1. There is no such thing as a "pending" ban or Steam admin. Anyone threatening your account is a scammer trying to scare you. Read more.

Suggestion - Regarding Tf2-outpost's Phishers, Let's get rid of them.

Discussion in 'SteamRep General Discussion' started by Armored Squirrel, Jul 5, 2013.

Page 2 of 2
  1. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
    1. requiring Premium wont do much, for they mostly use hijacked accounts.
    2. Captcha is beaten by bots several ways, some are harder then others, and they can simply download the library and defeat it.
    SilentReaper(SR), Sep 19, 2013
    #21
  2. ForteSP

    ForteSP New User

    Messages:
    877
    Steam:
    STEAM_0:1:32783182
    Well I guess, you could make it so that only premium users can post links. That would severely reduce phishing. If a non-donator post a link it just doesn't even show up on the post, it's left blank. But that would be kinda difficult.
    ForteSP, Sep 20, 2013
    #22
  3. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
    Doesn't work... if ppl link like this steamcommunity dot com slash hijacker they still copy/paste it in their browser, and edit the "dot" for a real "." and the "slash" for a real "/" etc.

    tbh, I like the solution of D2T, they use a combination of white, grey and blacklisting without it being too bad. (helps as well that I've been giving them suggestions).
    some of the features:
    - if whitelisted, the url can be clicked and will open straight away to the site. Examples are d2t, steamcommunity.com, official sites etc.
    - if not whitelisted, the url to click will open a dialog box, with a warning that the url clicked is not whitelisted. it also will display the MAIN part of the URL in uppercase (to avoid confusion with replaced letters in a official site name) example:
    fake site name is: stearncomrnunity.com that almost looks good, only if looking close you see that 2 M's are replaced by "r+n" in it. D2T shows it like this:

    WARNING: the below links are INTENTIONALLY made non-click able. I do not know if such site(s) exist, but please, do not try them. Unless under your own responsibility. These are EXAMPLES to show the case.
    Code:
    Say fake site name is:
 
http://stearncomrnunity.com/fake/link/blah
 
that almost looks good (esp in the font for steam chat), only if looking close you see that 2 M's are replaced by "r+n" in it. D2T shows it like this:
 
http://STEARNCOMRNUNITY.COM/fake/link/blah
    That makes seeing the link much more noticeable that some misspellings are in it for the user.

    Then they have also blacklists. those are either deleted or not shown etc. sites as MALWARE-SUSPECTED-TINYURL- are blacklisted, to prevent usage of MALWARE-SUSPECTED-TINYURL- to phishing sites.
    SilentReaper(SR), Sep 20, 2013
    #23
Page 2 of 2