Abuse team is ignoring requests?

Help IPFS
1

Hi team,

I have been reporting phishing website since weeks to the following addresses:

abuse@ipfs.tech,
abuse@ipfs.io,
abuse@protocol.ai,
security@ipfs.io

With no response at all, aside from the canned response you receive when you send an email to abuse@ipfs.tech.
As you may know, most critical and dangerous period for phishing wqebsites are the first 72hs after creation, so please review the reports sent and act accordingly.

Examples of phishing websites I reported are:

https://bafybeib2hf6fioibo6lfd5lukmvxsajpsr7pimigtn5zg2bwbpi62fqeei.ipfs.dweb.link/ (impersonating www.zimbra.com)
https://ipfs.io/ipfs/QmdUf1exjZMMZVCpLfDYqqWbQ25Vf2qB64nuFLtqzypC2K?filename=avse.ua.htm (impersonating www.zimbra.com)
Mail (impersonating dsszzi.gov.ua)
https://ipfs.io/ipfs/bafkreidci2jjtwmgjgnnx7x3akvs76uoqhzk2z62u7xyzjjafkdlm4jl3u?filename=INBOX-Login+(6).html#cert@cert.gov.ua (impersonating cert.gov.ua)
https://ipfs.io/ipfs/bafybeig6iv6o4uj2563w4wbal6xnye4ksqbqvddldtwbb7sabtqb6a4zii/newcog.html (impersonating Radware Page)

2

Hi @javierxvi,
Without knowing the timeframe of the reports you submitted, it’s difficult to know if this unreasonable or not.

However, I do know that the team responsible for processing the takedown requests is doing their best to stay on top of things, and definitely does not ignore requests they are sent. And I can attest to the fact that every request received is reviewed, and if appropriate, actioned.

Of the links you posted, I can see that two have been taken down already, one is currently not loading for me, and the fourth is still up and retrievable.

As I’m sure you can imagine, the gateways receive a lot of traffic, and an equally large number of takedown requests as a result of that. Which comes at an added cost to providing the gateways because these takedown requests require manual review and processing. So not to provide an easily exploitable vector, that could render the gateways unusable.

While the current process might not be perfect, it is what we have today, and is crucial to being able to offer the gateways to the community free of charge as a public utility. We’re continually trying to look at how these services are provided, and how we can improve things for the betterment of everyone.

I’ve shared this feedback with the takedown team, and will leave them to see if there are any quick wins that they can incorporate into their process to make this a better experience for everyone.

3

Hi cewood! Many thanks for your reply :slight_smile:

Regarding your reply, I see 3 of 4 are still up with phishing. Only https://ipfs.io/ipfs/bafybeig6iv6o4uj2563w4wbal6xnye4ksqbqvddldtwbb7sabtqb6a4zii/newcog.html was taken down:

[Album] imgur.com

Regarding date and time of reports:

For https://bafybeib2hf6fioibo6lfd5lukmvxsajpsr7pimigtn5zg2bwbpi62fqeei.ipfs.dweb.link/, it was reported for the first time in June 2nd.
For https://ipfs.io/ipfs/QmdUf1exjZMMZVCpLfDYqqWbQ25Vf2qB64nuFLtqzypC2K?filename=avse.ua.htm, first report was on May 29th.
For PORTAL - Mail Log in, forst report was on April 30th.

Regarding:

As I’m sure you can imagine, the gateways receive a lot of traffic, and an equally large number of takedown requests as a result of that. Which comes at an added cost to providing the gateways because these takedown requests require manual review and processing. So not to provide an easily exploitable vector, that could render the gateways unusable.

Noted! Thanks for explaining :slight_smile:

Regarding:

I’ve shared this feedback with the takedown team, and will leave them to see if there are any quick wins that they can incorporate into their process to make this a better experience for everyone.

That is awesome to know! I hope this come out soon.
Please let me know if there’s any possibility of a collaboration since I am part of an anti-abuse organization and I think, if possible, we can help each other to make this task more bearable and efficient for everyone.

Kind regards