RapidPhish v2 - A Better Security Solution
When RapidPhish doesn't wanna scan just URLs anymore.
Last updated
When RapidPhish doesn't wanna scan just URLs anymore.
Last updated
When I introduced RapidPhish, it was made to block scams at faster speeds than conventional PURLS would. I managed to fulfil this goal - but even better. Instead of just faster speeds, it was able to scan URLs much, MUCH faster, even up to 50000x faster for a single URL scan (excluding any Discord API interactions, such as sending messages, tested on NSElena with bots, websites and Lavalink server running).
But now, I'm about to pull a power move. Instead of making RapidPhish even faster than it already is, I'm making it more accessible, and block more scams than just common Discord Nitro and Steam scams.
I present to you: RapidPhish v2.
RapidPhish does a really good job at blocking out scams you see on Discord often. But what about the new methods that can hijack your account in a more sophisticated way, without the use of malicious URLs? Well, that's a problem for both our good ol' buddies PURLS and RapidPhish right here.
So what does that mean? Because there's no malicious URL, both RapidPhish and PURLS will say "meh, that's fine, there's no malicious URL so no biggie", and just ignore it. So scams like these will be able to just go right through PURLS:
So yeah, that's the problem with PURLS and RapidPhish now.
Another problem is: PURLS cannot check your DMs (for obvious reasons), so if scams are sent through there, Nevira can't block it.
As of now, PURLS is only protecting servers from malicious URLs sent in channels, not member DMs. So, how do we combat these two biggest problems?
It's simple: RAPIDPHISH V2.
TL;DR: RapidPhish is a phishing blocker, not a Passive URL Scanner, so giving these features to RapidPhish would be more appropriate
Because of the different natures of PURLS and RapidPhish, I've given the latter the improvements instead of PURLS. But why?
Well, let's take a look at their names, shall we.
Remember PURLS? The feature that revolutionized Xyron Engine?
Well, let's take a look at "his" UNABBREVIATED NAME.
It's a Uniform Resource Locator scanner, which basically means it was made for scanning URLs. RapidPhish, on the other hand? It was made to speed PURLS anti-phishing scanning up.
So what's the difference?
PURLS is a URL scanner, and RapidPhish is an anti-phishing accelerator. Although RapidPhish is only an accelerator for PURLS, giving the improvements I'm about to give to RapidPhish to PURLS wouldn't make sense as they're completely different than what PURLS was made for.
Additionally, PURLS uses third-party engines to more deeply scan for malware and phishing, so I can't give the features to it.
But what features am I about to give?
Let's talk RapidPhish Phrase Scanning.
RapidPhish is known for its ultra-fast common phishing URL scanning. But now, Phrase Scanning takes it up a notch, and allows for ultra-fast common non-phishing-URL-based phishing scanning.
But how does this work?
RapidPhish compares any URLs in the message with official Discord URLs to detect typosquatting and hashes of any malicious URLs Discord has publicly shared to detect already confirmed as malicious URLs. But for scams with no malicious URL, Phrase Scanning fills the gap.
By checking for phrases commonly used in scams, RapidPhish can block scams without phishing URLs, too! For example, if someone mentions that you did creepy stuff and sent a girl some rather questionable pictures and that they're gonna block you, but also sends an invite link to a server, RapidPhish will be able to know that it's a common scam and will block it immediately with ABSOLUTELY NO MERCY. YOU CANNOT ESCAPE RAPIDPHISH V2, IT WILL COME BACK TO BITE YOUR ASS IF YOU SCREW WITH IT.
(note: the "ABSOLUTELY NO MERCY" part depends on how RapidPhish is configured. If someone configures RapidPhish like dogcrap, then RapidPhish probably won't be able to do anything.)
Now onto the next feature.
You've heard of elf on the shelf, now get ready for- wait, how am I supposed to make Online Scanning relate with elf on the shelf? Oh, right. I was meant to say Phrase Scanning, and not elf on the shelf. There is no elf on my shelf anyway, and I don't even have an elf at home. So no elf on a shelf.
That aside, Online Scanning is a feature made to help you prevent any phishing attacks in your DMs.
So, how does this work?
Because of how Discord works, we can't scan DMs for malicious messages (for obvious reasons). So how do we combat this problem?
It's simple: We don't.
But wait, how we scan stuff in our DMs, then?
Well, instead of scanning messages directly from your DMs, we ask them to use RapidPhish Online Scanning. With this method, you can copy the sus message from your DMs and make RapidPhish scan it. But how?
Do you risk your alt account getting banned from a PURLS-protected server and send it in a channel? NO.
Do you ask others to help you check if this is a scam or not? NO. (exception: when you're asking someone you know well who's also really experienced with these kinds of stuff, like me for example)
Do you scan it using a website? Depends on what the website is and who made it. But if you're using Online Scanning, YES!
Online Scanning is basically a RapidPhish implementation, ON A WEBSITE. You can copy whatever the scammer sends to you to the Online Scanning website, and RapidPhish will just scan it for you.
And to make it even better, this can also help you even protect servers without Nevira! Because Nevira is a private bot now, Xyron Engine isn't as accessible as before now, so this feature will open up RapidPhish's amazing capabilities to the open again.
Probably around this fall. I gotta work on High School Diaries and its website first.
im probably way more safer from the actual creeps now who could attack my servers
If you wanna watch Green suffer from constant attacks (please help me) with special NeoSofters, the community's always there in our Discord server!