in alternative 3 above-50 users reporting the same user/link. Auto-upvotes are in place to incentivize reports and whitelists are used for reputable users/domains.
Hopefully we see the frontend developers put this to use!
What's the best way to access a list of malicious author / links?
Here you go! 💪
var PERMLINKS = { HACKED_USERS: 'hacked-users-db', SCAM_DOMAINS: 'scam-domains-db', COMPROMISED_DOMAINS: 'unsafe-domains-db', // eg. when 3speak got stolen PHISHING_DOMAINS: 'phishing-db', }; // Other phishing lists that @keys-defender consumes to counter comment/memo spam: // https://spaminator.me/api/p/domains.json // https://raw.githubusercontent.com/gryter/plentyofphish/master/phishingurls.txt hive.api.getContent('keys-defender', PERMLINKS.PHISHING_DOMAINS, (err, result) => { console.log(err, JSON.parse(result.body)); });Example:
cc: @jarvie @asgarth
@anomadsoul @khalkaz1
@chrisrice
Thank you @keys-defender.
Posted via D.Buzz
Articles:
- !phishing command and universal script
- !scam, !unsafe and !info commands
_ Vote for our WITNESS to support this FREE service!
- !phishing {link}
- !scam {link}
- !unsafe {link}
- !hacked @{user}
- !recovered @{user}
- !info
There is similar project that as far I know is already integrated into multiple frontends: https://github.com/ecency/hivescript
Would be so much easier for everyone to integrate you integrate your work with the list that is already there.
Interesting, never seen that one before. Will consume those lists too.
The contributors seem to be @good-karma, @therealwolf, @rishi556, @holger80, @reazuliqbal, @quochuy.
It does not seem to be actively maintained though, those lists haven't been updated in 2.5 years (1.5 ys for bad actors and 2.5 ys for bad domains).
Using that library, to get an updated list of known bad actors/domains requires you to pull the updated npm library and do a frontend release. Not as quick as required to counteract phishing waves.
Besides the lists of bad actors/domains in my "database", KD consumes @guiltyparties / @logic lists too:
So ideally Hive frontends should consume from all 3 sources. Or let the user decide which ones to consume from (eg. with checkboxes).
Mine is going to keep being actively maintained as it has for the past 3.5 years.
That's also because I have more development plans for this bot, as the token of my game (crypto shots) will be used to unlock premium features for this and other projects of mine in order to add utility. [spoiler 😉]
By adding list into above hivescript, we could potentially have same API from multiple frontends, pointing to same list. @asgarth what do you think? Is your @keys-defender, db or code opensource which we can use to combine somehow and create multiple endpoint of same list?
Totally agree. A single list (or at least a single API) will be so much easier to handle for multiple frontends.
@good-karma you mean having hivescript dynamically consume data from my "database" and the other APIs maintained by other Hive folks?
Yeh we could fork that repo (not loving the name) and add that code there.
Something like:
import { fetchBadUsers, fetchBadDomain } from '@hiveio/newname/index.js'For mine it's just a matter of doing this:
https://peakd.com/psa/@keys-defender/re-quochuy-s3wa0h
Repo forked and added this to my backlog but not really sure when I'll have some free time for this.