You are viewing a single comment's thread from:

RE: PSA! Be very careful clicking on links from non-reputable Hive users

in #psalast year (edited)

It was discussed that the best option would be to grey out a memo once the community flagged an author or link as malicious.
It's up to the Hive frontends to implement this, though.

ie. @peakd @ecency @leofinance @quochuy (hive.blog) etc

The community uses my bot (this) to mark authors and links as phishing (see info about my !phishing command at the bottom of this recent post of mine about this same topic as this post) and the flagged users/domains are available to everyone HERE.

Note: top-40 witnesses can blacklist users/links OR in alternative 3 above-50 users reporting the same user/link. Auto-upvotes are in place to incentivize reports and whitelists are used for reputable users/domains.

Sort:  

Hopefully we see the frontend developers put this to use!

What's the best way to access a list of malicious author / links?

Here you go! 💪

var PERMLINKS = {
    HACKED_USERS: 'hacked-users-db',
    SCAM_DOMAINS: 'scam-domains-db',
    COMPROMISED_DOMAINS: 'unsafe-domains-db', // eg. when 3speak got stolen
    PHISHING_DOMAINS: 'phishing-db',
};
// Other phishing lists that @keys-defender consumes to counter comment/memo spam:
// https://spaminator.me/api/p/domains.json
// https://raw.githubusercontent.com/gryter/plentyofphish/master/phishingurls.txt

hive.api.getContent('keys-defender', PERMLINKS.PHISHING_DOMAINS, (err, result) => {
  console.log(err, JSON.parse(result.body));
});

Example:

image.png

Thank you @keys-defender.

Posted via D.Buzz

There is similar project that as far I know is already integrated into multiple frontends: https://github.com/ecency/hivescript

Would be so much easier for everyone to integrate you integrate your work with the list that is already there.

Interesting, never seen that one before. Will consume those lists too.
The contributors seem to be @good-karma, @therealwolf, @rishi556, @holger80, @reazuliqbal, @quochuy.

  • It does not seem to be actively maintained though, those lists haven't been updated in 2.5 years (1.5 ys for bad actors and 2.5 ys for bad domains).

  • Using that library, to get an updated list of known bad actors/domains requires you to pull the updated npm library and do a frontend release. Not as quick as required to counteract phishing waves.

Besides the lists of bad actors/domains in my "database", KD consumes @guiltyparties / @logic lists too:

So ideally Hive frontends should consume from all 3 sources. Or let the user decide which ones to consume from (eg. with checkboxes).

Mine is going to keep being actively maintained as it has for the past 3.5 years.
That's also because I have more development plans for this bot, as the token of my game (crypto shots) will be used to unlock premium features for this and other projects of mine in order to add utility. [spoiler 😉]

By adding list into above hivescript, we could potentially have same API from multiple frontends, pointing to same list. @asgarth what do you think? Is your @keys-defender, db or code opensource which we can use to combine somehow and create multiple endpoint of same list?

Totally agree. A single list (or at least a single API) will be so much easier to handle for multiple frontends.

@good-karma you mean having hivescript dynamically consume data from my "database" and the other APIs maintained by other Hive folks?

Yeh we could fork that repo (not loving the name) and add that code there.

Something like:

import { fetchBadUsers, fetchBadDomain } from '@hiveio/newname/index.js'

For mine it's just a matter of doing this:
https://peakd.com/psa/@keys-defender/re-quochuy-s3wa0h

Repo forked and added this to my backlog but not really sure when I'll have some free time for this.