What is Digg?42 Comments
- pencoyd, on 10/12/2007, -2/+12That is the end goal. Right now, as listed in the FAQ, PhishTank is one source among many for OpenDNS. A verified phish on PhishTank will be reviewed for blocking by OpenDNS, absolutely, but it's (deliberately) not yet automated.
John
OpenDNS - mtwoar, on 10/12/2007, -0/+7So you're the person that did that. It's up there, just hasn't been validated yet. Why would you try to lessen the credibility of a site that is trying to do us all a favor?
- pencoyd, on 10/12/2007, -1/+7jtjdt,
That site is verified as a phish on PhishTank.
http://www.phishtank.com/phish_detail.php?phish_id=11734
PhishTank is not a takedown site: it's an community clearinghouse for information about phish sites. What you do with with the information (free API) is up to you.
John - jtjdt, on 10/12/2007, -2/+8When a site is submitted to PhishTank and verified, is it then blocked by OpenDNS?
- dweekly, on 10/12/2007, -1/+7An excellent idea - too many companies keep their own repositories of phishes; it's much better for it to be an open, central location for phish sites accessible via API. This is awesome, helpful, and brilliant.
- remiprev, on 10/12/2007, -3/+7Man, I was happy to see that someone submitted the direct url of the site, and not some blog spam, but please don't spam in the comments either!
- RobertJHouser, on 10/12/2007, -0/+4@Coopjust: I filled out info on a "Robert J Houser" in Springfield, MA. Of course, he's fictional, just like the Amex card and CCV number.
Well thanks for nothin' man! Now I'm gonna have to cancel my Amex card! How dare you assume that I'm fictional! - sastian, on 10/12/2007, -1/+4the developers deserv some sort of online nobel peace prize
- pencoyd, on 10/12/2007, -0/+3Write one yourself? http://www.phishtank.com/api
We'll list applications as they come out. - Coopjust, on 10/12/2007, -0/+3Very genuine looking site.
I spent 2 minutes entering info on that site. Not real of course. Rather than the usual "***** you" I filled out info on a "Robert J Houser" in Springfield, MA. Of course, he's fictional, just like the Amex card and CCV number. - cybe, on 10/12/2007, -0/+2Here's another reporting site, which I believe is alsoa takedown site:
http://www.castlecops.com/pirt - Greenfday6, on 10/12/2007, -0/+2there should be a script that takes each url submitted, goes to the site and inputs random info. Then scammers gets crap loads of nothing.
- seventoes, on 10/12/2007, -0/+2Not yet. soon.
- sirber, on 10/12/2007, -0/+2any firefox plugin?
- gotamd, on 10/12/2007, -1/+3It's interesting but I don't see how it could really be successful. Phishing sites move so quickly and pop up everywhere. I don't think it's possible to catch them all, and it requires a non-trivial amount of time to submit these sites. I think efforts should focus on methods of detecting phishing sites instead of reporting mechanisms as well as education to users. I know I've never been fooled by a phishing email or web page, but I've probably seen more than most people. It all comes down to the user. Most people using this service wouldn't get tricked by a phishing site anyway, and those that would don't know about the site.
- Sponky, on 10/12/2007, -0/+2@ sirber
You mean a Thunderbird extension?
Though I suppose you could use a Firefox extension with a webmail service. - symetrix, on 10/12/2007, -0/+2That link should be http://www.phishtank.com/api.php
- davidu, on 10/12/2007, -0/+2It's okay -- The community will mark it a phish. Trusted users votes count for more and newbies have to earn their stripes. That's how it works. I can understand the want to "test" and see how it does with a real site, but let's not get carried away and annoy folks. :-)
- MajorD, on 10/12/2007, -0/+2Wow. That site looks quite genuine. What the hell is wrong with these people? Can you imagine your mom typing her goodies in at that site? I can...
- triplehelix, on 10/12/2007, -0/+2not necessarily. its database and api will remain free allowing many services and products to utilize it, meaning more then opendns users may benefit from it in the long run.
- davidu, on 10/12/2007, -0/+1sorry, replied to wrong comment. :-) Thanks for the kind words!
- soapboy, on 10/12/2007, -0/+1"When a site is submitted to PhishTank and verified, is it then blocked by OpenDNS?"
I would assume so, since OpenDNS already blocks potential phishing sites. I cannot honestly say, because I know what phishing emails look like.
For the sake of time, I am just going to say that anyone that changes their password based on an email needs to seriously reconsider doing any sort of business online.
If I see a phishy email from Paypal (get em all the time), I usually open a SEPARATE BROWSER SESSION and log into my account to see if the claims of the email are indeed true. I am lucky though, I don't use paypal often and the emails I get during periods of inactivity are obviously false. - nubtard, on 10/12/2007, -0/+1Cool idea.
- bairy, on 10/12/2007, -0/+1"Users can verify submitted phishing sites and grin as they slowly kill off every last phisher..."
