Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Physhing risk when hosting HTML files #137

Open
joeitu opened this issue Mar 16, 2022 · 1 comment
Open

Physhing risk when hosting HTML files #137

joeitu opened this issue Mar 16, 2022 · 1 comment
Labels
priority

Comments

@joeitu
Copy link

joeitu commented Mar 16, 2022

Hello,

Not sure if this is the correct place to create the issue, but today on https://solidcommunity.net I created an account called "password-recovery" and was able to create this: https://password-recovery.solidcommunity.net/

I can imagine a scenario where an attacker would grab email addresses from solidcommunity.net users ( by scraping their WebID document for e.g. ) and then send them a phishing email " All solid community accounts have been compromised, please reset your password on https://password-recovery.solidcommunity.net/"

Of course, solidcommunity.net offers no warranty on security, as it is principal place of experimentation. But I wonder in the future if it would be possible to have at the same time the possibility to host webpage and prevent phishing attacks.
Maybe a stronger blacklist?
A moderation system, where permission needs to be requested to host a webpage?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority
Projects
SolidOS team tasks & Git issues
Status: No status
Milestone
No milestone
Development

No branches or pull requests
3 participants
@timea-solid @Otto-AA @joeitu