Add warnings to edited links (prevent viruses, potential scams or hackers) [Serious]

Status

Ilay A

Epic Mineman Trailer dude
Supreme
Feedback score
17
Posts
1,521
Reactions
733
Resources
0
I want you to click on this link https://www.google.com

a google link right?
nope, that's an imgur picture, could have been a scam, keylogger or even a scary virus!

my point is, you can't really tell if there's a mimic link that had been edited with a virus, affiliate link or a keylogger pasted onto a legit website link.

So my suggestion is, whenever a URL is edited, there should be a warning displayed right near the hyperlinked text that says in brackets "(this link had been edited)". that warns you that it was indeed edited to something else. and also a pop-up that displays a "that's the original link, are you sure that you want to continue?" warning right before entering the edited link
 
Type
Suggestion
Status
Denied
Last edited:
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.

Swayho

Skyblock is life
Supreme
Feedback score
1
Posts
36
Reactions
8
Resources
0
I agree on this post 100% this is a really serious problem.
 

Ilay A

Epic Mineman Trailer dude
Supreme
Feedback score
17
Posts
1,521
Reactions
733
Resources
0
A proper way I think would be - Putting a pop-up with the warning, "Are you sure you want to be redirected to xx link, this link is not affiliated with mc-market."
Yeah just like steam might work, but only on edited links
 

Kieraaaan

Plugin Developer
Premium
Feedback score
7
Posts
463
Reactions
222
Resources
0
I want you to click on this link https://www.google.com

a google link right?
nope, that's an imgur picture, could have been a scam, keylogger or even a scary virus!

my point is, you can't really tell if there's a mimic link that had been edited with a virus, affiliate link or a keylogger pasted onto a legit website link.

So my suggestion is, whenever a URL is edited, there should be a warning displayed right near the hyperlinked text that says in brackets "(this link had been edited)". that warns you that it was indeed edited to something else. and also a pop-up that displays a "that's the original link, are you sure that you want to continue?" warning right before entering the edited link
I'd say add a new page which will have a title saying "You're about to leave MC-Market" and below it will say the link address you're being redirected to. It can also have to buttons saying "Proceed to site" or "Go back".
 

Ilay A

Epic Mineman Trailer dude
Supreme
Feedback score
17
Posts
1,521
Reactions
733
Resources
0
You can make a link direct to a different site without editing the message, I won't edit this message but check the link below:

https://www.google.com
I'd say add a new page which will have a title saying "You're about to leave MC-Market" and below it will say the link address you're being redirected to. It can also have to buttons saying "Proceed to site" or "Go back".
Really interesting stuff, I'm glad I brought this subject up since I see a lot of other people are aware of this and see it's a concern.

We need the mods to do something since I won't be surprised if people are already abusing it to hide affiliates or maybe even some accounts that got compromised were hit by a keylogger with the same technique
 

Justis

Community Member
Management
Feedback score
61
Posts
2,117
Reactions
2,414
Resources
0
Being able to edit the display of a link is a feature, not an exploit:
Code:
[url=http://www.google.com]Google it![/url]

A huge portion of our community utilizes their own websites for their portfolios, shops, services, etc. All of them receive your IP when you visit it. Any single one of these could turn their website into a redirect towards some other web page. Hell, you can use google’s URL shortening tool to do exactly that.

I’m not aware of anyone who adamantly refuses to visit user owned websites, google shortened links, or the like, despite them being no less of a risk. If you’re someone who would like to check the full destination of any link you click, despite not being able to know what’s on the other side of the link until you visit it anyways, then here’s a few options:

If you use chrome, hover over the link. The full url will display at the bottom lefthand corner of your browser. (This is essentially, already exactly what you’re asking for, and most people use chrome and have this feature).
If you don’t have this feature, right click the link, copy the url, paste it into your address bar. If you like the link, hit enter.

Perhaps I’m of the minority, but I actually hate when websites generate popups and additional page relocations just to get me to confirm that, yes, I did in fact actually want to visit the link that I just clicked on because I wanted to visit it.

I’m not against adding this feature, since it can help some worried folks, so long as it’s a user toggleable option, and defaults to off.
 

Ilay A

Epic Mineman Trailer dude
Supreme
Feedback score
17
Posts
1,521
Reactions
733
Resources
0
Being able to edit the display of a link is a feature, not an exploit:
Code:
[url=http://www.google.com]Google it![/url]

A huge portion of our community utilizes their own websites for their portfolios, shops, services, etc. All of them receive your IP when you visit it. Any single one of these could turn their website into a redirect towards some other web page. Hell, you can use google’s URL shortening tool to do exactly that.

