There's no session to be compromised on that site (as I mentioned in the post, only the redirection bit is dangerous).
Hive frontends don't allow unsafe tags in posts either, so average users couldn't use the exploit even if they knew it.
To compensate, I then decided to add a feature that Hive account@guiltyparties asked me if I could add a while back..
ANNOUNCEMENT:
Starting from today Hive account@keys-defender will keep a list of known phishing links and compromised domains. As part of the scanning of new blocks added to the Hive blockchain, besides as usual protecting leaked keys, it will now automatically reply to any post or comment containing a known phishing link or compromised domain.
FI-1. Check all memos transfers too for potential phishing attempts; FI-2. Allow top 30 witnesses and whitelisted users to add a phishing link to my list simply sending Hive account@keys-defender a memo structured in this way "phishing::https://evil-link.com"; FI-3. Allow whitelisted users on my Discord server to add a phishing link using a command like: "!phishing https://evil.com". FI-4. {PS. periodically query a few services that publish known phishing domains as soon as they are discovered - may charge users a little bit for this additional service though as those APIs are not free}
If you want to timely notify me of phishing campaigns happening on Hive, tag me or the other users in my discord: https://discord.gg/SXuwsH7. In alternative, join the HiveWatchers (Hive account@hivewatchers) discord and they'll add it themselves when the improvements above are ready.
via multiple means already;
