A user has sent PMs to the mods and some users on OzBargain pretending to link to an OzBargain thread. The link actually goes to a malicious fake site which then tries to capture your username and password.
Example of how the link is disguised (link goes to Google): http://www.ozbargain.com.au
Please always remember to check the URL of not just OzBargain but ANY site before logging in.
Just an update:
Would it be too annoying for a splash page? Something like:
You are now leaving OzBargain.
The address you're going to is %1.
Please also read the Wikipedia articles on malware and phishing.
If you still want to continue to this link, then click on button below.
That would be very annoying. For a start we'll add the hostname after the free-text links (similar to what Slashdot has done for their comments) so it's easier for users to see where the links are going before clicking on them.
Actually yeah, Scotty's right. Having a page like that that always shows every time you go to an external site/link gets kinda annoying, especially when you you're a frequent OzB member.
Steam does it. They also show where the links go to(just the domain name - so if I linked to offer a place to update their drivers at Intel's website, it would say [downloadcenter.intel.com] (which is in brackets and in lighter, slightly smaller and different font, to the right of the link)) as well in comment sections/reviews/everything else, and when you click on the external links, you get shown a splash page saying "Oh are you sure you want to visit this site? This site is not affiliated with Steam and could be malicious." Or something similar like that, I can't remember the exact wording.
EDIT: Here you go:
https://steamcommunity.com/linkfilter/?url=http://media.trip…
An example splash page shown by Steam. Just came across this whilst reading my activity feed(It's from a game called Killing Floor 2(KF2), if you must know - the devs have been updating to us on what they've been up). Now imagine this page always showing up every time you visit a non steam website(or affiliated for that matter), whilst I don't know maybe reading reviews of a game before you take a dive or just casually reading a story/thread post.
So tell me, how do you feel now?
Hostname is bracket is now appended at the end of inline external links. For example
Hi scotty. Going forward, does it mean that in posts such as this, the amazon external link will always be displayed, and can't be turned off?
@tightarse: The assumption is that all the out-bound links can't be trusted. It applies to all and can't be turned off.
Looks good.
In regards to tightarse's Amazon post, with tables it will look a lot nicer.
Name | us link | au link
There's a few areas where links don't behave as expected:
As an example - https://www.ozbargain.com.au/forum/5
Up the top, "What is Site Discussion", "FAQ", "Rules & Guidelines" and "Before Posting" all have the external blue arrow on them indicating they are external links, but none of them actually link to anything - external or internal. They underline when hovered over but that's about it, not clickable.
Also, under Before Posting, the link to the Developments Wiki which is an internal link appears as an external link.
The last one I can think of is when linking to an image stored on ozbargain, it also appears as an external link and now appears to be "untrusted".
None of these are huge issues, just inconsistencies with the way it should and does work in most other instances.
Up the top, "What is Site Discussion", "FAQ", "Rules & Guidelines" and "Before Posting" all have the external blue arrow…
Yes that's the problem with the underlying software that uses <a name=".."> to set up the anchor for those titles. I'll have them fixed. Those text blocks are actually generated from wiki and it handles the link identification a bit differently.
The last one I can think of is when linking to an image
Yes it's on a different host name to OzBargain so considered external.
Hi Scotty,
Great work as always!
I was just wondering if you could make it so that links within a deal/post are not considered external for bracketing purposes if they are on the same domain as the main deal.
scotty,
Unfortunately I agree with jv. ><
It looks awful(ozbargain.com.au)
The new external inline links really disrupt the flow of carefully constructed comments and they look ugly IMO.
Could you set them to only be displayed on mobile devices/touch screen UAs?
@Scrooge McDuck: > Could you set them to only be displayed on mobile devices/touch screen UAs?
And what about people on a PC/mac/non touch? Just as likely to press on a malicious link as people using touch screen no?
And what about people on a PC/mac/non touch? Just as likely to press on a malicious link as people using touch screen no?
No. Every (desk|lap)top browser I've used previews the URL when you hover over a hyperlink. To review that is elementary to good browsing habits.
@Scrooge McDuck: > No. Every (desk|lap)top browser I've used previews the URL when you hover over a hyperlink. To review that is elementary to good browsing habits.
Oh yer, i'm aware of that, but i'm not sure it's a common thing people look at :/ A quick hover over and if someone sees something very similar to the actual domain (eg ozbargiin.com), it may be enough for people to think it is legitimate. The intial topic was about a domain pretending to be an ozbargain site and thread, or at least that's what i thought it was implying anyway.
previews the URL when you hover over a hyperlink. To review that is elementary to good browsing habits.
I agree, but this change is mainly for people who don't have good browsing habits.
but this change is mainly for people who don't have good browsing habits.
So should we all suffer to cater to them?
When you hover over a link the address comes up in the bottom left corner. Is it really necessary to clutter the text by including it next to the link. It's not that hard for people to check a link before clicking on it and these phishing sites are easily recognizable, why do we have to baby people on how to use the internet.
…because some people don't know any better and click on anything that's clickable before they read where it goes to (or do what you do and look at the corner of your browser to see where the true link takes you to)…..and if they get something nasty from this site, they will blame the people here.
Links can't be hovered over on an iPad or phone…
Oh yeah, that too; forgot about you mobile users. I don't think it's possible for you get a virus/malware on an iPad or phones(Androids are more prone because stuff on the store aren't always verified, but windows phone and iPhone(unless you jail-break it) and the more traditional non-smart phones(which you probably won't be able to access the net anyways! haha)?
I don't use my phone to browse the web, the only times I do is if I don't have access to a computer that I can login and surf(such as in a car or over some place far away from computers) or to take advantage of the fact that you can't get viruses and or malware on it to surf possible malicious websites(but I use sandboxie for this - if I have a computer next to me anyways).
I don't have or use an iPad so I can't comment on that.
scotty, any reason you need to display www. in posts such as this, as www is a given. Surely amazon.com or amazon.com.au would suffice. Just trying to de-clutter a little. Cheers.
I'm sure I tested this previously and it still inserted the www. Thanks!
Change is coming to not show www if the hostname prefixes with one.
Thanks scotty.
Can you make links in the bracket not clickable,
it can confuse ppl who are used to clicking the domain URL
Our eyes and habit are used to clicking domain URL thinking that it goes to the item url.
If you bold or strikethrough a link, is it intended that it does the same to this url shown? Not an issue, just curious.
From the update this morning, I am making showing external link hostnames optional on per-account level. Default setting is that the hostname will be appended in brackets after external links. You can disable that behaviour by
Please note that it's per-account setting so once you disabled it, it won't show on your other devices either, i.e. no separate settings for mobile, tablet and desktop.
Thanks scotty. That should appease the masses. :)
New user?
How despicable.