Closed stormageddon closed 8 years ago
I encountered issues too. When visiting pivotaltracker.com and attempting to Sign in with Google, the Min browser presented a big red warning screen. This sign-in workflow seems to work just fine in regular Google Chrome.
All of those except discovercard.com should be fixed now.
Discovercard.com is harder to fix. The problem is that that domain actually redirects to discover.com, but the login form on that page submits back to discovercard.com. Since cross-domain form submissions are something a lot of phishing sites do, the page gets blocked.
Have some further issues with the phishing warning on Windows
Same here. My personal website for example is blocked. Is there a place where we can find the details causing problem?
If you want to rebuild you can comment out the following lines in the js/webviews.js
file:
if (e.channel == "bookmarksData") {
bookmarks.onDataRecieved(e.args[0]);
} /*else if (e.channel == "phishingDetected") {
navigate(this.getAttribute("data-tab"), phishingWarningPage);
}*/
});
Commenting lines 175 -177 will effectively stop the phishing protection. Use a your own risk. I want to submit a PR that makes this an option.
@kebeabap bahn.de is fixed in e381f9223ee7f6a982305294e24dccc157099c18.
@Einenlum If you open the devtools for a page, then go to the console tab and check the "preserve log" option, then navigate to the page that is detected as malicious, the details will be logged.
@stormageddon I've added discover.com to the whitelist in 5fded7b30eabf491e23fd58d43529e5a81f2e9f0.
@PalmerAL Thanks :). Some of the rules seem really weird to me. I get it for "no https" for example, but :
no https
form with password input found
form with simple path for action detected
submitting form without https
form with password input found
form with simple path for action detected
submitting form without https
links go to external domain
min 1.25
status 1.7
phishing scan took 11.789999999999964 milliseconds
What is the problem with these ones for example?
form with password input found
form with simple path for action detected
@Einenlum Here's an explanation:
form with password input found
This doesn't actually increase the score. What happens is that only forms that are considered "sensitive" (ask for address, password, credit card, etc.) count towards the score. This message means that the form contains a password input, so it will be checked as part of the scoring.
form with simple path for action detected
This occurs when an action
parameter on the form contains less than two slashes in it. The reason is that a lot of phishing websites put all the files in the same directory, and set the paths on the actions to be relative, whereaas most legitimate sites use absolute links. (I'm not really sure why this is).
links go to external domain
This means that most or all of the links on the page point to an external domain. The reason for this is that a lot of phishing sites are cloned copies of the real sites, with just the form action changed. For example, on a lot of PayPal phishes, all of the links on the page still point to "paypal.com".
Mmm interesting, thanks. Maybe, instead of adding everyday more websites to a whitelist (which is not viable on the long term) there could be an option 1/ to select the level of blocking (adapting the maximum score) and 2/ to add as a user a website to a personal whitelist.
I guess there is a general problem with redirects to single sign-on pages, at least it's the case here: Moodle of the University of Vienna
thisi is getting pretty ridiculous for me, national newspaper websites are malicious now please just allow a bypass button already!
@surajsharma A bypass button was added in 1.2.0 - see issue #13. You can download the new version from here: https://github.com/PalmerAL/min/releases/tag/v1.2.0.
Also, can you please share which news websites are causing the problem?
@PalmerAL Some pages on Vikaspedia.in were not opening, but i am glad a bypass button exists, also thanks for allowing us to set default browser .. I like how snappy Min is compared to other NodeJS based chromium browsers, please keep it that way.
I'm going to close this issue for now. If there are additional websites that shouldn't be blocked, please open separate issues for those.
I've noticed a few sites that I use daily that are being incorrectly identified as malicious.
namecheap.com discovercard.com compass.cloudmine.io
It seems that the parameters used to determine a phishing site are too broadly defined.