As posted to the user mailing list, the Virginia Tech tragedy has prompted some unscrupulous folks to set up fake donation sites. Several of these possible scams and phishes have been submitted to the Tank by edgester, who also helps on the technology side of PhishTank.

Judge them carefully. Scams are not necessarily phish, so apply your judgment appropriately.

VTFamilies.org is a site doing the right thing. I’ve checked it out personally, after an appeal by one of the site administrators. If you want to help, or simply remember, you should visit.

I wouldn’t normally call attention to tragedies: there are simply too many. But the (possible) intersection of phishing and this story called for an exception.

Kelly Jackson-Higgins, the always-informed writer at Dark Reading, caught David’s blog post yesterday and wrote an article about PhishTank’s new direction. The gist: Your opportunity is here. If you want to be a part of the PhishTank team, act now.

Take it from me, there is very cool stuff going on at the Tank. This is the first opportunity extended for people to join the team. Look over David’s criteria and if you meet them, send an email to support [at] PhishTank.com. Tell us what you’ve done and why PhishTank would be better with you at the helm.

All of us at OpenDNS are thrilled with PhishTank. Over the last couple weeks usage has really soared and PhishTank is unquestionably the most groundbreaking and innovative anti-phishing site on the Internet. You all have helped show that a community of active participants are far more effective than any single monolithic company could ever be in creating a clearinghouse of phishing information.

Now it’s time to step it up.

Our goal has always been to create involvement with the community beyond just submitting and verifying phishes. We have a growing team of users, developers, and moderators who talk on mailing lists and discuss ways of improving PhishTank. Now it’s time to turn some of this energy into action. We don’t want PhishTank to just be a community-visited effort. We want PhishTank to be a community-led and community-run effort.

We’re looking for some people who want to spend some development cycles (PHP and MySQL) helping to improve PhishTank and drive new features. We can help with the feature ideas, but if you have some of your own, that’s both awesome and even better.

I could list a hundred reasons why working on PhishTank would be a really good opportunity. Here’s a few:

1. Working on PhishTank lets you have a big impact on a serious issue. You shape the future of PhishTank when you get involved.
2. PhishTank gets a lot of exposure most projects don’t have which means your efforts will be seen by many people.
3. Being a PhishTank developer lets you see how a community-run site actually operates and grows.
4. For students, you might be able to work on PhishTank for course credit at your school or university. We’re happy to supervise a project.
5. Working on a project like PhishTank can be a great resume booster.
6. Saying you help keep the Internet safe at night is a really good line to use when you have to impress someone. Trust me.

One of the best parts about PhishTank is that you can learn and be active in more than just technology. You will also see the other critical pieces that are required to make it a great site. For example: working with journalists and educating law enforcement are just some of the things that go on at PhishTank. If have a technical background but you want to do more, PhishTank is a great place to broaden your knowledge. We still need the tech help though, so read below and see if you might be qualified.

Here’s what we’re looking for:

• Volunteers with at least some experience with PHP and MySQL.
• People who are able to not just say they want to help out, but actually can and will help out.
• Individuals who are willing to step up and make things happen. We don’t want someone to complain about the lack of forums on the site. We want someone who says, “I’ll set up forums on the site!”
• Familiarity with Linux is a requirement but you don’t need to be some kind of über-sysadmin.

If you are interested in getting involved, send an email to support [at] phishtank.com with some information about yourself (your background, coding experience, etc) and a brief note about why you want to get involved in PhishTank and what you would be most interested in doing.

Thanks!

When blog comments are not enough... it's time for a mailing list. PhishTank can improve faster if its members and developers are talking directly to each other, not just sharing their ideas or frustrations directly with the team here. With that in mind, here are two mailing lists, one for anyone & everyone involved with PhishTank and one for developers who want to discuss the PhishTank API and data uses.

In both cases, only subscribed members may post to the list. Postings are not moderated. Postings are archived on a corresponding website, which isn't pretty yet, but email addresses are stripped, of course, to prevent harvesting.

Users

For general discussion within the entire PhishTank community: PhishTank Users

To subscribe: blank email to
To post:
Archive: http://phishtank.com/lists/users/

Developers

For discussion about developing with the PhishTank API, and with PhishTank data more broadly.