I’m not aware of anyone who adamantly refuses to visit user owned websites, google shortened links, or the like, despite them being no less of a risk. If you’re someone who would like to check the full destination of any link you click, despite not being able to know what’s on the other side of the link until you visit it anyways, then here’s a few options:

If you use chrome, hover over the link. The full url will display at the bottom lefthand corner of your browser. (This is essentially, already exactly what you’re asking for, and most people use chrome and have this feature).
If you don’t have this feature, right click the link, copy the url, paste it into your address bar. If you like the link, hit enter.

Perhaps I’m of the minority, but I actually hate when websites generate popups and additional page relocations just to get me to confirm that, yes, I did in fact actually want to visit the link that I just clicked on because I wanted to visit it.

I’m not against adding this feature, since it can help some worried folks, so long as it’s a user toggleable option, and defaults to off.
Making it toggable can really make a difference(for the good) instead of my original suggestion, my point is that people here already got compromised for carelessly clicking hidden links on their phones , a popup that shows the actual original link can make the lives of newbies, lazy people, edge users far easier.

I really appreciate your detailed perspective, I'd like it to get accepted for an extra layer of optional protection as such tricks are more common than one might think
 
Last edited:

Sloth

Feed Me
Supreme
Feedback score
6
Posts
4,369
Reactions
2,660
Resources
0
Making it toggable can really make a difference(for the good) instead of my original suggestion, my point is that people here already got compromised for carelessly clicking hidden links on their phones , a popup that shows the actual original link can make the lives of newbies, lazy people, edge users far easier.

I really appreciate your detailed perspective, I'd like it to get accepted for an extra layer of optional protection as such tricks are more common than one might think
Are they compromised as a result of these links or as a result have setting the same password on multiple sites (including competitors?)
 

Ilay A

Epic Mineman Trailer dude
Supreme
Feedback score
17
Posts
1,521
Reactions
733
Resources
0
Are they compromised as a result of these links or as a result have setting the same password on multiple sites (including competitors?)
Well you actually can't really tell but this trick does happen out of MCM , I have seen in MCM though plenty of hidden referral links from people doing hyperlink disguise and they actually get away with it.

Also it can make ddos attacks easier for quote "hackers" since getting an IP through clicking a thread design could be incredibly easy.

I really don't see a reason to not add such feature, yeah it has downsides but as Justis said, it can be implemented as a toggable option making the lives of people with big MCM accounts far easier
 
Last edited:

Blood

Deactivated
Feedback score
23
Posts
497
Reactions
287
Resources
0
Being able to edit the display of a link is a feature, not an exploit:
Code:
[url=http://www.google.com]Google it![/url]

A huge portion of our community utilizes their own websites for their portfolios, shops, services, etc. All of them receive your IP when you visit it. Any single one of these could turn their website into a redirect towards some other web page. Hell, you can use google’s URL shortening tool to do exactly that.

I’m not aware of anyone who adamantly refuses to visit user owned websites, google shortened links, or the like, despite them being no less of a risk. If you’re someone who would like to check the full destination of any link you click, despite not being able to know what’s on the other side of the link until you visit it anyways, then here’s a few options:

If you use chrome, hover over the link. The full url will display at the bottom lefthand corner of your browser. (This is essentially, already exactly what you’re asking for, and most people use chrome and have this feature).
If you don’t have this feature, right click the link, copy the url, paste it into your address bar. If you like the link, hit enter.

Perhaps I’m of the minority, but I actually hate when websites generate popups and additional page relocations just to get me to confirm that, yes, I did in fact actually want to visit the link that I just clicked on because I wanted to visit it.

I’m not against adding this feature, since it can help some worried folks, so long as it’s a user toggleable option, and defaults to off.
Just because people link to innocent sites such as shops and such doesn't mean that there shouldn't be a layer of security in the instance that links turn out to be malicious.

I personally don't like it when sites have that "This link goes to this site. Are you sure?" buffer page so I agree with having it as a toggleable feature but I think it should default to on.

To reduce it being a nuisance, I think the community and staff should work together maintain an active whitelist for sites and possibly have a thread where users can request a well-known URL to be whitelisted such as Selly, Shoppy, NameMC, Gyazo, prntscr.com, prnt.sc, etc, etc.
 

