Opera Software doesn’t seem to care about it either with their closed-access bug reporting system (no response or action from previous notifications given that newer Opera versions have been released since initial reports of ‘false-positives without PhishTank listing the URI’). If Geotrust have a false-positive reporting capability it has so far evaded me.

False positives happen, but the lack of competent error reporting facilities by all parties involved, not to mention the lack of a competent PhishTank archive-section search (I have to resort to Google with a site-specific search to find all reports involving URIs containing the fragment ‘ybonline’), is disappointingly poor.

How is an end-user meant to resolve such an issue? A massive thumbs down, particularly to Opera Software.

We are currently working on ways to improve and streamline feedback on false positives, which we also take very seriously. While the data in our black- and whitelists is provided by partners (PhishTank and GeoTrust), we do have options to override if something is clearly erroneous. The best approach is always to check PhishTank first though - if something shows up here and is wrong, you can help correct it. Changes to phishing data in PhishTank are obviously also reflected in Opera.

- Christer

Opera clearly does have a whitelist function. Oddly enough, Google is not whitelisted but Yahoo is. Apparently Geotrust does the whitelisting, although that is not clearly stated on their site.

I would very much like to see Opera put up a page on their own site explaining what steps they take.

I would like to be able to make comments about WHY I think a site I submit or review is a phish. Perhaps this information, and any algorithmic method to assess phish potential, cannot be made public.

I do have some php and mysql knowledge. Perhaps I can share my ideas and back them up with some scripts you can use to count the dots in a url or whatever.

I suggest the option of some sort of “training” to become a certified “phish finder”, perhaps identifying several points for or against “phishyness” of a given example in the process. Effective action against phishing will always require the best professionals identifying patterns in the background, combined with many users volunteering time to look at individual cases.

Note: PhishTank is NOT a whitelist site. The language on the Opera Fraud Protection dialog isn’t clear enough about that, and we’re working with the Opera team to change that.

The lackluster search capabilities on this site makes it impossible to find previous entries for these sites — if indeed any exist — without browsing through the tons of submissions that already exist, so I cannot say where the problem lies, I can just say with certainty that it is there. To continue on what Nick Lowe said, what this service needs to become production savy is a good set of wildcard/regex matching functions — not just in identifying the sites, but in searching for entries that are (supposedly) already there.

The problems this has already caused with sites I use every day, and know to be safe, has forced me to turn the Opera fraud protection off for the time being. As the service evolves and start working again, I might turn it back on again, but right now, it is simply far too inaccurate to be of any use.

I have no way of telling whether this is a fault in Opera, in the API or in the database (since the database search functions are downright anemic at this point), but I _do_ know that false positives abound, and that the setup of the site and the service both makes it far too easy to create such false positives, and far too difficult to remove them.

How is your PHP and MySQL?

What you should do is develop an algorithm that identifies common stubs over recent submissions and identify it with a wildcard/regex match - and as a further improvement use markov chains to find patterns across domains that are different.

For phishing pages, phishtank is needed.