SCAM WEBSITES posted on Hive or sent to you as DM on Discord or other platforms.
Eg. "you won 1 BTC" (you only have to deposit $ 500 and then wait a very very long time that tends to infinite). Reporting them early will prevent these scams from creeping into Hive.
COMPROMISED WEBSITES - See for example the incident that happened with Hive account@threespeak where a rogue dev took off with their domain.
In order to mitigate security concerns Hive account@guiltyparties had to temporarily blacklist https://3speak.co as a phishing site. This new feature will now allow to avoid confusion between a website reported as compromised or plain old phishing.
Also sites with known critical vulnerabilities may be marked as compromised until the security issue is patched.
HACKED ACCOUNTS - whitelisted users can now report accounts stolen and used in phishing campaigns (eg. this or this one) so that my usual auto-replies will immediately appear in response to new phishing comments and counteract the phishing spam wave.
The improvement consist in the fact that instead of only consuming Hive account@spaminator's or Hive account@guiltyparties's list of hacked account, I can now automatically use, in addition, this community-reported hacked accounts list.
2. Plans for Communities Mute lists and Universal Script for Hive frontends
As part of the logic that automatically handles adding a hacked account to a banlist, in the near future I will also make it add it to my mute list (or likely to an alt account's). In this way community owners will be able to hide all phishing comments simply following my mute list in the community settings. FYI most-popular communities leaders 👆
2. All these new ban lists will be used by my Universal Script for Hive Frontends.
As requested by Hive account@quochuy (hopefully before the end of this week) I'll submit a Pull Request to the Hive condenser repository. I'll do that as soon as the version 2.0 of my script, improved and adapted among the other things to use my new ban lists, will be ready for release.
3. New commands
HOW do we report unsafe links and users, you ask?
Post a comment anywhere using the format below. You can leave it under your blog, as reply to another user, etc. You can use any Hive Frontend.
!INFO -> replies to your comment with the list of all available commands
!PHISHING -> reports phishing links targeting the Hive ecosystem (see here)
!SCAM - adds the target domain to the scam domains list
!UNSAFE - adds the target domain to the list of compromised domains
!HACKED - adds the target user to the list of hacked accounts
What will happen when you post a comment with those commands?
...in about 3 seconds you will get an auto-reply and a ~0.03 upvote.
Use these commands only when you are confident about the issue.
Users that intentionally abuse these commands will get $5 downvotes.
3. Screenshots of the commands in action
!INFO command
!SCAM command
Databae updated:
Auto-reply for the newly reported link:
AUTOREPLY TO SCAM LINK IN MEMO: [supported for all commands]
(Logs for nerds:)
!UNSAFE command
DB correctly updated:
Auto-reply for the newly reported link:
!HACKED command
Database correctly updated:
Auto-reply for the newly reported hacked user:
( Logs for nerds: )
> NOTE: multiple domains and users in reports are now supported !!
eg. for the phishing command...
DB correctly updated:
autoreply to posts, comments and memos:
5. Discord notifications for the community reports
In order to reduce abuse, a domain whitelist is in use. Meaning that for example a newly created user cannot add hive.blog to the scam websites banlist =]
All top40 witnesses and a list of whitelisted users can send just a single report to add entries to the ban list.
That's not the case for regular users:
Minimum reputation for the reports to be processed: 50
Amount of reports required for regular users for each type of report:
-- Phishing domains: 3
-- Scam domains: 10
-- Compromised domains: 0 (only whitelisted users and top40 witnesses can)
-- Hacked accounts: 5 (will increase if abused - keep in mind the $5 downvotes..)
For 24 hours please feel free to test these commands using as targets non-existing domains and non-existing users.
Add the word "test" to your comment/report so that it will be easier for me to clean up the DB afterwards.
These scenarios should be covered too: - Phishing/scam/unsafe links hiding in shortened links; - Unsafe links added to a comment afterwards as edits.
Please give them a try!
Unfortunately your tests wont get reward$ because at the moment the voting power of my accounts is drained to fight against a comment farming campaign. See my latest post on Hive account@gaottantacinque if you are willing to help, anyone can help using that 10 line script easily executable in your browser.
PS - UPDATE: rewards doubled thanks to new delegations!!
Besides the automated mute lists that communities leaders will be able to automatically follow, and the integration of these ban lists into my Universal Script for Hive frontends.. I plan on adding commands that allow whitelisted users to remove entries from the ban lists.
Priority will be for automating removal of users marked as hacked, in case they manage to recover. This is already partially implemented but not released yet.
More commands to report abuse on Hive and get small rewards for it.
This will be handled in my newly created account Hive account@hive-defender !!
9. How to consume my ban lists
Example of JS/NodeJs code to use in your project:
constHIVE_API='https://api.hive.blog';constTARGET_BANLIST='phishing-db';// <<<< BANLIST PERMLINK HERE constfetch=require(node-fetch);// <- for nodejs only, not needed in websitesfetch(HIVE_API,{body:JSON.stringify({jsonrpc:'2.0',method:'condenser_api.get_content',params:['keys-defender',TARGET_BANLIST],id:1,}),headers:{'Content-Type':'application/x-www-form-urlencoded'},method:'POST'},).then(res=>res.json()).then(({result}={})=>console.log('Banlist:',result.body));
Again, if you are a maintainer of one of the Hive frontends you won't need to integrate my ban lists yourself if you use my Universal Script for Hive forntends.
- Keys protection[live scan of transfers / posts / comments / other_ops. Auto-transfers to savings, auto-reset of keys, ..] {see automatic posts on leak and monthly reports} -Phishing protection[live scan of commentsa and posts to warn users against known phishing campaigns and compromised domains, scan of memos] -Re-posting detection[mitigates the issue of re-posters] -Code injections detection[live scan of blocks for malicious code targeting dapps of the Hive ecosystem] -Anti spam efforts[counteracts spam from hive haters]
I do not receive funding through a proposal or running a node witness. If you like what I'm doing with Hive account@keys-defender please upvote, reblog, delegate or auto-vote my posts.
had to temporarily blacklist https://3speak.co as a phishing site. This new feature will now allow to avoid confusion between a website reported as compromised or plain old phishing.
Also sites with known critical vulnerabilities may be marked as compromised until the security issue is patched.
!!
