G’Day,
I received an email with a button which took me to the following link:
https://ipfs.io/ipfs/bafybeifdljzexdabjv5wik72kmwtc2s5dozdvyk3llv6s3onxvxycma3cy/xawl.html#info@moonacres.com.au
You people should not allow this sort of phishing from your servers.
Cheers,
Phil.
Hello Phil.
If you see abuse, as above, please report it to https://badbits.dwebops.pub/
There are also commands that can actually track exact IP where the malicious content is hosted.
You can try to follow up with service provider to take such attempts down.
Happy hunting! M
G’Day,
Reported.
It took me two attempts.
The first time my email was blocked because I included the phishing email.
The process for reporting problems is not clear to an outsider such as me.
I wonder if the feeling of IPFS being unsafe is a deliberate strategy, or just a consequence of trying to be ‘at the edge’?
Cheers,
Phil.
Well… it’s 2025 and it’s not like they actually do anything about it… I will never understand why they don’t already have something in place to prevent their “users” to publish phishing pages… It’s like they are part of the problem and they are actually provide a safe place to publish phishing pages…
never understand why
I mean, do you have suggestions on how that would work?
Which additionally can’t just be taken out of the codebase by a bad actor compiling it themselves?
Filtering it at the gateway level seems the only option but then one would need to add hopefully reliable filescans to each file served. However what’s stopping someone just uploading an obfuscated version. Then we play cat and mouse anyways.
I mean, yes, maybe possible, but I’m yet to see some solid plans that would work better than banning things that get reported. I’m not saying it’s not a problem, just that the solution is easier said than done.