Admin: can you block link masquerading which redirect to malicious files ?

[Voidlord]

Hello,

everything is in the title: can you block link masquerading which redirect to malicious files after a quote ?

   In order to be clear:

The Opal team had recently posted a legitimate link on the BitcoinTalk forums to the download to their latest client. Diabanhxeo, the hacker’s profile name (ID# 210031), quoted the link on a post, but changed the link to a malicious one that downloaded a fake RAR file. Opal’s client, however, is compressed with ZIP.

here is a part of a talk between users.

.....
You don't realize.... the attacker quoted the devs then he changed the link in the quote, so many people think that it was the original link, not everybody know that we can make a yahoo.com hyperlink with a redirection on google.com

After all, if the malware is crypted you cannot detect anything using antivirus, the real problem is why bitcointalk allow user to make a Yahoo.com hyperlink able to redirect on google.com ?
.....

Many thanks for the attention you pay to my ask.

[1714788772]

1714788772

[shorena]

Hello,

everything is in the title: can you block link masquerading which redirect to malicious files ?
-snip-

How do you suggest the detection of malicious files? Every time in the past I reported a link to a virus the post was removed very promtly. What exactly is your suggestion for the staff to do?

[Voidlord]

How do you suggest the detection of malicious files? Every time in the past I reported a link to a virus the post was removed very promtly. What exactly is your suggestion for the staff to do?

if it is possible to forbid link masquerading after a quote:
Example:

Official devs:
please download the Mandatory


here is the syntax: (i put * to block the link in order to be clear)
[*url=https://bitcoin.org/en/download]Mandatory[/url]

here the link go to bitcoin wallet download page

....
See the post below

[Voidlord]

Official devs:
please download the Mandatory

Attacker change the link in the quote which redirect to his malicious URL (here i put virustotal.com just for example, obviously virustotal is not malicious)

I am asking if Bitcointalk admin can do something against that

Like find a trick to automatically turn off link in quote

[shorena]

Official devs:
please download the Mandatory

Attacker change the link in the quote which redirect to his malicious URL (here i put virustotal.com just for example, obviously virustotal is not malicious)

I am asking if Bitcointalk admin can do something against that

Like find a trick to automatically turn off link in quote

I understand your suggestion, but I doubt it will be done. A quote is no different from a regular post. Even if this would work via the quote tag, someone using that technique could modify the quote tag to refer a different post easily (see above).
All browsers (expect maybe mobile) offer a way to spot this. Hover over the linktext with the mouse and see where it leads. IMHO this is internet 101. Dont click a link where you have no idea where you end up. This includes shortened links, which is a perfect tool for someone to link to a fake page. The hardcore version would be to go to the URL you think the link leads by hand and copy pasta the rest of the link. E.g. if you get a stearncommunity/blabla link, you go to the page steamcommunity and copy the /blabla behind it.

I hope you found the difference...

[Voidlord]

I understand your suggestion, but I doubt it will be done. A quote is no different from a regular post. Even if this would work via the quote tag, someone using that technique could modify the quote tag to refer a different post easily (see above).
All browsers (expect maybe mobile) offer a way to spot this. Hover over the linktext with the mouse and see where it leads. IMHO this is internet 101. Dont click a link where you have no idea where you end up. This includes shortened links, which is a perfect tool for someone to link to a fake page. The hardcore version would be to go to the URL you think the link leads by hand and copy pasta the rest of the link. E.g. if you get a stearncommunity/blabla link, you go to the page steamcommunity and copy the /blabla behind it.

I hope you found the difference...

Thanks for your reply Shorena,

I dont ask for myself you know:

I ask that because there will always be people who will be fooled by such tricks.

Since the time i provide advices to users about the good behaviour regarding the web,

Maybe 10% apply my advices...

We are soon in 2015 and around 75% of the people i help irl (hardware, middleware, software) still use the same password for all their tools.... without speaking about the "birthpass" if you see what i mean .

[Truther]

Official devs:
please download the Mandatory

Attacker change the link in the quote which redirect to his malicious URL (here i put virustotal.com just for example, obviously virustotal is not malicious)

I am asking if Bitcointalk admin can do something against that

Like find a trick to automatically turn off link in quote

I understand your suggestion, but I doubt it will be done. A quote is no different from a regular post. Even if this would work via the quote tag, someone using that technique could modify the quote tag to refer a different post easily (see above).
All browsers (expect maybe mobile) offer a way to spot this. Hover over the linktext with the mouse and see where it leads. IMHO this is internet 101. Dont click a link where you have no idea where you end up. This includes shortened links, which is a perfect tool for someone to link to a fake page. The hardcore version would be to go to the URL you think the link leads by hand and copy pasta the rest of the link. E.g. if you get a stearncommunity/blabla link, you go to the page steamcommunity and copy the /blabla behind it.

I hope you found the difference...

The biggest issue this brings up is adoption.. The Fraud and Theft protection that banks and credits company's provide is the main advantage they have over crypto and it is a big advantage. Every scam and theft hurt cryptocurrency adoption. If we ever plan to make Bitcoin or any coin for that matter widely accept, protection o some type need to be considered. Simply saying "Well they should know better." is not an acceptable response to theft.

If cryptocurrencies are going to be a globally accepted currency, they need to be usable and trusted, by those who may not know anything about computers other then checking their email.

[cooldgamer]

This is actually pretty bad, especially if you make your text a link so people won't bother to see where it goes.  For example:

https://www.youtube.com/watch?v=1pK84PDvSqg

[shorena]

-snip-
The biggest issue this brings up is adoption.. The Fraud and Theft protection that banks and credits company's provide is the main advantage they have over crypto and it is a big advantage. Every scam and theft hurt cryptocurrency adoption. If we ever plan to make Bitcoin or any coin for that matter widely accept, protection o some type need to be considered. Simply saying "Well they should know better." is not an acceptable response to theft.

If cryptocurrencies are going to be a globally accepted currency, they need to be usable and trusted, by those who may not know anything about computers other then checking their email.

The "you should know better, but we ban everyone we can catch"-approach seems to work for steam. Last time I checked they did not have problems with "adoption". Well they also restore your items in some cases... so you might have a point anyway.