Glitch is easy to build and free, it’s a good recipe for developers. Also a good recipe for scammers. In the last month, Glitch has taken down 4 phishing builds that I sent. Still, we can create a solution that prevents the scammers beforehand.
Blacklisting the known brand names and their (wrongly written) variations.
Adding additional inspections for specific subdomain names that include; help, support, validation, partner, manages, monetize, monetizable.
AI examination of content that flags or makes the user work only locally till a review is done from the support. The examination needs to focus on newly created accounts whose first projects have suspicious codes of previously taken-down pages.
Checking the e-mail of a revoked account. Even if they created a new email username with the same domain, it can be blocked beforehand.
Checking new accounts’ traffic data. If most users come from social media ( Instagram / Snapchat / Facebook / Messenger ) there is a chance of being a scam link. Normally new pages don’t get traffic much.
Recognizing the user. Emails and cookies can be used to track the culprit and stop them. If they have more than 3 accounts (signed in and out) in a month, it can be somebody who created multiple accounts.
I don’t have a clear view of the user base. Maybe some of them are bad ideas. Just trying to ignite the solution process. Hope that the feedback is helpful.
From my point of view, I haven’t seen many phishing websites hosted on Glitch (but I’ve seen a ton of spam on the forum). I think scammers prefer to use their websites.
This would make sense, but for example if I was to try to make a legitimate project, e.g. “google-youtube-api-testing” would it be blocked?
Same problem. “mywebsite-help”
Makes a lot of sense, Glitch should actually have this.
With temporary emails and custom subdomains this is very difficult to check.
Some new websites actually can get much traffic from social media, but for Gmail this makes a lot of sense. The only problem is that some modern web browsers hide the referral link.
You can always create another account with other temporary email and clear cookies.
Disclaimer: I don’t work at Glitch, this is just my opinion
There’s an exception to this, Glitch’s “Link In Bio” sites. They were made for that purpose and restricting social media traffic kind of defeats the whole purpose of those sites.
Encountered a fake Facebook support page four times. Despite it being banned thrice, the person continues creating new pages via Glitch. If the current system doesn’t discourage abusers, it’s built wrong. Implementing additional cautions would benefit everyone.
Someone I know fell into a trap and shared their password, but we secured the page back. When I asked the victim, he received the message at 3 am while sleepy; the page looked official enough for him. In the end, I reported the fake pages, but many may not realize they can do the same.
Not all scammers are perfect hitmen. If there’s a chance to solve this issue, let’s do it.
New ideas;
Fake pages target social media accounts; monitoring word combinations, specific favicons, and banners could help identify and block them.
Checking forms whether there is a word “PASSWORD”.
Checking favicons whether they are the same with Facebook, Instagram Google logos.
Prompt questions on new pages (let’s say, fewer than 1000 visitors) after the user spends some time.
Do you like the page?
What do you think about the page?
What’s the subject of the page?
Enhancing Glitch’s visibility in the footer. Informing users about their ability to provide feedback directly to the page owner and the technology it relies on.
Introducing an exploration page, encouraging users to explore new Glitch websites. Adding like, dislike, comment, and report button. Making internet surfing a journey like social media.
Here to contribute ideas and brainstorm new solutions. Don’t know which is ongoing, best or worst. Let’s think of more solutions together.
This could VERY easily be bypassed and would flag any website with a login form - not ideal.
This makes a lot of sense, +1.
The main problem with this is that people probably don’t want code injected into their websites and this could also be very easily bypassed with some CSS/JS.
Same problem here.
For the comments, I heavily agree (project page only), but I’m not too sure about the like/dislike button. Glitch doesn’t allow you to “follow” people for a reason: to make the website overall much less toxic, stop people begging, and stop some bots.
Another idea is taking screenshots of the website in the background and comparing it to facebook/google/instagram/discord’s login pages.
