paulpv
commented
1 year ago Fastest fix for this would be to just change http://www.mywebsite.com/ to something else
Closed paulpv closed 1 year ago
paulpv
commented
1 year ago Fastest fix for this would be to just change http://www.mywebsite.com/ to something else
royshil
commented
1 year ago i concur that some of my plugin users have received the same threat alerts from windows defender
Operating System Info
Windows 11
Other OS
No response
OBS Studio Version
29.0.2
OBS Studio Version (Other)
No response
OBS Studio Log URL
not relevant
OBS Studio Crash Log URL
No response
Expected Behavior
Installing a obs-plugintemplate based plugin should not result in anti-virus reporting threat
Current Behavior
obs-plugintemplate based plugins installed on Windows have a url shortcut installed that defaults to pointing to
http://www.mywebsite.com. This is an unfortunate choice because that redirects to what looks like a poorly convincing phishing site:I suspect that this URL is a known phishing site and is why some AV software may flag shortcuts pointing to is as being a potential threat.
Steps to Reproduce
(Reported 2nd hand from user) On Windows:
MyAppURL "http://www.mywebsite.com"At some point in time during or shortly after the installation Norton will pop up the following:
If an AV does not flag this url as a threat, then opening the installed url shortcut...
...browses to
http://www.mywebsite.comwhich redirects to a poorly convincing phishing site:https://a1e24d2a-2434-467c-b2a2-c6dfd5f7e8a4.s3.ap-northeast-2.amazonaws.com/%26%25%5E%24%26%26%40%5E%23%5E!%23!%25%25%25!%24%5E%5E!%25!%40%26%23!%24%25%24%40%26%24%25!%23%40%23%24%40%26%25%23%40%23/index.html?&C=Kirkland&S=145471043&Q=145471043.com&SR=47059&IP=my%20website%20design&RE=50.47.211.46&KEY=98034&ZAnything else we should know?
Found in https://github.com/obs-ndi/obs-ndi/issues/455
I suggest that
PLUGIN_URLbe definable inCMakeList.txtand/orbuildspec.jsonand populated ininstaller-Windows.iss.induring build time similar toPLUGIN_AUTHOR, etc.