PhishBuster icon indicating copy to clipboard operation
PhishBuster copied to clipboard

Published 20 hours ago • verified publisher icon nayanmapara

Questions/Reduce input data

Open m1ga opened this issue 3 years ago • 13 comments

I don't really understand the purpose of this page :smile: So let me ask some questions/give some suggestions:

  • why does it need my country? That info is very suspicious and I don't want to share it. Remove that would help that it doesn't look like a scam :smile:
  • why do I have to select the "resembling" site? Just parse the link and check it. I can select github and put in an ebay link and it says phishing site which is not correct. It is a valid site but my input was wrong. But your system tells me it is a phishing site

Just give advise on how to check for a correct link. Pasting it in and selecting where I want to go and wait for the result looks to much work. On input field and check the link and display it as a safe link afterwards.

m1ga avatar Oct 04 '21 14:10 m1ga

Country is used for regional site supports like eg. amazon.com is the main site as i am in India the site i get to use is amazon.in and same goes other countries. So when i choose Amazon option it should work for regional sites.

VFXGamer avatar Oct 04 '21 15:10 VFXGamer

There are lots of ways to fool people with the url and one of the most common way is typo squatting. And believe me you don't want to waste your time see the url and remembering different ways when you just have to go on a site fill few things and it will tell you the result in fraction of seconds.

VFXGamer avatar Oct 04 '21 15:10 VFXGamer

Country is used for regional site supports like eg. amazon.com is the main site as i am in India the site i get to use is amazon.in and same goes other countries. So when i choose Amazon option it should work for regional sites.

but that is exactly the point why it doesn't make sense to have to country selection: amazon.in in Hungary is listed as spam, when I select India it's fine. No matter which country I'm in it should say if that URL is correct or not

m1ga avatar Oct 04 '21 15:10 m1ga

Country is used for regional site supports like eg. amazon.com is the main site as i am in India the site i get to use is amazon.in and same goes other countries. So when i choose Amazon option it should work for regional sites.

but that is exactly the point why it doesn't make sense to have to country selection: amazon.in in Hungary is listed as spam, when I select India it's fine. No matter which country I'm in it should say if that URL is correct or not

I could have went for taking location permissions from the browser but that gives your location which I am not really interested in and it will degrade the trust too so i went for manual selection.

VFXGamer avatar Oct 04 '21 15:10 VFXGamer

I don't really understand the purpose of this page 😄 So let me ask some questions/give some suggestions:

  • why does it need my country? That info is very suspicious and I don't want to share it. Remove that would help that it doesn't look like a scam 😄
  • why do I have to select the "resembling" site? Just parse the link and check it. I can select github and put in an ebay link and it says phishing site which is not correct. It is a valid site but my input was wrong. But your system tells me it is a phishing site

Just give advise on how to check for a correct link. Pasting it in and selecting where I want to go and wait for the result looks to much work. On input field and check the link and display it as a safe link afterwards.

Things on this site can be rigged if input is not given properly and I completely agree with that but the problem is it depends on the person that he was to get benefit from it or not.

VFXGamer avatar Oct 04 '21 15:10 VFXGamer

My initial plan was to use web scraping and find out the real aka authentic url but there where lot of issues with it so i switched to people as input so results are given on what the input is given.

VFXGamer avatar Oct 04 '21 15:10 VFXGamer

I could have went for taking location permissions from the browser but that gives your location which I am not really interested in and it will degrade the trust too so i went for manual selection.

no, you still not getting the point :smile: Don't use the user location at all! amazon.in is valid in all countries, so don't check for that.

I appreciate the effort in helping people to find out if a link is good or bad. But it should be as easy and quick for the user as possible: insert a link, check it, done. Check the SSL certificate, check for UTF8 characters (at least give a warning if they use them) and match with a bad word/url list. Let your page do a connection to that link and check if its redirecting somewhere else or so.

m1ga avatar Oct 04 '21 15:10 m1ga

My initial plan was to use web scraping and find out the real aka authentic url but there where lot of issues with it so i switched to people as input so results are given on what the input is given.

if it works for people it's fine! I just wanted to give my opinion as an external/first time user. Just seemed suspicious to add my location. But keep working on the page and improve it! Maybe some more infos on what you are doing with the date would help. You link to your blog post and it doesn't really explain it there too

m1ga avatar Oct 04 '21 15:10 m1ga

I could have went for taking location permissions from the browser but that gives your location which I am not really interested in and it will degrade the trust too so i went for manual selection.

no, you still not getting the point 😄 Don't use the user location at all! amazon.in is valid in all countries, so don't check for that.

I appreciate the effort in helping people to find out if a link is good or bad. But it should be as easy and quick for the user as possible: insert a link, check it, done. Check the SSL certificate, check for UTF8 characters (at least give a warning if they use them) and match with a bad word/url list. Let your page do a connection to that link and check if its redirecting somewhere else or so.

That is the thing people see if site is authentic or not on things like ssl certificate you can get them for free using cloudflare or Let's Encrypt.

VFXGamer avatar Oct 04 '21 15:10 VFXGamer

My initial plan was to use web scraping and find out the real aka authentic url but there where lot of issues with it so i switched to people as input so results are given on what the input is given.

if it works for people it's fine! I just wanted to give my opinion as an external/first time user. Just seemed suspicious to add my location. But keep working on the page and improve it! Maybe some more infos on what you are doing with the date would help. You link to your blog post and it doesn't really explain it there too

I actually made that blog in hurry I will update it soon. And I will make that country option optional.

VFXGamer avatar Oct 04 '21 15:10 VFXGamer

I actually needed help with the documentation there's lot to add.

VFXGamer avatar Oct 04 '21 15:10 VFXGamer

Sorry if I hurt you in anyway. 😅 I didn't intend to do it.

VFXGamer avatar Oct 04 '21 15:10 VFXGamer

Don't worry. Thanks for all the feedback :+1: :jack_o_lantern: hacktoberfest :heart: I'll see if I can contribute somewhere to help here too!

m1ga avatar Oct 04 '21 15:10 m1ga