Like that'll ever happen. This is a great idea, as is the OpenDNS phishing blocks, but it's only useful to people who actually use those services, and I'd guess that quite a lot of the users already know how to spot phishing sites anyway.
Not knocking the project, just saying it's gonna take more than an index or two to do any real damage. - postaldave, on 10/12/2007, -0/+1these guys are awesome!
if anyone out there on broadband that has slow page to page surfing switch your dns over to opendns.com. huge increase in page to page surfing speed. - seventoes, on 10/12/2007, -0/+1Just wait then, thats what im doing. ;)
- sirber, on 10/12/2007, -0/+1I'm not very knowledgable in writing a firefox extension :)
- triplehelix, on 10/12/2007, -0/+1the same with opendns, its not necessarily to protect the person using the service, but to protect the system from other people who use it, or to set up your grandmother so she is protected.
- gheide, on 10/12/2007, -0/+1It would be really great to have a "DIGG EFFECT" type of Phish scam killing system... everybody signed up would have a toolbar and it would actively update it's phishing list and try various DOS attacks on those sites... only problem with that - a lot of phishing pages are hosted on hacked / insecure servers that the unknowing owner may not even know about - and it would bring that server down...
- shiflett, on 10/12/2007, -0/+1I know people hate blog links, but there are some valid concerns about PhishTank worth considering:
http://ha.ckers.org/blog/20061002/opendns-launches-phishing-site-aggregation-service-phishtank/ - VaamYob, on 10/12/2007, -0/+1"only problem with that - a lot of phishing pages are hosted on hacked / insecure servers that the unknowing owner may not even know about - and it would bring that server down..."
I don't see a problem. I think compromised servers should be taken down. - ilgaz, on 10/12/2007, -0/+0I am sure Bank Of America/Paypal security admins, staff got an account there and watching those phish submissions.
That is a free treasure for them. It could be a publicity nightmare for them too. It is their choice. I am turkish and I keep reporting Bank Of America or other banks scams to Spamcop and these new people. I hate those thieves, that is why ;) - ilgaz, on 10/12/2007, -0/+0I checked my Yahoo bulk folder (great source!) and you can be shocked that there are 6-7 days old phishing mails with VALID/ONLINE "sites" which are still working.
Also it is not a good idea to fool around with a phishing/scam site. If there is a browser security problem, they are the ones who will exploit it.
They have very secure "screenshot" function there, it should be used instead. - ilgaz, on 10/12/2007, -0/+0Careful about blogs, I am using antispam/reporting software and I have found at least 20 fake entries by spammers in the softwares comments area on download sites which allows commenting.
At one point I wondered if I am using some other software rather than the title having some "nightmare" bugs, it took a while to figure those people aren't users of software, they registered to site just to give it a bad name. Software was working great, that was their problem ;) - sezzme, on 10/12/2007, -1/+1Here's one thing that I do not get: why not have a cool Firefox extension that keeps track of the usual links and page structure used by the most-known banks, financial services and credit unions...
...then it checks the page URL against the page structure that the financial outfit in question normally uses...
...then flags abberations as possible phishing sites?
If the page says it's paypal dot com, and the URL does not, this function would detect that fact, and you get re-directed to an anti-phishing site.
Seems a white list like this would be easier to invent and impliment, since phishing sites are so transient. - salazr, on 10/12/2007, -3/+3this is kinda cool
nice review too - duhblow7, on 10/12/2007, -1/+0Somewhat true. OpenDNS pride themselves on being very quick and resolving a hostname. They do this by having many local tier3 servers and a huge cache.
They will only increase page-to-page loads if the hostnames are different. OpenDNS is quicker at resolving a hostname, but once it's resolved it is usually cached locally.
The exception is Linux because it doesn't cache. Linux page-to-page loads of the same domain would be quicker using OpenDNS compared to your ISP in most cases. - jtjdt, on 10/12/2007, -9/+4Yah, I was waiting for this site to go live. There was a live phishing site yesterday I reported, and I believe it's still up. Let's hope this project brings em down faster.
In fact, the site is still up
WARNING - THE FOLLOWING IS NOT PAYPAL - IT IS A LIVE PHISHING SITE TRYING TO STEAL SECURE INFORMATION - PROCEED WITH CAUTION!
http://211.90.191.89/icons/pie5.prg/%20/paypal.com/Security-Accounts/UsingSsl/prdata/custserv/paypal/WebTeller/developer/us/index.php - bobothn, on 10/12/2007, -8/+2i added google i wonder if it will get added?
- opensourcemaven, on 10/12/2007, -10/+4found this review via technorati: http://pstam.com/2006/10/02/introducing-phishtank/
- inactive, on 10/12/2007, -8/+1REDBARRADIO.COM
- opensourcemaven, on 10/12/2007, -11/+0http://money.cnn.com/blogs/browser/2006/10/new-anti-phishing-site-may-sink-or_02.html
© Digg Inc. 2009
— Content created and posted by Digg users is