search

polkadot-js / phishing

A curated list of known less-than-honest operators on Polkadot and Substrate networks. Includes a simple JS utility function to check any host or address against this list.
https://polkadot.js.org/phishing/
Apache License 2.0
196 stars 151 forks source link

Creating a kind of all.json for other ways of scamming #2417

Open frankywild opened 1 year ago

frankywild commented 1 year ago

Hello @jacogr,

I was wondering if it is possible to create something like all.json but for twitter accounts or invite links to telegram such as

[Scam alert] t.me/Polkadot1 or twitter.com/Polkadot_helps

Thanks

cc: @michalisFr

jacogr commented 1 year ago

There has been a lot. I think we can even extend the current list with something like „denySubs“.

Also need to adjust the underlying libraries to check and block.

Will look into possible options.

frankywild commented 1 year ago

There has been a lot. I think we can even extend the current list with something like „denySubs“.

Also need to adjust the underlying libraries to check and block.

Will look into possible options.

Thanks Jaco

frankywild commented 8 months ago

Hello @jacogr, any updates on this?

Thanks!

jacogr commented 8 months ago

No update from me.

There is no reason (although not checked), that we cannot start adding these. There are a couple of options -

"denySubs": {
  "x.com": [
    "jacogr"
  ]
}
"denySubs": [
  "https://x.com/jacogr"
]

... now thinking about it, it will probably be dropped if added since we sort these and only extract the deny and allow keys, so it won't check for these. So "just starting to add" would not be kept once CI is done.

Out of the 2 options above, which one is better for the team adding these? (full-url-per-line or grouped-by-domain)

frankywild commented 7 months ago

No update from me.

There is no reason (although not checked), that we cannot start adding these. There are a couple of options -

  • top-level site, aka
"denySubs": {
  "x.com": [
    "jacogr"
  ]
}
  • explicit links
"denySubs": [
  "https://x.com/jacogr"
]

... now thinking about it, it will probably be dropped if added since we sort these and only extract the deny and allow keys, so it won't check for these. So "just starting to add" would not be kept once CI is done.

Out of the 2 options above, which one is better for the team adding these? (full-url-per-line or grouped-by-domain)

I would say the second option because we want to add also telegram/discord/youtube (any other platform where the scam is happening) and would be easier I think.

frankywild commented 5 months ago

Hey @jacogr! I hope you are doing well.

I tried to add subdomains here #4275 and here #4276 but the extension is not blocking it, I don't really know why.

paquinho26 commented 1 month ago

Hello, I got a problem because another person has my seed and he just unbound my DOTS, it will unlock in 27 days. I have the adreess of the scammer, but how can i freeze this? because a this point i only should send me my tokens when it will be available before the scammer do it, but its too risky.

Please I need help, for example a way to use another sign for my operations. Thanks a lot