The Notepad++ project is seeking the public’s help in taking down a copycat website that closely impersonates Notepad++ but is not affiliated with the project. There is some concern that it could pose security threats—for example, if it starts pushing malicious releases or spam someday either deliberately or as a result of a hijack.

  • enoqe@lemmy.ml
    link
    fedilink
    arrow-up
    120
    ·
    edit-2
    6 months ago

    I actually work for the registry that is site is registered with. Identity Digital has an abuse policy in place, so if any evidence of malware distribution or anything that runs afoul of said policy pops up I can escalate the handling of this site internally. I’ll check back on this and similar articles and forums to see if any update happens, but PMing me here on Lemmy also works too. However, until they do something that goes against one of our policies, my hands are tied unfortunately.

    Edit: I can refer this to legal and see where the trademark dispute falls.

    Edit 2, 2024.05.22: I’ve sent two emails to the developer’s email address, no response received.

  • Mikina@programming.dev
    link
    fedilink
    arrow-up
    20
    ·
    8 months ago

    Oh, this is something that didn’t occur to me before, but I actually create similar look-alike websites (that are usually just a proxy-pass) for a few tools or libraries pretty often. I’m using them at work during pentesting engagement to legitimize our c2 api calls. (So for example you have c2 as a notepad++ DLL calling to api.notepadplus.plus or something like that, which is our c2, and the notepadplus.plus is just a proxypass for the real page.)

    I never realized that a search engine may actually pick it up during the time it’s up, and that the post may have very well be about something I made.

    • thesystemisdown@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      8 months ago

      The website in question does contain a clear disclaimer at the bottom spelling out that it’s “an unofficial fan website” and “not affiliated” with the project.

      I hear ya though. I usually filter by IP for dev sites for the same reason. It’s not 100%, but it keeps them from getting indexed. I don’t think there’s anything interesting enough to make an effort worthwhile in my case anyway.

  • Pyro@programming.dev
    link
    fedilink
    arrow-up
    22
    arrow-down
    5
    ·
    edit-2
    8 months ago

    Reporting the website for malicious content when its a glorified redirect seems a bit harsh tbh. Why not try to set up a dialogue with the copycat website owner first before burning bridges?

    • Monument@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      16
      ·
      8 months ago

      In this situation, I wish Google offered a “Not Authoritative” option to report sites.

      But I mean, doing so would mean then that users have the opportunity to improve google’s search algorithm so that it’s useful, and therefore folks spend less time hunting for info on sites that serve Google Ads. So… that won’t happen.

    • tslnox@reddthat.com
      link
      fedilink
      arrow-up
      7
      arrow-down
      1
      ·
      8 months ago

      So should we wait until they do, users download it and only then should we start appeals to have it taken down?

      • Pyro@programming.dev
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        8 months ago

        I specifically said set up a dialogue FIRST. Sure if the owner does not respond or acts in bad faith, they can escalate.

        Immediately starting with reporting the copycat as malicious seems like a overreaction.

        • tslnox@reddthat.com
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          I don’t think so. This absolutely looks to me similar as the xz problem that’s hot right now. They set up a website that looks nicer and more polished than the original one, they link the original website at first, the little bitty disclaimer at the bottom is there just for the plausible deniability… Then, when enough people trust it (and Google’s algorithm maybe starts showing it first, who knows…) they can just change the links and suddenly there’s an attack.

          Maybe if the site had a big “fan site” text in the header where everyone can see it right away, I would be less suspicious.

    • eatham 🇭🇲
      link
      fedilink
      English
      arrow-up
      2
      ·
      8 months ago

      Probably, but I Don’t think people want to escalate it to ICANN without even asking the person first and going to the domain registrar