owncloud / appstore-issues

A repo to track issues of the apps on apps.owncloud.com that are not in github and issues of the appstore itself.
1 stars 0 forks source link

Add "admin activation" to new apps at the appstore (prevent spam/phising) #58

Closed ghost closed 7 years ago

ghost commented 8 years ago

Hi,

it happens again and again that spam/phising/advertisements apps like:

https://apps.owncloud.com/content/show.php/pintexx-2?content=174702 https://apps.owncloud.com/content/show.php/pintexx?content=174701

are added to the appstore. This looks really bad and has a bad smell if people are seeing such crap at the appstore.

As there are not that much new apps it would make sense to add a feature to the appstore making apps only visible after admin activation .

cc @karlitschek

ghost commented 8 years ago

It also happens quite often that there are copies of existing apps are done like:

https://apps.owncloud.com/content/show.php/Calendar?content=174703

ghost commented 8 years ago

Or this: https://apps.owncloud.com/content/show.php/Direct+Menu?content=174705

Akhenaton commented 8 years ago

AMHO this problem is an absolute "no-go" for what should be a "reliable" appstore, and should be a 1st. priority task. It's a very serious matter of reputation for ownCloud. If you can't manage correctly an appstore it's better to shut it completely...

ghost commented 8 years ago

Well, in current oC versions a user don't need to browse the appstore at https://apps.owncloud.com Furthermore those apps are only showing up inside of ownCloud if a user enables "experimental" apps and then the user gets a big red warning that he gets unchecked and also possible unstable / malicious apps.

Still this needs to be fixed somehow that such apps are not uploaded / available for such a long time at the appstore (the first two posted are there since over 2 weeks!!!)

Akhenaton commented 8 years ago

Well, i always browse to the web site of any appstore (googleplay, Android, Apple, ownCloud, etc. etc) and peep to see more details about the app before doing anything. I never rely on the sole app. and what it tells me. But your mileage may vary....

ghost commented 8 years ago

Sure. But you can't infer from you to a standard user of ownCloud. :-)

But anyway, this still needs to be fixed sooner then later.

ghost commented 8 years ago

Another one: https://apps.owncloud.com/content/show.php/jikjikj?content=174717

danimo commented 8 years ago

I went after all of these, thanks. Still looking for interested reviewers :)

ghost commented 8 years ago

@danimo Unfurtunately a lot of more ended up in the appstore:

https://apps.owncloud.com/content/show.php/Olshoppers?content=174729 -> Just spam https://apps.owncloud.com/content/show.php/test?content=174730 -> Contains a PHP webshell to attack the server itself https://apps.owncloud.com/content/show.php/Delete+Confirmations?content=169968 -> Got spam in the comments https://apps.owncloud.com/content/show.php/bd?content=174728 -> Contains a PHP webshell to attack the server itself https://apps.owncloud.com/content/show.php/demo_one?content=174686 -> No functionality

danimo commented 8 years ago

@RealRancor Done.

ghost commented 8 years ago

@danimo Thanks. However the following two items are still there:

https://apps.owncloud.com/content/show.php/Olshoppers?content=174729 -> Just spam https://apps.owncloud.com/content/show.php/Delete+Confirmations?content=169968 -> Got spam in the comments

danimo commented 8 years ago

Done.

ghost commented 8 years ago

And a few spambots hit the appstore again. It seems they got set to "inactive" but their comments with spam contents are still there:

https://apps.owncloud.com/usermanager/search.php?username=Bleeyi&action=comments https://apps.owncloud.com/usermanager/search.php?username=sheny&action=comments https://apps.owncloud.com/usermanager/search.php?username=naindralorette&action=comments https://apps.owncloud.com/usermanager/search.php?username=rollykelson&action=comments -> About 35 undeleted spam comments

like seen on the latest comments from e.g.:

https://apps.owncloud.com/content/show.php/QOwnNotes?content=168497

As the comments on the old appstore are mostly misused for bugreports i still suggest to disable them completely for the reasons explained in https://github.com/owncloud/appstore-issues/issues/37#issuecomment-236351879

PVince81 commented 7 years ago

@DeepDiver1975 @felixboehm @jnweiger

DeepDiver1975 commented 7 years ago

taking care ....

DeepDiver1975 commented 7 years ago

@RealRancor Thanks for letting us know - I killed all the comments - hopefully ...

ghost commented 7 years ago

@DeepDiver1975 Thanks. At least for the following spambots quite a lot comments still exists:

https://apps.owncloud.com/usermanager/search.php?username=Bleeyi&action=comments https://apps.owncloud.com/usermanager/search.php?username=rollykelson&action=comments

DeepDiver1975 commented 7 years ago

What a bloody stupid system - I deleted the users but the comments are still there?

ghost commented 7 years ago

I deleted the users but the comments are still there?

I think thats the main issue here. A few of the listed users above are shown as "inactive". They probably where deleted but the comments wasn't deleted automatically.

Another reason to get rid of the old appstore sooner then later...

ghost commented 7 years ago

Seems someone is spamming the appstore with "ownNote" apps where the download is just redirecting to a private oC instance:

https://apps.owncloud.com/content/show.php/ownNote?content=174773 https://apps.owncloud.com/content/show.php/ownNote?content=174774 https://apps.owncloud.com/content/show.php/ownNote?content=174775

DeepDiver1975 commented 7 years ago

killed them - thx