Topic: ScamWhammer - Block scam websites and promotions with your adblocker (Read 800 times)

I was looking at your list, and I'm confused about some of the characters.

crypto.net##DIV
01crypto.net^$document

What do those bolded letters mean?

Also, could you make this list in a CSV format for import into a database? 

Having thought about it, this isn't going to be successful in the long term without it's own browser extension. For now, let's concentrate on the provably scam websites (bitcoin doublers etc). Instead of loading the page in question it should draw a big warning that this site is a scam with a link to this thread, optionally with a button that lets the proceed anyway. However I don't have an ETA for this as this requires me to learn how to develop extensions.

I'm open to feedback about this idea. Maybe as a way to protect the extension from being spoofed I could make a signed message with the extension's filehashes, since I already have a PGP key ready. A consequence of this is that it won't be listed on extension galleries like Chrome Web Store, a favorite gathering place for phishers to put extensions impersonating real ones, and that it would have to be downloaded manually here. Fake announcements with malware would then be easy to squash as Lafu is doing a terrific job doing.


I am excluding all the exchanges from this for now, until I can gather a large enough userbase that blocks them from the obvious scams.

You shouldn't blocked a scam website instantly without the opinion of other users because you need a certain basis why websites should be banned and blocked from advertising. People aren't dumb about knowing if the website is a fraud and should stop operating in an exchange, you also need some point of view of other users to know if a website is a fraud.


Warning is also good to prevent sudden judgement without even knowing advantages about a certain websites that popped up in an exchange. Totally blocking it will not help you to become comfortable unless you're easily irritated by those.

Currently I have to insert the sites manually, as I don't know of a way to automate detecting a website by crawling it.


Yes, it works on any browser, including mobile ones, as long as it has an adblocker and they add this filter list.

---

On an unrelated note I need to fix all my entries to have http:// and https:// at the beginning of the name. Right now, if you try to go to any trustpilot page belonging to a scam website, like


Then it will also be blocked, and that's not the behavior I want. It currently blocks the page if the name appears anywhere in the URL not just in the domain name.

Do you have to manually input the scam websites or it automatically identify them like search engine web crawlers, I do not see it in your pitch but I think that this has a big potential. Does it work like adblocker? Cause if that is how it function then it can be a good thing because you will stand out from the rest. Does it work on mobiile and does this project works for all browsers? I believe that more people are using their mobile phones so I asked of this question, with regards to the browser, I think the more the merrier.

Currently I'm scraping HYIPLogs (an aggregation of HYIP domains) and the Badbitcoin badlist (frequently updated list of scam domains) using Javascript and then paste the domains in the filter list. This is what I use to scrape HYIPLogs, I run it in my browser's DevTools:


And this retrieves the historic badlist from 2014 to 2018, since the rest can only be accessed by using search:


I sent Badbitcoin an email today asking for a way for them to provide me with the rest of the domains, I'll see if they respond.


Yes, I'll list those soon. Thank you for the links.


Yes, in fact, I already have a few hunded punycode domains impersonating MyEtherWallet, which I took from MetaMask's list. Currently there isn't a site that lists all of them yet but the general idea would be to use a domain registrar's API to see if puny-code domains have been registered. These github projects are a good start https://github.com/topics/typosquatting

This page can convert the unicode domain name to punycode https://www.punycoder.com/

I want to take the controls from https://www.irongeek.com/homoglyph-attack-generator.php and write a script to guess similar sounding domain names.


That sounds like a good idea. Can you explain what a shield is? I haven't used Brave browser before.


If you mean links on my website, can you PM me the links? I had to make some tweaks to the site to get it working on Github Pages so maybe I botched something in the process.


You can find me there too  

---

Edit: So I got a response from the Badbitcoin team. Without going into details they declined to give me the list. So it looks like I will be forced to use the search tool to look for the rest of the domains.

How will scam be determined? Is it completely central? Or is there an algorithm to block the abusers and who are the trusted people to do it?
Will you list some members-list of this forum? For example, [1] & [2]
Will puny-code domains be included?
Are there plans to cooperate with Brave’s browser to include such lists in its shields?
Some links on your site only work after manually refreshing the page.

---

From ---> https://zenulabidin.github.io/#/about-me, I noticed that you are from the Arab countries. I hope you will join the Arabic board --> https://bitcointalk.org/index.php?board=241.0.



[1] tvplus006 - 160+ List of Scam Projects
[2] ICOEthics - scam list 2018-2019

Thanks. Ultimately I want ScamWhammer for become a community effort in the long term so I don't have to babysit it continuously.

Perhaps instead of blocking the high-risk sites right now, I can wait until I get about 10 people who are willing to make a consensus to decide if those sites should be included, which would obsolete rule 3 above. Because I doubt exchange diehards are going to use the list if they know if their favorite exchange is on it. I want as many people to use the list as possible.


I'm a little skeptical of making a separate browser extension for this, because it's possible that it gets hacked while I'm not looking and a malicious version is served for download instead, especially since this project is in its infancy with hardly any users. The filter list would need at least 100K users before people would see an extension I make as reputable.

