Hacking & Phishing with ipfs.io

[0xK3on]

I got an email with a link to your website which was clearly a phishing page. You need to secure your website and clear your platform from abusive usage otherwise you will have a BIG trouble. People are sending phishing emails linking to your website, example;

https://fleek.ipfs.io/ipfs/Qme1nq51APWQMANeCrb5j9n4AxxW382e4ijeSkse8aEri1/excel%20link.html

[domainfun]

Unfortunately, it appears that https://ipfs.io/ is unable to prevent spammers from misusing their system (just like Google Gmail and Microsoft Outlook.com allow any spammer to create a free account). These big companies rely on the general public reporting any misuse, although I have no confidence that they actually remove misbehaving users in a timely manner (I speak from experience, when checking days after I reported phishing URLs to below email address in the past).

Perhaps on your incoming email service you can add a spam filter to block all emails containing https://ipfs.io/ipfs/ or https://fleek.ipfs.io/ipfs/ web addresses?

Anyway, rather than filing a ticket here on GitHub, please report these misuses to [email protected], see https://ipfs.tech/help/.

Here is another one from today (email address redacted for privacy):

https://ipfs.io/ipfs/QmUKv5oL751qzcCSytJUGPf12k5hZkAspbVXSGevfvzM5y?filename=login.htm#...

---

[achingbrain]

Please see: https://github.com/ipfs/community/blob/master/SECURITY.md#reporting-abuse