To subscribe: blank email to
To post:
Archive: http://phishtank.com/lists/developers/

The PhishTank administrators are on both lists, of course.

Bookmarklets are browser bookmarks with a bit of extra functionality mixed in, usually via Javascript.

In response to my request on Friday for a PhishTank bookmarklet, two folks stepped up already, bouncing blog posts and comments back and forth.

Amit Chakradeo started by creating a Firefox 2.0 bookmarklet. Till saw Amit’s comment, and then went to work on his own PhishTank bookmarklet, which works in Firefox, Safari, and Opera (at least). Till also commented on Amit’s blog, pointing out his extra step.

Nice collaboration!

ps - On a semi-related note, I should point out that the Firefox extension PhishTank SiteChecker has a new home due to some bandwidth issues on MASA’s site.

A couple of weeks ago, Mike introduced a simple developer method for checking individual URLs for “phishiness” outside of the API. There have been edge cases where the submitted URL was too long, going beyond the legal limit of a GET request.

So, the method has been updated, and you should read the details. The original method will be supported, but it’s being deprecated in favor of a POST-based method.

We’ve had a request for a PhishTank bookmarklet… anyone out there want to write one? We’ll promote it. I think this POST method is probably a nice, lightweight way to implement it, but I’m not a developer.

David Branco is working on a PHP class, which he calls PhishTank Runner. The goal of PhishTank Runner is to make working with the PhishTank API very easy in that language. We haven’t had time to take a look at the code ourselves, but we shouldn’t be the bottleneck. If you’re a PHP developer, or otherwise experienced, David is eager for feedback. His email address is in the code.

The PHP source code is here:
http://www.neoeliteusa.com/demo/phishtank.class.phps

We’re not “endorsing” this code, but I’m pleased that David is interested in helping out, and I think constructive criticism helps us all in this regard. This is a new step for us, but we want to continue to encourage developers to help us spread the PhishTank community’s work to as many places as possible. There won’t be one way, but many.

We know the PhishTank API documentation would benefit from code examples, so if there’s good stuff out there people are willing to share, please let us know.

This post was updated November 15, 2006 with the POST method to work around a limit of the original method.

When launching PhishTank, one goal was to release reliable verified phishing data to the community free of charge in an open and easily accessible format. Over the past weeks, I have had the privilege of working with many committed developers and integrators to whom we owe a great deal of gratitude for supporting this effort and helping to make PhishTank an amazing success.

Building on the API we have exposed and the downloadable data file we publish, these developers have implemented protection at layers from the mail server to the web browser (coming soon!).

However, there is still work to be done. Today we are releasing a simplified interface for checking URLs against the PhishTank database. This new interface could be used for anything from mitigating new threats on mobile platforms to easing development of check-only plugins for browsers and mail clients.

Usage is simple and straightforward, in either of two ways: POST or Base 64 encoded.

1. POST

This method is preferred, as POST eliminates the limit on URL length imposed by the original Base 64 encoded method.

1. Start with the URL you would like to check.
   http://www.evil.com/
2. Base 64 encode the URL string.
   http://www.evil.com/ becomes aHR0cDovL3d3dy5ldmlsLmNvbS8=
3. Send a POST to http://checkurl.phishtank.com/checkurl/ with the Base 64 encoded string as the url parameter

The response will be in XML, in an identical format to that returned by the API check.url action.

2. Base 64 encoded

Originally, this was the only method. However, some URLs may end up too long when Base 64 encoded and included in the URL. So, while this method is still supported and live, consider it deprecated: use the first method if you’re starting from scratch.

1. Start with the URL you would like to check.
   http://www.evil.com/
2. Base 64 encode the URL string.
   http://www.evil.com/ becomes aHR0cDovL3d3dy5ldmlsLmNvbS8=
3. Make the Base 64 string URL safe (aka, URL encode it to remove illegal characters).
   aHR0cDovL3d3dy5ldmlsLmNvbS8= becomes aHR0cDovL3d3dy5ldmlsLmNvbS8%3D
4. Access http://checkurl.phishtank.com/checkurl/<string>
   http://checkurl.phishtank.com/checkurl/aHR0cDovL3d3dy5ldmlsLmNvbS8%3D

The response will be in XML, in an identical format to that returned by the API check.url action.

Let us know how you use it.