You may have noticed that the PS247 Link Shortener site has recently gone through some changes. These changes were imperative because some bad actors had been abusing the service and linking to phishing sites and porn sites.
I had already blacklisted a large number of domains but what these particulart actors were doing was setting up a series of short links that were created by several different shortening services just like PS247 ... some of them included as many as 14 different urls from shortening services.
Example: Let's say that you have set up a phising site but you don't want to give the actual url out becuase it will be easily shut down. Therefore you devise a clever plan to use a url shortening service to mask the original url ... only you don't just use one, you use 10 so that when someone clicks on the url it cycles them through 10 different short urls until finally arriving at the desired url.
THIS is an ABUSE of our system and measures HAD to be taken to mitigate that abuse.
Now, before I tell you what I did, I want to assure you of a few things:
- NOBODY (and I mean NOBODY) that uses or used PS247 was ever in any danger or at risk because the bad actors were only using the shortening service to hide their links to porn sites etc... There is no way that any users could be targeted.
- We were not "hacked" ... Let me stress that WE WERE NOT HACKED. Anyone stating otherwise has ulterior motives for saying so. The bad actors were simply using our service to create a short link that they would then use for whatever they would use it for.
- At no time, has anyone breached our firewall of security. As a matter of fact, it was precicesly the security measures that are in place that alerted me that there could be potential abuse going on. Upon investigating I quickly learned their scheme and began mitigating their efforts.
What I have done to mitigate these efforts:
- I have manually removed nearly a thousand links from the system over the course of the last few days. If I happen to have deleted a "good" link by accident, then please forgive me.
- I have compiled a list of all of the end-point domains and reported them to Google Safe Browsing, the largest database of nefarious sites in the world.
- I have added a feature where I will be able to more easily & quickly be able to spot future abuse and stop it. In other words, what used to take me a few days to do, I now have created a way where I can do it in minutes.
- I have updated the underlying codebase to their latest iterations.
- I have been on contact with our server hosting provider and alerted them to some of the more technical changes I have made to the server just to make sure that they are aware of what had been happening.
What still needs to be done
- I need to go back and revamp the way that bundles are displayed. In the update process, I lost some of the html and css I had in place previously. (2-3 days)
- I need to add TinyMCE and remove CKEdit because CKEdit is ugly (2-3 days)
- Some minor cosmetic changes (2-3 days)
As always, if you have any questions or concerns please do not hesitate to reach out and ask ... firstname.lastname@example.org