Posts

πŸ”‘πŸ¦Έβ€β™‚οΈ [monthly report - May 2021]

avatar of @keys-defender
25
Keys Defender
@keys-defender
Β·
0 views
Β·
6 min read









@keys-defender activity report for the month of MAY


Β 


K E Y S Β  P R O T E C T I O N:

PRIVATE KEYS LEAKS protected:

1. @thephotowala

  • Chain: Hive (Hive only account 😎)
  • Type: Memo key
  • Operation in which the key was leaked: transfer
Leaked account stats:
- Estimated Account Value: $ 8.40
- Reputation: 39
- Followers: 7
- Account age: Joined April 2021

@keys-defender's actions:
- Immediate automated reply
- Disclosure





Β 

2. @bukkyi4u

  • Chain: Steem (Steem only account πŸ‘Ž)
  • Type: Posting key
  • Operation in which the key was leaked: post publishing
Leaked account stats:
- Estimated Account Value: $ 455.00
- Reputation: 60
- Followers: 8
- Account age: Joined March 2021

@keys-defender's actions:
- Immediate automated reply
- Disclosure





Β 


3. @random7

  • Chain: Hive (Hive only account 😎)
  • Type: Active key
  • Operation in which the key was leaked: transfer
Leaked account stats:
- Estimated Account Value: $ 6.94
- Reputation: 38
- Followers: 0
- Account age: Joined January 2021

@keys-defender's actions:
- Immediate automated reply
- Disclosure





Β 


4. @mark-greek

  • Chain: Steem (Steem only account πŸ‘Ž)
  • Type: Posting key
  • Operation in which the key was leaked: transfer
Leaked account stats:
- Estimated Account Value: $ 0.03
- Reputation: 25
- Followers: 0
- Account age: Joined May 2021

@keys-defender's actions:
- Immediate automated reply
- Disclosure





Β 

5. @ivonne

  • Chain: Steem (Hive and Steem account)
  • Type: Posting key
  • Operation in which the key was leaked: comment
Leaked account stats:
- Estimated Account Value: $ 559 on steem + 4 on hive
- Reputation: 56
- Followers: 222
- Account age: Joined Jan 2018

@keys-defender's actions:
- Immediate automated warning
- Disclosure






Β 

6. @florrs0616

  • Chain: Steem (Steem only account πŸ‘Ž)
  • Type: Posting key
  • Operation in which the key was leaked: post edit
Leaked account stats:
- Estimated Account Value: $ 0.0
- Reputation: 25
- Followers: 8
- Account age: Joined February 2021

@keys-defender's actions:
- Immediate automated reply
- Disclosure






Β 

7. @abhi369

  • Chain: Hive (Hive only account 😎)
  • Type: Active key
  • Operation in which the key was leaked: transfer
Leaked account stats:
- Estimated Account Value: $ 0.0
- Reputation: 25
- Followers: 8
- Account age: Joined May 2021

@keys-defender's actions:
- Immediate automated reply
- Disclosure

+ Auto-transfer to savings:










Β 

8. @iv********es

  • Chain: Steem (Steem only account πŸ‘Ž)
  • Type: Active key
  • Operation in which the key was leaked: transfer
Leaked account stats:
- Estimated Account Value: $ 4.60
- Reputation: 48
- Followers: 59
- Account age: Joined March 2021

@keys-defender's actions:
- none (steem only account and no keys shared with Hive)
- Disclosure








NOTE: @keys-defender still scans the STEEM blockchain because your private keys are shared across the two chains unless you reset your password at https://wallet.hive.blog/@your-username-here/password ! - do it.
TOTAL KEYS FOUND since launch:



Cold scan
part 1:
3x PRIVATE MEMO KEYS
39x PRIVATE POSTING KEYS
2x PRIVATE ACTIVE KEYS
part 2
1x PRIVATE ACTIVE KEY
55x PRIVATE POSTING KEYS
13x PRIVATE MEMO KEYS
+ + Live scan: o a a a a a a p p a a p p a a a p p p p p a p p p p p p m m p p p a p o p m a m m p p p p p p p p p p p p p p p p p p a m p m m m m m p m p p p p m p p `m p a p p p a a`

= TOT: Β  Β  30 memo keys, 144 posting keys, 20 active keys, 2 owner keys.



Β 
PHISHING LINKS detected (and auto-replied to): Β  0 βœ”οΈ (keeping the bad guys away! 😎)
SCAM LINKS: - new reports: 1 - detected (and auto-replied to): Β  3 ❗

https://peakd.com/@spencer567ss/qu2d5n https://peakd.com/@james56da/qsikgo
Β  Β 
CODE INJECTIONS detected on Hive: Β  1

Nothing harmful, just a test: https://hiveblocks.com/test/@brutalisti/test

Β 

UNSAFE LINKS detected:
NOTE: links that do not use a secure protocol (https) and shortened links (eg. bit.ly) are NOT a threat per se but can lead to theft of credentials if misused or used in a malicious attack.

