Introducing P.U.R.L.S.
Time to buff some security up.
Last updated
Time to buff some security up.
Last updated
After we've published X1 Stable, we've been pretty quiet. That's because we didn't really have anything else big to add. But now, we do.
You may have heard of Windscribe R.O.B.E.R.T. and NordVPN CyberSec (not sponsored by any of the two companies, but I personally like Windscribe. I pay them monthly for Pro). The two services in the two mentioned VPN services that block bad URLs, ads, trackers, etc.
Well, we're making our own version of that. Except that we don't block ads and trackers because you really can't add in-app advertisements to Discord and try to attach a tracker onto a message (unless you send an IP grabber link, please don't do that). Instead, we're focusing on blocking malicious and suspicious URLs.
So we'd like to introduce our newest addition to Xyron Engine - P.U.R.L.S. (Just call it Purls if you wanna. That's how I would personally call it. Also just refer it as a he if you wanna, but not a she. Please.)
Purls is a service in Xyron that automatically detects suspicious (no amogus jokes intended) and scans them with the same epic API we use for nv!viruscheck - VirusTotal.
We made him because we've been hearing about how people are using Discord to spread malware. While we can't passively scan files, we can passively scan URLs. That's why we made Purls - to make sure URLs are safe.
And yes, we just called Purls a him because we wanted to.
AND NO PURLS IS NOT A WOOL SHOP. All references to existing names are PURELY COINCIDENTAL so pls dont bully us for this
When someone sends a URL, the URL in the message is scanned, if Purls is enabled. If the result of the scan is suspicious or malicious, the user is punished. We use two engines to scan the URL - Google Safe Browsing, PhishTank and IPQS (IPQualityScore).
We originally wanted to use just GSB, however the accuracy was lacking, so we decided to add IPQS to the engines we utilise. IPQS is a pretty powerful suspicious URL scanner, so we use this in servers we specially allow because of its restrictive API quota. We can only scan like, 167 URLs a day. The limit is 10000 a month - but I mean, it's powerful.
While the Google Safe Browsing engine will be available for all servers, IPQS won't because we need to save some quota. GSB still has a limit though - 10000 scans a day thankfully. This is why we've brought in another engine - PhishTank. While this API is more restrictive, it lets us download its dataset, allowing us to have no limit in terms of scanning for phishing websites.
Purls can be in different moods, depending of how you set it up. These moods are actually scanning sensitivities, and we just called them moods because we wanted to.
The default sensitivity. PURLS scans for phishing websites using PhishTank's database, and if a URL is similar to one of the URLs in the database, VirusTotal scans the URL.
This is a bit more advanced than sensitivity 0. PhishTank will still work, but this where Google kicks in. Don't worry - none of your data is sold to Google. The only thing sent to them is the URLs you sent, and nothing more.
This will allow Google to scan for phishing and malicious sites. While Google isn't really good at phishing sites scanning (we scanned an actual phishing site)
PURLS had had it. It's kicking in that one hell of a URL scanner. This WILL slow down the scan time, but buff the protection by a SIGNIFICANT amount.
It does everything Sensitivity 2 does, and alongside that, it scans for EVEN MORE dangerous things a URL can possibly have. We're in the endgame now.
This sensitivity is locked to certain servers only - contacting us won't help unlock this for your server.
But with Nevira being private now, I might unlock it.
Is PURLS safe? PURLS is made with security in mind, so of course it's safe. We don't send anything else to these engines other than the URL we want to scan.
I can't enable Sensitivity 2! Sensitivity 2 is locked to servers we specially allow Sensitivity 2 to be enabled. Since IPQS has a pretty strict ratelimit, we have no choice but to limit who uses Sensitivity 2 so we can safeguard servers with Sensitivity 2.
Can't you make multiple accounts for the IPQS engine for more searches per month? Short answer: NO. We can't, and we don't even want to. Our account once got suspended falsely because the staff thought our account was an alt, but we got it resolved quickly. We don't want the same happening again. Thumbs up for responding in 5 minutes though. That was quick as heck.
Is my data really safe with Google? Once again, the only data sent to them is the URLs being scanned - nothing more. That's final. You already know our privacy practices.
Does PURLS actually help safeguard my server? Of course it does - we're testing PURLS over and over again to make sure scanning and punishing with PURLS works. So far all is well - except that for some reason VirusTotal won't let us scan that one URL Google made for testing antimalware software.
When will PURLS be available? Soon. And if it is available right now, then it's available. I'm writing this on the 11th of August.
What permissions do I need to set up PURLS? Manage server.
How will PURLS punish users? PURLS can be set up to do nothing, quarantine users or ban them from the server completely. Depends on how it's set up.
What if PURLS fails to scan a URL with VirusTotal? The staff is notified, as all results returning failed, suspicious and malicious in the test will be reported to the staff members.
And when they attack your DMs, just VirusTotal the URL. Easy.
If you need support for our products, we're always there in our Discord server!
