I report phishing url’s and weeks later they are still alive at ipfs.io.
There does not appear to be any sort of Abuse or InfoSec team at IPFS.
What is going on?
How did you report these?
They should typically be reported to abuse@ipfs.io / abuse@ipfs.tech and then it should be taken care of by the team.
I used abuse@protocol.ai and security@ipfs.io and no repsonse.
I will start using abuse@ipfs.io and abuse@ipfs.tech from now on, although, getting tired of trying to help a team that appears to not be able to help itself.
FWIW I’m sorry for your frustrations, I don’t have a direct window into the team that handles reports or how communication could be improved. I can say that your efforts are appreciated, and airing your frustrations.
There is a team that handles the reports, but I’m not sure what their process / workload / communication process is like. I know @danieln put effort into resolving your issue before, and seemed to help get the process fixed.
Again, sorry for your frustrations.
Just to put my 5c in. This is a common problem. Loads of people are getting phishing links using IPFS. I got one today, which I did forward to the abuse email.
This isn’t something that should just be looked at on a case by case basis, use of IPFS for phishing is a major problem.
Maybe we need an education page about this. As this literally can only be handled as a case-by-case basis, exactly the same as HTTP. IPFS is a protocol.
@firmdog I received one of these phishing emails today, and came here to warn. I already reported by email to security@…
But the thing I wanted to say here is that the email of ipfs.io is hosted at Google, which could very well be sorting these reports as spam, so the ipfs team never learns about them anyway (using google for email is another story… (notorious reputation)).
Posting here, however, should have drawn some attention, but this is sad.
Best to use abuse@ipfs.io and you should receive confirmation of receipt.
I can assure you that we’re working to ensure these are handled as quickly as we can.
2 Likes
Good luck, guys, and all the best!
I still have no reply (other than the automated one) from the report I put in in April.
I don’t believe they usually reply, but are the offending materials still being served by our gateways?
Now I’ve looked, it isn’t, however they SHOULD reply, it’s appalling public relations not to.
how about proactively using a honey pot to help?