Files
smom-dbis-138/metamask/phishing-check.md
defiQUG 1fb7266469 Add Oracle Aggregator and CCIP Integration
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.
2025-12-12 14:57:48 -08:00

106 lines
2.8 KiB
Markdown

# Phishing Detection Check
Guide for checking and maintaining phishing detection status for ChainID 138 domains.
## Domains to Check
### Primary Domains
- `d-bis.org` - Main domain
- `rpc.d-bis.org` - RPC endpoint
- `rpc2.d-bis.org` - Secondary RPC endpoint
- `explorer.d-bis.org` - Blockscout explorer
### Subdomains
- `www.d-bis.org` - Website (if applicable)
- `api.d-bis.org` - API endpoint (if applicable)
- `status.d-bis.org` - Status page (if applicable)
## Phishing Detection Repositories
### MetaMask eth-phishing-detect
- **Repository**: [MetaMask/eth-phishing-detect](https://github.com/MetaMask/eth-phishing-detect)
- **Purpose**: Domain allowlist/denylist for MetaMask
- **Check**: Verify domains are not flagged
- **Action**: Submit PR if false positive
### How to Check
1. **Check Repository**: Check eth-phishing-detect repository
2. **Search Domains**: Search for your domains
3. **Verify Status**: Verify domains are not in denylist
4. **Report Issues**: Report false positives if found
## False Positive Reporting
### Process
1. **Identify False Positive**: Domain incorrectly flagged
2. **Create Issue**: Create issue on eth-phishing-detect repository
3. **Provide Evidence**: Provide evidence domain is legitimate
4. **Wait for Review**: Wait for maintainer review
5. **Follow Up**: Follow up if needed
### Issue Template
```markdown
## False Positive Report
**Domain**: d-bis.org
**ChainID**: 138
**Network**: DeFi Oracle Meta Mainnet
## Evidence
- Official documentation: https://github.com/Defi-Oracle-Tooling/smom-dbis-138
- Explorer: https://explorer.d-bis.org
- RPC: https://rpc.d-bis.org
## Request
Please remove d-bis.org from the phishing denylist as it is a legitimate domain for ChainID 138.
```
## Domain Security
### Best Practices
1. **Use HTTPS**: Always use HTTPS for all domains
2. **Valid SSL Certificates**: Ensure valid SSL certificates
3. **Domain Security**: Implement domain security (DNSSEC, etc.)
4. **Monitor**: Monitor for domain spoofing
5. **Report**: Report suspicious domains
### SSL Certificates
- **Provider**: Cloudflare
- **Type**: SSL/TLS certificates
- **Validity**: Auto-renewed
- **Monitoring**: Monitor certificate expiration
## Monitoring
### Regular Checks
- [ ] Check eth-phishing-detect monthly
- [ ] Verify domains are not flagged
- [ ] Monitor for domain spoofing
- [ ] Report false positives immediately
- [ ] Update domain security as needed
### Alerts
- Set up alerts for domain changes
- Monitor for phishing attempts
- Track domain reputation
- Monitor SSL certificate status
## References
- [eth-phishing-detect](https://github.com/MetaMask/eth-phishing-detect)
- [MetaMask Security](https://support.metamask.io/hc/en-us/articles/4427602331163)
- [Phishing Prevention](https://support.metamask.io/hc/en-us/articles/4427602331163)