The way some of the adblockers are showing a banner saying the site has been blocked while giving you an option to proceed anyway is the kind of thing I want to show. But since Adblock and friends can't do this, I whited out the sites as a temporary solution. I also think displaying a warning at the top of the page is vulnerable to social engineering by the scam site, as they could write on their site something like "Ignore the scam warning above, we have 5 star ratings on TrustPilot".

Cool idea.

My first thought: I think you should find some sort of third party to arbitrate in cases where the owner of the site applies to be removed, or a site is submitted and it's a 'close call'.  You need some evidence that your decisions are without bias.  Giving yourself absolute power in which sites are on the list or not is a going to hurt the chances of this taking off.  I would expect most sites that are aware they on the list to claim something like: "we're only on the list bc our competitors paid NotATether."

Any plans to develop a stand alone browser extension?  It would be cool to have the option to add some sort of warning (a reference link would be nice also) stickied at the top of any site on the list instead of just blocking them.

Reserved.
Scammers, if you're reading this thread, watch out for RoboCop.

ScamWhammer is a filter list for cryptocurrency scam websites, Youtube videos, Play Store downloads, Medium pages and more.

This filter list is unfinished, hence why it's in the Project Development section.

Currently there are over 25,000 unique scam websites (20,000 HYIPs and 5000 scams) in the filter list, but almost no pages because I haven't gathered many yet. It incorporates all the HYIPs in HYIPLogs (Javascript warning: lots of ads) and the listed badsites on the Badbitcoin badlist. I don't have an automated way to retrieve typosquatted domains yet so most of them are missing from the list.

It works with Adblock and Adblock Plus by removing the page content, and Adguard and uBlock Origin by blocking the site outright. Due to Adblock limitations, entire sites can't be blocked so instead it hides their page content.

How to use

Add the URL of this filter list https://raw.githubusercontent.com/ZenulAbidin/scamwhammer/master/filter-blocklist.txt (huge file) to your adblocker. The procedure varies depending on the adblocker you are using so look it up on the internet if you're not sure how to add a custom filter list. The list goes stale every 7 days. This may change in the future.

The goal is to get this filter list included in adblockers by default, when they are installed into the browser.

How I choose which sites get blocked

Again, this filter list is by no means limited to whole sites, it works perfectly fine with arbitrary URLs, including those with queries at the end such as ?action=post;board=12.0.

For the purposes of the rules below I will call all pages off the domain(s) promoting the site, such as Youtube videos, Google Play Store app pages, Medium pages, etc. URLs.

1) If the site in question is in the Badlist, then its domains and all URLs will be included.

2) If the site is an HYIP, its domains and all URLs will also be included.¹

3) (Temporarily retracted) If the site in question is a controversial exchange, casino or other cryptocurrency operation, then all of its domains, but no individual URLs, will be included. For the purpose of making rules, a site is controversial if it either a) has at least 3 open credible scam accusations against it or b) the official bitcointalk account representing the site has an active flag against it. I regard a scam accusation as open if the associated thread is less than 5 years old² and not locked or otherwise labeled "closed", and as credible if the scam accusation in question indicates that the site mishandled funds (individual users' accounts getting hacked are not credible, but if the whole site gets hacked and the site does not replenish its funds then that's credible).

4) All typosquatting and foriegn-character-typosquatting domains impersonating non-controversial (genuine) and controversial sites will be included indiscriminately.³

5) Sites and URLs will not be removed from the list if they are taken down. Sites may be removed if the domain is sold to someone who then uses it for a legitimate activity, but associated URLs will not be removed.

6) I reserve the right to change, and or remove criteria or include and remove individual sites at any time.

NEW 7) Sites and URLs of faucets won't be added to the list unless they have a deposit option.

¹ Because I believe that HYIPs are no different from gambling, the only difference being HYIPs make explicit promises of guarantee to make a profit which is clearly lying. If you don't like this decision then feel free to add your favorite HYIP site to your adblocker's whitelist.

² An issue arises if the associated scam accusation is credible. In that case as long as the remaining credible scam accusations is less than 3, I'll remove the domains from the list and let them go at good-faith. On one hand the site may have cleaned up its act since then and the topic starter forgets to lock the thread (this part happens frequently) but on the other hand I'm not sure this is the best thing to do, feel free to tell me your suggestions about this.

³ Typosquatting something like an exchange or casino is an inherently malicious thing to do, and if there are URLs associated with the typosquatting site, those will also be included in the list.

Here are the list of sites that are currently in the list according to rule 3. I anticipate more will be added to the list. Temporarily inactive

• Yobit
• Coinsbit

These rules are designed to make it easy for me to select sites to add to the list while I browse the Scam Accusations board.

Homepage   Github repo

If you would like to request permission to edit the ScamWhammer repository, this is the thread to do so. It requires you submit a pull request with the filter rules added properly. See the github repo README for instructions on how to add filter rules manually.

I'm also going to request the BadBitcoin staff for access to the raw list of scam sites so I can include them all at once, searching for them one by one is proving to be exhausting.

This topic will be self-moderated because reports for inclusion here and requests from exclusion from it will be handled in separate threads, to make things easier to navigate. Please keep discussion here on-topic about ScamWhammer.

Associated threads
Report inclusions into ScamWhammer here.
Request removals from ScamWhammer here.

Changelog:
2020-07-21: Add CSV file of blocked domains with name and date added columns
2020-05-03: Add rule 7, temporarily retract rule 3