-
Notifications
You must be signed in to change notification settings - Fork 249
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
.rekt module defaults send users to malware websites #271
Comments
[13:33:49] handler, ☑ www.rekkit.com |
[13:43:19] oh wow, indeed the Cash4Rekt.com directs you to some other malicious site as well |
This is my bad, I didn't think to check the links at all. Would adding some zero-width spaces in them to stop IRC clients from processing them as links be an acceptable solution? I mean I should probably just remove all rekt lines which include links at all, as people may try to follow them anyways (even though the message should just be what the url is, not like a website I mean). |
Absolutely not.
The correct fix is to remove the plugin entirely, as it’s intended to be malicious. Or remove entirely the lines that are malicious in rekt.txt
I’m considering reporting this bot and module to us-cert.gov and others.
Vr,
Andrew
From: David Ross <[email protected]>
Reply-To: CloudBotIRC/CloudBot <[email protected]>
Date: Wednesday, May 31, 2017 at 2:19 PM
To: CloudBotIRC/CloudBot <[email protected]>
Cc: Andrew Strutt <[email protected]>, Author <[email protected]>
Subject: Re: [CloudBotIRC/CloudBot] .rekt module defaults send users to malware websites (#271)
This is my bad, I didn't think to check the links at all. Would adding some non-breaking spaces in them to stop IRC clients from processing them as links be an acceptable solution?
I mean I should probably just remove all rekt lines which include links at all, even though the message isn't like a url, but just the url name.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.
{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/CloudBotIRC/CloudBot","title":"CloudBotIRC/CloudBot","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/CloudBotIRC/CloudBot"}},"updates":{"snippets":[{"icon":"PERSON","message":"@daboross in #271: This is my bad, I didn't think to check the links at all. Would adding some non-breaking spaces in them to stop IRC clients from processing them as links be an acceptable solution?\r\n\r\nI mean I should probably just remove all rekt lines which include links at all, even though the message isn't like a url, but just the url name."}],"action":{"name":"View Issue","url":"#271 (comment)"}}}
|
OK. I know the author of this plugin, and I'm sure it was not intended maliciously, only as a misunderstanding that these links would be clickable. I'll definitely remove the lines. |
(a misunderstanding, or just not at all considering the destination of these links). Removed as of 9f5130a. |
the default rekt.txt is pushing users to websites that attempt to install browser malware:
http://adrak.gq/5563-2-new/c/your-computer-is-locked-call-us-at-tollfreenow--1-877-506-5563-your-computer-is-locked-call-us-at-tollfreenow--1-877-506-5563/
Example URL.
The text was updated successfully, but these errors were encountered: