nikolaischunk/discord-phishing-links

False positives

zevnda opened this issue · 6 comments

As Discord uses the discord.gg domain for certain things like server/game invites, this one causes some false positives

@probablyraging Are you using the npm package? If so please check that you are using a new version >= 0.2.0.
The false positive isn't caused by the list but by the check that the module made pre-version 0.2.0.
Let me know.
Thank you

@lucapolesel this also brings up the question if we should include the two other domains again? yk iscord.gg

@nikolaischunk yeah, I think that we should put some kind of message on top of the readme like "If false positive please make sure that you are using version.." or so. But let's see if it was indeed using an older version first.

@nikolaischunk @probablyraging From what I can see (I might be wrong) if you are refering to your bot CreatorBot it seems like you are not using the module but your own implementation based on the old npm package's code.
See: Here
That .includes(..) is causing false positives.
(Even the one that you are using to ignore some domains Here isn't right because it might flag some malicious domains as good in the case you get domains like test-discord.gg/).

@lucapolesel correct, I'm just fetching the json file from this repo and doing my own check against it (not a very good one). I appreciate the info and will start using the npm package ASAP.

Also, a link for you to add is discrdgifts.com/event, let me know if you'd like me to create a new issue for this.

Great to hear, that you could solve the problem, if the npm package has any bugs report it directly to the package repository on github! i'll add the domain to my domains that should get added :)