One script to rule them all..https://files.peakd.com/file/peakd-hive/keys-defender/23uEx3ge6ahMEAqbNu2KxP3EvamdsBroMaGSYrkDRPsGUHc7sjst6GKUUPo7MoFq9YGo6.png
Problem:In the past few weeks Hive has been plagued by phishing campaigns and some users lost access to their account or lost their funds. This is nothing new and has been going on for years on ~~Steem~~ and Hive.
https://files.peakd.com/file/peakd-hive/keys-defender/23ynfLMyQ7Cub6dZ3Dkgy3ibKnFc8DCeGkhiMRJjhBRtEVFTGBzSfAF8SxegpyrQM4eg4.pngTo make things worse, registrars are not quick enough to take down phishing domains..
It is time that the Hive community tries to mitigate this issue on their own.
Potential solution:Use a plug-and-play universal script (or a modified copy of it) that all Hive frontends can integrate to block phishing links in a timely matter. As soon as a phishing campaign starts on Hive and the attacker's domain is spotted and added to a blacklist API (eg. @spaminator's), the universal script would immediately block the attack in all Hive frontends and at the same time leave the User Experience unaffected. As a matter of fact, this is what I worked on in the past few days. - Here is the universal script for all Hive frontends: https://github.com/keys-defender/hive/blob/master/scripts/universal-bridge-against-phishing.js - Here is a demo website with my script in action: https://keys-defender.github.io/hive *NOTE* : the demo page will not be sanitized by my universal script until you: 1. Navigate to https://cors-anywhere.herokuapp.com/corsdemo and click on the "Request temporary access" button, 2. refresh the demo website.
I have proved my universal script working on: (see screenshots down below) HIVE.BLOG - https://hive.blog - @blocktrades @quochuy PEAKD - https://peakd.com - @asgarth, @jarvie LEOFINANCE - https://leofinance.io - @khaleelkazi ECENCY - https://ecency.com - @good-karma 3SPEAK - https://3speak.tv - @theycallmedan, @starkerz D.BUZZ - https://d.buzz - @chrisrice STEM social - https://stem.openhive.network - @lemouth STEM geeks - https://stemgeeks.net - @enforcer48 ? It would be great if each Hive frontend maintaner could review it and adapt it to their needs (if they need to -- I tested this script in all major Hive frontends already and it did not seem to have unwanted side effects). I highly recommend though that the integration is thoroughly regression tested before it's used in production. FYI also for: AnonRamblings @emrebeyler, DTube @heimindanger, Engage @arcange, Engrave @engrave, @nicniezgrublem, Hive-db @jesta, Hive-Engine @aggroed, Hiveblockexplorer @penguinpablo, Hiveblocks @roadscape, HiveEngine @holger80, Quello @tobias-g, ... \+ other project maintaners: @yabapmatt, @stoodkev, @aggroed, @louis88, @mahdiyari, @acidyo, @fbslo, @rishi556. (apologies for the mass tag) I believe that blocking phishing campaigns in an unified way in all frontends is possible despite the different tech stacks in use. It does no matter which framework the website maintainer used to develop their website (eg. ReactJS, AngularJS, VueJS, JQuery, vanilla JS, etc). Using JS global overrides it is possible to prevent users from falling victim of phishing.