SolidOS/solidos

Physhing risk when hosting HTML files

Opened this issue · 1 comments

Hello,

Not sure if this is the correct place to create the issue, but today on https://solidcommunity.net I created an account called "password-recovery" and was able to create this: https://password-recovery.solidcommunity.net/

I can imagine a scenario where an attacker would grab email addresses from solidcommunity.net users ( by scraping their WebID document for e.g. ) and then send them a phishing email " All solid community accounts have been compromised, please reset your password on https://password-recovery.solidcommunity.net/"

Of course, solidcommunity.net offers no warranty on security, as it is principal place of experimentation. But I wonder in the future if it would be possible to have at the same time the possibility to host webpage and prevent phishing attacks.
Maybe a stronger blacklist?
A moderation system, where permission needs to be requested to host a webpage?