PhishTank is a website where users submit URLs of phishing scams, which are then verified by other members. The sites which are verified as phishing sites then get blocked by OpenDNS and any other software which choose to use the PhishTank API.
The service seems to have got off to a good start, with nearly 12,000 (amendment: according to this post only 330 
) phishing sites reported already! If these rates continue, which I doubt they will after the hype, the service would be huge. However, if this could be integrated into webmail systems (for example, if the Report phishing option, in Gmail forwarded it to PhishTank), this would be sustainable.
Any user can submit a site by entering its URL and copying the body of an email (however, one problem I’ve found is if the body of the email is comprised of an image, it can’t be copied and pasted) into a web form or alternatively simply forwarding the email to phish (at) phishtank.com . Naturally, this system is open to abuse, so submissions must be verified by other members.
You can copy a URL into a search box, and it will tell you if it is in the system (and you then may submit it). This is a simple way to gain reassurance that a URL is/isn’t a phishing scam, however, in my opinion its unlikely to just happen to find one in the system (at least at the site’s current size).
The site provides submission’s for other sites and pieces of software to use through RSS feeds and an API. However, I cannot see the copyright details. The whole project sounds like it would nice suit an open-source or Creative Commons license, as that would allow much more re-use of the data.
Still, I have to admit that on many occasions I have dreamed of a phishing database where users from any ISP can contribute. Yes, I actually have…
Tags: phishing, web2.0, web 2.0, web2, web 2, security, phishtank
Hi! Thanks for the kind words and ideas. I think it’d be great if Google’s report phishing used the API. I see no reason why it shouldn’t.
As for the license, we’re making sure we distinguish between content from users (what you own) and content on our site. We say, about your content:
That’s very open and let’s anyone use it for any reason, commercial or non-commercial. Since we’re going to have links to actual dumps of URL data in XML format people can just grab copies of the DB. As for putting it under Creative Commons, we didn’t think about it, but it’s not a bad idea. Not sure how that works with user-submitted content but we’ll look into it.
This site has a brilliant concept that’s long overdue!!
Good site. But why do people be dumb enough to fall for it in the first place…
David: Two sites which rely on user submitted content and use Creative Commons are Wikinews and Wikitravel.
Cool — I passed it on and we’ll see what we can do.
I’m certainly not opposed to it.
[...] [via joeanderson.co.uk] PUBBLICITÀ PUBBLICITÀ postato da FM il giovedì 05 ottobre 2006 in: [...]
[...] [via joeanderson.co.uk] [By DownloadBlog] [...]
[...] From Webby’s World [...]
Lafarge to buy Orascom Cement for $12.8 bln link