Comment by johnklos

Comment by johnklos 6 hours ago

9 replies

View on Hacker News

Can be summarized with: Don't click on links in email.

So is github-scanner.com (and github-scanner.shop) still the same malicious party? It seems to be. Funny that their DNS is hosted by Cloudflare (who, famously, don't host anything, because they think we're all dumb). Cloudflare, who take responsibility for nothing, has no way to report this kind of abuse to them.

The domain which hosts the malware, 2x.si, both uses Cloudflare for DNS and is hosted by Cloudflare. At least it's possible to report this to Cloudflare, even though they rate limit humans and have CAPTCHAs on their abuse reporting forms.

Sigh. Thanks to Cloudflare, it's trivial these days to host phishing and malware.

poincaredisk 4 hours ago

Cloudflare is way more responsive to abuse requests than 95% of country level DNS registrars. Having experience working with both.

Reply View 1 reply
elashri 5 hours ago

I don't know how effective and quick to respond but there is a way to report malware [1]

Extracting from the page

> Which category of abuse to select > Phishing & Malware

https://www.cloudflare.com/trust-hub/reporting-abuse/

Reply View 2 replies
  • johnklos 5 hours ago

    Cloudflare's abuse form will not let you submit the report if you don't include a URL that currently points to their network. There're no options for phishing / scam domains for which they're the registrar and/or DNS hosting.

    Reply View 1 reply
    • ToValueFunfetti 3 hours ago

      I haven't tested the form, but they do claim you can report abuse of the registrar with some of the options, perhaps they've changed it?

      Failing that:

      > If Cloudflare is listed as the registrar on an ICANN WHOIS listing, you also can email reports related to our registrar services to registrar-abuse@cloudflare.com

      Reply View 0 replies
spoonfeeder006 4 hours ago

So how do you not click links to confirm your email for a new account?

Rather one could use Qubes OS and only open links in disposable VMs and never enter info beyond that

Thats basically what I do when I get emails to confirm my email address for a new account

One can't always avoid clicking links can they?

Reply View 2 replies
  • bentcorner 3 hours ago

    > So how do you not click links to confirm your email for a new account?

    Fair question, but the "don't click links in email" is for emails that you don't expect. And sure, that's an unsatisfying answer because it's hard to communicate this wisdom to your grandmother.

    I think the best answer is defense-in-depth. Ensure you use updated email clients, browsers, and OS, and employ a dns blocker like a pihole or equivalent public service.

    For less-savvy people a device like an iPad or Chromebook can be a reasonable defense.

    Reply View 1 reply
    • hunter2_ 2 hours ago

      If I'm being honest, "don't click links in email unless you were expecting that particular email message" seems easier for grandma than "update x, y, and z, and use Pihole" unless you want to administer her network and devices. But maybe you're saying that an iPad/Chromebook can mitigate all of the above needs? A little bit.

      Anyway, while I haven't heard of any cases yet, it wouldn't surprise me if senders of phishing email someday manage to deliver messages shortly after detecting some traffic (DNS lookup?) that you legitimately make with the entity the email is spoofing. Then you're expecting it, roughly.

      Reply View 0 replies