One   script   to rule them all..

https://files.peakd.com/file/peakd-hive/keys-defender/23uEx3ge6ahMEAqbNu2KxP3EvamdsBroMaGSYrkDRPsGUHc7sjst6GKUUPo7MoFq9YGo6.png
-----
Problem:
In the past few weeks Hive has been plagued by phishing campaigns and some users lost access to their account or lost their funds. This is nothing new and has been going on for years on ~~Steem~~ and Hive.
https://files.peakd.com/file/peakd-hive/keys-defender/23ynfLMyQ7Cub6dZ3Dkgy3ibKnFc8DCeGkhiMRJjhBRtEVFTGBzSfAF8SxegpyrQM4eg4.png
To make things worse, registrars are not quick enough to take down phishing domains..
https://files.peakd.com/file/peakd-hive/keys-defender/243MPzTbbyDU6fHr6SnsBBTJ3VSMBJk9KgL2At8pnztriEQmsYMWGAMwgEApYdzvTfB5e.png
src

It is time that the Hive community tries to mitigate this issue on their own.
Potential solution:
Use a plug-and-play universal script (or a modified copy of it) that all Hive frontends can integrate to block phishing links in a timely matter. As soon as a phishing campaign starts on Hive and the attacker's domain is spotted and added to a blacklist API (eg. @spaminator's), the universal script would immediately block the attack in all Hive frontends and at the same time leave the User Experience unaffected. As a matter of fact, this is what I worked on in the past few days. - Here is the universal script for all Hive frontends: https://github.com/keys-defender/hive/blob/master/scripts/universal-bridge-against-phishing.js - Here is a demo website with my script in action: https://keys-defender.github.io/hive *NOTE* : the demo page will not be sanitized by my universal script until you: 1. Navigate to https://cors-anywhere.herokuapp.com/corsdemo and click on the "Request temporary access" button, 2. refresh the demo website.
I have proved my universal script working on:      (see screenshots down below) HIVE.BLOG - https://hive.blog - @blocktrades @quochuy PEAKD - https://peakd.com - @asgarth, @jarvie LEOFINANCE - https://leofinance.io - @khaleelkazi ECENCY - https://ecency.com - @good-karma 3SPEAK - https://3speak.tv - @theycallmedan, @starkerz D.BUZZ - https://d.buzz - @chrisrice STEM social - https://stem.openhive.network - @lemouth STEM geeks - https://stemgeeks.net - @enforcer48 ? It would be great if each Hive frontend maintaner could review it and adapt it to their needs (if they need to -- I tested this script in all major Hive frontends already and it did not seem to have unwanted side effects). I highly recommend though that the integration is thoroughly regression tested before it's used in production. FYI also for: AnonRamblings @emrebeyler, DTube @heimindanger, Engage @arcange, Engrave @engrave, @nicniezgrublem, Hive-db @jesta, Hive-Engine @aggroed, Hiveblockexplorer @penguinpablo, Hiveblocks @roadscape, HiveEngine @holger80, Quello @tobias-g, ... \+ other project maintaners: @yabapmatt, @stoodkev, @aggroed, @louis88, @mahdiyari, @acidyo, @fbslo, @rishi556. (apologies for the mass tag) I believe that blocking phishing campaigns in an unified way in all frontends is possible despite the different tech stacks in use. It does no matter which framework the website maintainer used to develop their website (eg. ReactJS, AngularJS, VueJS, JQuery, vanilla JS, etc). Using JS global overrides it is possible to prevent users from falling victim of phishing.
What does my script do?
It uses the native APIs offered by all browsers in order to immediately block phishing links and images in all Hive frontends as soon as they are discovered and published into the blacklist. - Any known phishing link in the UI will be red and strikethrough-ed. Furthermore if you click on a known phishing link you'll see an alert telling you that it's phishing and it won't allow you to navigate to the phishing domain from the Hive frontend. - Any image that is marked as a phishing attempt (eg. an image with some text saying "claim your $ 1000 in tokens at www.justinscam.com") will not be displayed in any frontend that uses my script (or a variant of it) as soon as its URL is published into the public blacklist. More details will follow towards the end of the post to list all the native features of the browser that are hardened by my script in order to prevent phishing (ie. iframes, scripts, window open, XHR requests, Fetch api).
Usage:
How difficult is it to try out my universal script in your Hive-powered website? Integrating this script is very **straightforward**. In order to integrate it, simply add a `

See: Phishing on Hive? No more. Solution for all Frontends. by @keys-defender