Some URL tag changes that has to be made

[Casdinyard]

UPDATE:
I've just tried using the [nobbc][/nobbc] tags inside the someurl 2 and it would simply link some fake website.


I've just noticed (so late) that you can phish someone with a simple URL tag.

if you would use the tags
[url=<<someurl 1>>]<<someurl 2>>[/url]

you can insert some phishing links in the someurl 1 and put a different link in the someurl 2. Here's a sample:

If I were the phisher:
Guys is this guy should be reported?
https://bitcointalk.org/index.php?topic=5268229.msg54979042#msg54979042

By clicking the link that seems to just a simple bitcoin talk post, you'll be redirected to facebook page. In which, if some wouldn't be bothered clicking it, users clicked it would be hacked instantly and the hacker would just get his information. And we all trust bitcointalk related links, but I just wanted to open this up as well to be a reminder for everyone that any links can be deceiving, I can even say that this medium.com article or any articles is the link of my thread yet it would direct you to a phishing website.

I hope that the URL tags should only accept context that aren't URLs I think the forum must now don't include the [nobbc][/nobbc] tags. If not and impossible to be implemented, guess every users must be warned with such possible attack.

My bad it isn't possible lol locking the thread

[1714092971]

1714092971

[1714092971]

1714092971

[1714092971]

1714092971

[Pffrt]

I think this have been discussed long ago. People should be aware of clicking any links anywhere, not even this place only. Also, I don't see a good solution for this. How can forum prevent this?

[actmyname]

4. No referral code (ref link) spam. [1]

5. No link shorteners that require users to view an ad.

6. No linking to phishing or malware, without a warning and a valid reason. [e]

Report posts to mods. I recommend prefacing it with [P1] to indicate high priority. If more adopt the system, this allows reports to be streamlined. (I rank priorities 1-5 from malware to bumps)


If you want something that's actually worse than a simple URL change, check this out:

I am Craig S Wright.

[Lafu]

You can take a look here and as actmyname has written just report it to the Moderator and if not sure ask !

You can chech out this here also , i have written in the passt about to watch out when you click links.

Guide and advice for new Users before you Download anything from the Forum !

[BitMaxz]

I think this have been discussed long ago. People should be aware of clicking any links anywhere, not even this place only. Also, I don't see a good solution for this. How can forum prevent this?

Yeah it was discussed here before many times like this thread https://bitcointalk.org/index.php?topic=5224820.0

I thought that it was already fixed because I tried it before and it doesn't work it always changed to the same URL you put on the text field.
But right now I tried some URL and all seems fine except for one URL like this one.



It seems some of the phishing URLs are blocked.
For now, reporting them is the best action as suggested by actmyname while this issue is not fixed yet.

[Casdinyard]

I think this have been discussed long ago. People should be aware of clicking any links anywhere, not even this place only. Also, I don't see a good solution for this. How can forum prevent this?

Yeah it was discussed here before many times like this thread https://bitcointalk.org/index.php?topic=5224820.0

Thanks for the answer. But what I'm trying to say here is that once that reports such as bitcointalk post links, medium article links, and even web-archive links (that are always common and such links seemed to be safe whenever the user is explicitly posted the URL), can have a different link inside - which mobile users can be affected.

Yes, TryNinja and even your idea was right. But if I were to use the [nobbc][/nobbc] tags, then I could easily say that - this bitcointalk profile url is a scammer or anything, admittedly that most of us trust once the links are from bitcointalk, medium, or any known secured websites, we haven't bothered been thinking of where it really redirect. And how about those mobile phone users or any device that doesn't have a hover in their browsers?

All I'm trying to say here is that [nobbc][/nobbc] tags can be used on such hideous activities, and we should be more careful now. Guess the only right and possible thing is to report, but not all in the forum are knowledgeable and the forum are continuously having new users with no knowledge at all.

I hope ya'll get my point lol


I'll lock the thread once the argument is established.

[Pffrt]

can have a different link inside - which mobile users can be affected.

It's true that in such a way people can be linked to different phishing link. If I'm correct, an user was once received a PM where sender tricked him to log in fake bitcointalk, designed same as bitcointalk log in landing page.
But if you are concerned enough although many are not, from mobile, you will never click link directly. Rather you will click and hold on to check what the link actually is.

[actmyname]

[‎nobbc] can be regarded as a symptom a larger problem, which is just that the process to transform the URL into the proper link is very trivial.

Anything inserted to change the URL slightly can make it pass. For example:

ht‎tps://bitcointalk.org/index.php whitespace between ht tps
ht‎tps://bitcointalk.org/index.php cyrillic o

[nakamura12]

We can't stop people to stop using such bbcode unless it is not available to use in the forum. To avoid getting redirected to other platform then I recommend visiting the thread to know what to do when you see a link provided if it is a direct link or a hyperlink or as what you have explained or do researching.

I think this have been discussed long ago. People should be aware of clicking any links anywhere, not even this place only. Also, I don't see a good solution for this. How can forum prevent this?

Yeah it was discussed here before many times like this thread https://bitcointalk.org/index.php?topic=5224820.0

I thought that it was already fixed because I tried it before and it doesn't work it always changed to the same URL you put on the text field.
But right now I tried some URL and all seems fine except for one URL like this one.



It seems some of the phishing URLs are blocked.
For now, reporting them is the best action as suggested by actmyname while this issue is not fixed yet.

True, It has been discussed before in that thread. I wonder why the image I provide i  that thread is not shown like before. I wonder if op haven't read the thread about URLs.

[libert19]

I think this have been discussed long ago. People should be aware of clicking any links anywhere, not even this place only. Also, I don't see a good solution for this. How can forum prevent this?

Nothing to do with forum tbh, and I don't think it should be forum's responsibility either. It's convenient tag and some bad apples can abuse it, just like other things in the world.

Checking links before you click/open would be more than sufficient.

[PrimeNumber7]

If you post a link to a bitcointalk.org post or page, when you hover over the link, the text will be green, and links to any other domain will be blue.

A possible solution to the attack you describe may be to highlight links in red when a user hovers their mouse over the link in cases in which a domain is posted in the URL text that does not match the actual hyperlink.