View this post on Hive: Steemed Phish v0.0.32: Performance improvements
Repository
https://github.com/quochuy/steemedphish
These are changes since v0.0.31
This pull request contains small changes to increased the performance of the extension.
Bug Fixes
Sometimes external links are not scanned properly at the same time, if a link is used multiple times it is unshorten through an API call for each occurrence. This has been fixed by keeping an array of URLs already requested for unshortening and generating a uniq ID for each link. The unshortening result would then be applied once to all occurences. This fix also improves performance of the scanning process.
Optimisations
- the content script has been optimised to not require JS injection into the page itself
- the code has been cleaned up, reformatted with added comments
GitHub Account
Download the extension
https://chrome.google.com/webstore/detail/steemed-phish/eiaigalhddmmpdnehcigmlmgllomljgj
What is Steemed Phish?
Steemed Phish is a Chrome extension that offers protection against Steemit.com phishing clones
Features
Changing icon color based on white/blacklist
This extension will validate Steemit related websites by changing its icon color:
- red is for blacklisted sites
- green is for recognised friendly sites
- grey is for unrecognised sites
Whitelist and blacklist
Steemed Phish does not rely solely on these list as anything not listed won't be protected. Blacklist and whitelist are hard to maintain but adding them helps widening the protection coverage.
When a site is neither whitelisted or blacklisted, Steemed Phish will try to check the URL structure to find known patterns and flag a link as supsicious by coloring it in pink.
There are currently 19 blacklisted websites and 31 whitelisted websites.
Phishing Alerts
If a user lands on a phishing website, Steemed Phish will display two types of alerts:
- a dialog that shows up even if the page was loaded in a tab in the background
- a full page alert, that covers the whole phishing page and offers a link to go back to Steemit.com. The full page alert also reminds the user of not using their Steemit Keys on unknown websites and keep their password (Owner Key) safe.
Spammer highlight
The extension is now using the SteemCleaners' public blacklist to highlight spammers' name on posts and comments they have authored.
Expand shorten URL
Some links are shortened using services such as bit.ly, this prevents people from easily analysing the URL of the link. Steemed Phish uses a link expanding API to determine the destination URL of a link and then compare it again against the white/blacklist logic above.
Making external links more visible
Ideally, a user should be more careful on links they are clicking on by always paying attention to the URL of an anchor. But this is easier said than done and even the most experienced user can let down their guard sometimes and get tricked by the scammers.
Recently, Steemit.com, has added a feature that marks external links with a grey icon on the right of each links. Steemed Phish will make that icon more obvious by coloring it in purple. On top of that, it will make a bubble appear next to the mouse cursor with a text explaining the fact that clicking on the link with leads you away so don't use your password. This bubble won't show up on friendly (whitelisted) websites
Support lazy loading
The extension works even if the links are inserted into the page after page load (Ajax), for example:
- The link was in a comment that was hidden due to low rating and I then revealed it.
- The link is in a comment low in a popular page. The comment was not loaded at first but only when you scroll down
In both cases, the first time the page loads, the comment and the link is not loaded and displayed. Steemed Phish still works in these cases.
Download the extension
https://chrome.google.com/webstore/detail/steemed-phish/eiaigalhddmmpdnehcigmlmgllomljgj