All of us at OpenDNS are thrilled with PhishTank. Over the last couple weeks usage has really soared and PhishTank is unquestionably the most groundbreaking and innovative anti-phishing site on the Internet. You all have helped show that a community of active participants are far more effective than any single monolithic company could ever be in creating a clearinghouse of phishing information.

Now it’s time to step it up.

Our goal has always been to create involvement with the community beyond just submitting and verifying phishes. We have a growing team of users, developers, and moderators who talk on mailing lists and discuss ways of improving PhishTank. Now it’s time to turn some of this energy into action. We don’t want PhishTank to just be a community-visited effort. We want PhishTank to be a community-led and community-run effort.

We’re looking for some people who want to spend some development cycles (PHP and MySQL) helping to improve PhishTank and drive new features. We can help with the feature ideas, but if you have some of your own, that’s both awesome and even better.

I could list a hundred reasons why working on PhishTank would be a really good opportunity. Here’s a few:

1. Working on PhishTank lets you have a big impact on a serious issue. You shape the future of PhishTank when you get involved.
2. PhishTank gets a lot of exposure most projects don’t have which means your efforts will be seen by many people.
3. Being a PhishTank developer lets you see how a community-run site actually operates and grows.
4. For students, you might be able to work on PhishTank for course credit at your school or university. We’re happy to supervise a project.
5. Working on a project like PhishTank can be a great resume booster.
6. Saying you help keep the Internet safe at night is a really good line to use when you have to impress someone. Trust me.

One of the best parts about PhishTank is that you can learn and be active in more than just technology. You will also see the other critical pieces that are required to make it a great site. For example: working with journalists and educating law enforcement are just some of the things that go on at PhishTank. If have a technical background but you want to do more, PhishTank is a great place to broaden your knowledge. We still need the tech help though, so read below and see if you might be qualified.

Here’s what we’re looking for:

• Volunteers with at least some experience with PHP and MySQL.
• People who are able to not just say they want to help out, but actually can and will help out.
• Individuals who are willing to step up and make things happen. We don’t want someone to complain about the lack of forums on the site. We want someone who says, “I’ll set up forums on the site!”
• Familiarity with Linux is a requirement but you don’t need to be some kind of über-sysadmin.

If you are interested in getting involved, send an email to support [at] phishtank.com with some information about yourself (your background, coding experience, etc) and a brief note about why you want to get involved in PhishTank and what you would be most interested in doing.

Thanks!

We’ve added two pieces of technical information about each phish URL on the PhishTank phish detail page: ASN and whois.

Look for the new “View Technical Details” tab underneath the voting links.

First, we provide the ASN number. ASN stands for Autonomous System Number, and it’s a way of uniquely identifying networks on the Internet. For more details, see the Wikipedia entry. RSS feeds by ASN are still on the to do list. Stay tuned.

Second, when available, we provide the whois information. Depending on the registrar, this data may or may not be useful, well-formatted (we echo it back to you pretty much as is), or available. But we’ll try to provide it for every suspected phish going forward, and I’m inquiring about better data sources. (If you are a better data source, please get in touch!)

This data is not yet available via the API, but we plan to add it eventually, starting with ASN.

Site screenshots are mugshots for phish URLs. So, I’m happy to say that miked has just improved the PhishTank “camera” — the software that takes screenshots.

The results? More screenshots. Faster screenshots. Better screenshots.

This is a leap forward since a good screenshot, in concert with a close examination of the phish URL, is enough to judge “phishiness” right there and then, without needing to visit a potentially shady site.

We haven’t re-taken every site’s screenshot, as it’s impossible for those that are down and may be confusing for those already judged, but all new submissions (and most of the “living” ones from the past) should now be represented.

Please continue to “flag” bad or missing screenshots — it’s been helpful in debugging. Site admins can now retake screenshots more easily, too.

Since my long post on Friday, PhishTank has been updated in many ways.

I don’t know

Most visible change? Responding to a common request, we’ve added a third choice when voting on a suspected phish: I don’t know

Voting “I don’t know” is not encouraged, but it’s necessary at times. An “I don’t know” vote doesn’t influence the final judgment of the community in any way, and it doesn’t appear in statistics, site-wide or personal.

Most important for the very active members of the community: if you vote “I don’t know,” you will not see that suspected phish ID again from the “Next Unverified Phish” link.

New API actions

submit.url and submit.email API actions are now documented and available for use. We also cleaned up the documentation a bit more. Questions welcomed.

Lots of other changes

Here’s a catalog of changes rolled out since Friday morning:

• What is phishing? page now includes an annotated website example. (And the fictitious URLs are already registered by us, to defer typosquatting there.)
• The “Something wrong with this submission?” window was updated in a few ways. In most browsers, you can now click on the words, not just the radio buttons. There are also two new choices: “Screenshot Issues” and “Invalid URL.” These “flags” are read, though they remain invisible to anyone but an admin. You only need to submit it once, I promise, even if you can’t see the result.
• The “Is a phish” and “Is NOT a phish” vote links are now different colored buttons to limit mistakes. (see the screenshot above)
• More granular stats. More still to come here (most accurate submitters and most accurate verifiers on tap), but now you can see submission numbers broken down, and the total number of PhishTank members. Also, the start date for stats graphs is now September 30th, right before launch.
• More code to limit/eliminate duplicates (flag ‘em if you see ‘em), and we cleaned out some cruft that had gotten in there earlier.
• Some limits to keep over-eager submissions (intentional or otherwise) from flooding the site.
• Session timeout was increased, so you should be able to stay logged in longer.
• My Account graphs revised to handle larger numbers more effectively. Some of you needed that!
• The personal RSS feed should now have more informative titles.
• The phish detail page now displays the current time in UTC, to make it easier to compare to the submission time.
• If you flag a suspected phish via the “Something wrong with this submission?” link, that suspected phish should not show up via the “Next Unverified Phish” link until the flag is resolved. This is useful for power users.

Behind the scenes, we’re also adding more measures to ensure the site stays online, functional, and fast. There was a brief outage a bit after midday UTC today, October 10; we’ve changed a few things to avoid a repeat.

We’re still working on a host of other improvements. Keep the suggestions coming!

Oh, and when I write that “we” made changes, I mostly mean miked and aaron.