Cybersecurity

5683 readers

48 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 1 year ago

MODERATORS

[email protected]

What if someone creates a clone of my app for phishing? (lemmy.ml)

submitted 3 months ago by [email protected] to c/[email protected]

1 comments fedilink hide all child comments

https://github.com/positive-intentions/chat

im working on a decentralized chat app similar to Simplex with the additional detail that it's mainly presented as a webapp. Simplex recently posted on their subreddit about "somone else" having registered and hosted a copy of thier website/app.

this could be for something like phishing and they correctly notified people and reccommend to not download from there.

https://www.reddit.com/r/SimpleXChat/comments/1epuf5w/please_note_we_do_not_own_the_domain/

im now thinking i should point people to my github repository. (the links to the webapp and builds for ios/andoid/ desktop can be found directly there from the readme)... similar to a "domain", im sure its easy enough to create a new github organization and repo that looks similar to the one i already have.

i added a section in the readme about improving the security of the app by using a selfhosted version for those that want/need hightened security/privacy.

Simplex also mention they submitted a complaint to the domain registrar. id like help to learn about what other things i could do if somthing similar happens to my app. this is something that id like to know more about because its seems inevitable to happen (if it becomes popular) given my app is open source and easy to selfhost.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 2 months ago

It would be a good idea to at least buy one or several domain .TLDs for open source projects even if you currently aren't planning to make use of them. If nothing else getting a domain prevents someone else from registering it, and you could start using them to make legitimate results higher in search results. This is easiest when you are first starting a project and can check availability before settling on a name.

The problem is that there are hundreds of TLDs so you're not going to be able to register them all. Simplex mentioned they reported the domain. If you do an ICANN lookup you can find an abuse email for the domain, which would be an email for the registrar. You can report to that email and it is likely they will remove the site. You can also go directly to the TLD and report abuse to them as well.

Beyond that search for your project every once and a while and see what comes up or what doesn't come up.