- fix bug with the whitelist processing
- fix bug where the code is running on neutral websites
New Features since v0.0.23
Phishing websites are appearing like weeds in my garden. @anyx from @steemcleaners has created @guard as a Proactive Measure to Limit Phishing on Steemit. But as we add protection the scammers are creating work around, so it's a game of cat and mouse. Here are what have been added/amended to
- The whitelist and blacklist are now on a remote server so that I don't have to update the extension just for a list update
- in v0.0.23 I was using a URL expander service to reveal the real URL when scammers are hiding it by shortening it. Due to some short URL not expanding properly, I've ended up building my own API. With extra update for their new workaround.
- I'm now using Regexp for whitelist and blacklist
- Adding a cache buster to the whitelist API call to avoid cache
- By creating invalid HTML content, the scammers were preventing the full page warning from showing up,
Steemed Phishnow handles it
- I'm following the #phishing channel of @steamcleaners and update my blacklist multiple times a week
Download the extension
Steemed Phish is a Chrome extension that offers protection against Steemit.com phishing clones
Changing icon color based on white/blacklist
This extension will validate Steemit related websites by changing its icon color:
- red is for blacklisted sites
- green is for recognised friendly sites
- grey is for unrecognised sites
Whitelist and blacklist
Steemed Phish does not rely solely on these list as anything not listed won't be protected. Blacklist and whitelist are hard to maintain but adding them helps widening the protection coverage.
When a site is neither whitelisted or blacklisted,
Steemed Phish will try to check the URL structure to find known patterns and flag a link as supsicious by coloring it in pink.
There are currently 19 blacklisted websites and 31 whitelisted websites.
If a user lands on a phishing website,
Steemed Phish will display two types of alerts:
- a dialog that shows up even if the page was loaded in a tab in the background
- a full page alert, that covers the whole phishing page and offers a link to go back to Steemit.com. The full page alert also reminds the user of not using their Steemit Keys on unknown websites and keep their password (Owner Key) safe.
Expand shorten URL
Some links are shortened using services such as bit.ly, this prevents people from easily analysing the URL of the link.
Steemed Phish uses a link expanding API to determine the destination URL of a link and then compare it again against the white/blacklist logic above.
Making external links more visible
Ideally, a user should be more careful on links they are clicking on by always paying attention to the URL of an anchor. But this is easier said than done and even the most experienced user can let down their guard sometimes and get tricked by the scammers.
Recently, Steemit.com, has added a feature that marks external links with a grey icon on the right of each links.
Steemed Phish will make that icon more obvious by coloring it in purple. On top of that, it will make a bubble appear next to the mouse cursor with a text explaining the fact that clicking on the link with leads you away so don't use your password. This bubble won't show up on friendly (whitelisted) websites
Support lazy loading
The extension works even if the links are inserted into the page after page load (Ajax), for example:
- The link was in a comment that was hidden due to low rating and I then revealed it.
- The link is in a comment low in a popular page. The comment was not loaded at first but only when you scroll down
In both cases, the first time the page loads, the comment and the link is not loaded and displayed.
Steemed Phish still works in these cases.
Download the extension
I'm a Steem Witness
If you like what I do for the Steem community, please consider me when choosing one of your 30 witnesses to vote for.
Vote for your 30 witnesses
Posted on Utopian.io - Rewarding Open Source Contributors