Comments on: Simple developer method for checking individual URLs

by: Angsuman Chakraborty

Sun, 20 Jan 2008 04:49:51 +0000

The POST method doesn’t work for most url’s. The problem is the base64 encoded string. Sometimes it contains = (equals) which doesn’t work well within post context. The solution is to urlencode the base64 string. However PhishTank POST method processing code doesn’t appear to be recognizing it resulting in malformed url in either case (with or without urlencode).

However the older GET method works fine and is recommended.

We are using PhishTank API in Comment Guard Pro, to be released on 28th January 2008, to detect spams (one of the modules). Any feedback would be appreciated.

by: Eric Pugh

Sun, 02 Dec 2007 16:54:00 +0000

I wanted to comment on the API, I have found it very complex to use. I am working on Rails app http://www.fish4brains.com, and I looked at the chunk of code provided here http://www.edazzle.net/#phishtank, as well as using the legacy method:

def phish?
enc = Base64.encode64(@uri).chop
res = Net::HTTP.post_form(URI.parse(’http://checkurl.phishtank.com/checkurl/’),
{’url’=>enc})
doc = Hpricot(res.body)
if doc.search(”//errortext”).size > 0 then
raise “Found error in url: #{@uri}”
end

return doc.search(”//verified”).inner_html==”true”
end

The SSL based api with Frobs is very difficult to implement, and I am not sure why, at least for checking data, that it is so complex. Same applies for url encoding using the legacy developer method, still too complex.. I don’t understand why it isn’t as simple as http://api.phishtank.com/url?url=http://someurl.com

It would reduce the complexity of integration, and boost adoption. At least right now I’ve attempted to use the service twice, and both times run out of steam. I thought the simple url encoding would work, and it seemed to the first time around, but a couple weeks later the results started failing with in_database=false for everything.

by: John Nagle

Tue, 06 Mar 2007 06:31:31 +0000

Re previous message: posting the reply XML into blog comments did not work.

What I got back was, essentially

in_database = true
verified = false

with correct url and details links.

by: John Nagle

Tue, 06 Mar 2007 06:28:00 +0000

Possible bug in API query:

The mechanics of querying the API work fine, but the “valid” flag may have problems. I tried querying:

“http://pardonus.nl/update/”,

which is listed as a “valid phish”, and got back this XML:

2007-03-05T15:07:04-08:00

966f835b

71.139.204.250.45eca29866e790.42437624

true

119617

false

Note that “verified” is “false”. That’s wrong. If you check the PhishTank details URL returned, that page says that this is a verified phish.

Sometimes I do get back “true” for the “verified” value, but the XML doesn’t consistently agree with the details page.

Is there an out-of-sync server somewhere?

by: EP

Fri, 23 Feb 2007 12:06:58 +0000

I’m wondering if there is any way to search PhishTank’s archive of verified active and verified inactive. I’m doing a little research project for school and wouldn’t mind finding something along those lines. Thanks much.

by: Ram

Fri, 02 Feb 2007 19:01:46 +0000

I have tried a number of valid phishes such as 93684 and 93656 and they all return
in_database as false. However http://www.google.com returned as in_database true.

HELP!!!

by: my public notepad

Sun, 19 Nov 2006 19:30:20 +0000

PhishTank bookmarklet…

On Friday Thomas discovered OpenDNS - clicking around we soon discovered PhishTank, and boy - that service looks awesome. I’m already thinking about it how I can talk Marc into integrating it our with CGPro mailserver. So being a fan……

by: Amit Chakradeo

Fri, 17 Nov 2006 19:56:33 +0000

Here are the bookmarklets as wished (tested only on Firefox 2.0)

http://amit.chakradeo.net/2006/11/17/check-if-a-site-is-phishing-site/

by: Moike

Thu, 16 Nov 2006 02:35:46 +0000

This works much better! I’m still having a problem verifying 2 URLs - for example, try the URLS from #11912 and #29228 - but I get a ‘false’ for present_in_database instead of ‘true’.

by: John Roberts

Wed, 15 Nov 2006 20:37:07 +0000

Ilgaz, absolutely… we encourage anyone to write one! We’ll promote it.