Β 

Apologies to @asgarth and @jarvie for autoreplying to shortened gmaps links on their contest ("guess where this picture was taken"), they didnt enjoy that.. πŸ˜…

.. 🀣

I could have sweared I already whitelisted those but apparently I did not. I now added to my backlog to allow top40 witnesses and whitelisted users to whiteslist new domains. That will prevent this issue in the future.

https://images.hive.blog/DQmRxJgDd8Fn9ykXTY2omBEXRRxjXHvFPCcXHoHEZJTMFqo/image.png
https://images.hive.blog/DQmWbiUZDpWrn1nZzPGqJuCUmpMfR4T1ZeTpZbaYibmH4c2/image.png







O T H E R Β  A C T I V I T I E S: Β  --> This section will eventually be moved to @hive-defender

Confirmed re-posting authors: Β  0

No one is monitoring my bot's (a bit noisy) warnings.. :(

Β 
Downvotes of @keys-defender (and its trail) against abusers: Β 

https://hive.blog/@amaliasteva -> plag / -> reposting -> plag -> id theft

Blacklisted farmer:

+ Various reports thanks to my bot auto-detecting suspicious behavior:

Β 

@keys-defender currently follows the hiveflagreward team's downvote trail
@keys-defender is downvoting: [farming waves](https://hive.blog/hive-169321/@gaottantacinque/10-line-script-that-anyone-can-use-to-downvote-abuse-help-counteract-ongoing-farming-on-hive), [phishing waves](https://hive.blog/hive-138876/@keys-defender/new-phishing-wave-do-not-fall-for-it-there-is-no-mainnet-launch) and old [hive haters](https://hive.blog/hive-192847/@keys-defender/anti-spam-efforts).


Followers of my downvote-trail:

Β  7
Β  (plus their own trail - about $ 10 downvote power in total)

->

PLEASE JOIN


Β 

DEVELOPMENT UPDATE:

Not much development in May. I put on my calendar to do hive coding every wednesday night this month. 🀞

Β  - Future development - My priorities remain the same:

  1. Mute lists and tests in testing community using @key-defender.shh - waiting for @blocktrades's fix in hivemind to be released. (is it out?)
  2. Formula to counteract exact votes (plus UI?) -- ** deferred **
  3. Universal script to use new banlists. + other improvements + PR for condenser
  4. Allow community to remove entries from ban lists
  5. pwnd emails check (quick feature)
  6. Abuse reports (rewarded) and separate abuse lists (plagiarism, farming, etc)
  7. Tech-only proposal to cover expenses ??
  8. Old (huge) backlog. Eg. bug fixes ( boring.. =] ).

😎

My security disclosures for Hive:
- XSS vulnerabilities in #########.com
- XSS vulnerabilities in hive-db.com


-
XSS vulnerabilities in scribe.hivekings.com


-
XSS vulnerabilities in hiveblockexplorer.com


-
Malicious ads redirecting all Steemit iOS users to a phishing site


-
Reverse tabnabbing and clickjacking in steem.chat and steeemit registration page



Other contributions:
- Universal script to prevent phishing in all Hive frontends
- Commands for community reports and ban lists

Keys-Defender features:

- Keys protection [live scan of transfers / posts / comments / other_ops. Auto-transfers to savings, auto-reset of keys, ..] {see automatic posts on leak and monthly reports}


-
Phishing protection

[live scan of commentsa and posts to warn users against known phishing campaigns and compromised domains, scan of memos]


-
Re-posting detection

[mitigates the issue of re-posters]


-
Code injections detection

[live scan of blocks for malicious code targeting dapps of the Hive ecosystem]


-
Anti abuse efforts

[counteracts spam from hive haters and milking campaigns]



Discord chat
To support this project:
https://images.hive.blog/DQmWmRN7k741DbkG5jL19Y5h1H5tqhpHLJUtGiTgPUy3C4y/image.png
- Delegations:
10, 100, 200 HP,
500 HP, 1000 HP
Curation trail
Follow my curation trail on hive.vote to upvote all my posts with a fixed weight.
I do NOT receive funding through a proposal or running a node witness.
Β  Β  Β  Β  Β  Β  Β  Β  Β  Β  Β  Β  Β  Β  Β  Β  Β  Β  Β  Β  Β  If you like what I'm doing please

upvote

, delegate πŸ‘† or auto-vote πŸ‘† my posts. Thx! 😊