Joshua C

Web Developer & Designer
Supreme
Feedback score
106
Posts
1,327
Reactions
470
Resources
0
I disagree,
To reduce it being a nuisance, I think the community and staff should work together maintain an active whitelist for sites and possibly have a thread where users can request a well-known URL to be whitelisted such as Selly, Shoppy, NameMC, Gyazo, prntscr.com, prnt.sc, etc, etc

For me I need to link example websites and such and if it was to be like that we can't link out personal website
 

Sloth

Feed Me
Supreme
Feedback score
6
Posts
4,369
Reactions
2,660
Resources
0
Just because people link to innocent sites such as shops and such doesn't mean that there shouldn't be a layer of security in the instance that links turn out to be malicious.

I personally don't like it when sites have that "This link goes to this site. Are you sure?" buffer page so I agree with having it as a toggleable feature but I think it should default to on.

To reduce it being a nuisance, I think the community and staff should work together maintain an active whitelist for sites and possibly have a thread where users can request a well-known URL to be whitelisted such as Selly, Shoppy, NameMC, Gyazo, prntscr.com, prnt.sc, etc, etc.
The fact that the staff team would have to go out of their way to check each individual website being requested by members in the community to be whitelisted would create a nuisance for both them and us. They’d have to check countless sites to ensure they don’t pose security risks and in the meantime we’d have to wait who knows how long.
 

Blood

Deactivated
Feedback score
23
Posts
497
Reactions
287
Resources
0
I disagree,


For me I need to link example websites and such and if it was to be like that we can't link out personal website
Apparently, you don't even know what this discussion is about. With this suggestion implemented, you will still be able to link your personal website. "Whitelist" refers to a list of sites that will not trigger a warning when clicked on.

The fact that the staff team would have to go out of their way to check each individual website being requested by members in the community to be whitelisted would create a nuisance for both them and us. They’d have to check countless sites to ensure they don’t pose security risks and in the meantime we’d have to wait who knows how long.
Here's what I said.
a well-known URL to be whitelisted such as Selly, Shoppy, NameMC, Gyazo, prntscr.com, prnt.sc, etc, etc.
Note "well-known". These aren't user-owned sites and staff shouldn't have to be checking any sites because they should be able to know which suggested sites are well known and safe without having to click on it.

Example:
- Justis opens a thread saying "suggest well-known and safe sites that are commonly linked by users on this site".
- Users suggest websites that should be whitelisted such as "namemc.com" or "gyazo.com" or "minecraft.net".
- Staff recognize those as safe sites and quickly whitelist them.
- Some incompetent users suggest their own personal site "mypersonalsite.xyz"
- Staff simply ignore them.
 
Last edited:

Justis

Community Member
Management
Feedback score
61
Posts
2,117
Reactions
2,414
Resources
0
Just because people link to innocent sites such as shops and such doesn't mean that there shouldn't be a layer of security in the instance that links turn out to be malicious.
I think you misunderstood what my examples were for.
My message wasn’t “Look, you’re surrounded by innocent websites here”. My message was “Look, you’re surrounded by potential danger”. Because you cannot know whether it’s a danger, until you visit it, and maybe you don’t even realize the danger even after it’s had its way with you. Any one of these “shop” sites, or “portfolios” or what have you could be a threat, and if they aren’t now, they could be turned into one at the snap of the finger.

Seeing the link first does not hinder the danger in the slightest. That’s mostly why I don’t believe it’s worth defaulting to on. Because it’s just a major annoyance without any benefit. To call it a layer of security is a gross exaggeration, and is more likely to mislead people into underestimating the dangers that visiting websites poses. “I can totally recognize a dangerous website by its domain, yeah, I’m safe”.

The internet is a dangerous place. There is no such thing as “trusted sites”, and I’m not aware of anyone who refuses to visit a website just because they haven’t seen the domain before. However, if such people exist, then I’m happy to get this feature developed for them, again, as long as it defaults to off.
 

Ilay A

Epic Mineman Trailer dude
Supreme
Feedback score
17
Posts
1,521
Reactions
733
Resources
0
Or you could just hover over the link and check where it would lead you to
Phone users, newbies, edge users, lagging chrome users can't really do that, also it's too small that it's unnoticable, that's why we plan it as a toggable option for struggling users, paranoid users or lazy users or in general people with big accounts and to make the job for us easier to report hidden affiliates
 

Jayson

Supreme
Feedback score
17
Posts
1,258
Reactions
741
Resources
0
I’m thinking of a BbCode parser that checks if there’s a link between the url tags and if there is and it doesn’t match with the actual url, it would make a pop up with a redirect confirmation.

Could also make it pop up for anything that doesn’t match the actual link, but I’d opt to have that off by default.
 
Status
Top