Greasy Fork is available in English.

Discussioni » Feedback di Greasy Fork

Popular scripts, security holes

§
Pubblicato: 14/11/2020

Hi! I am sort of new here and I am wondering of how many scripts here are outdated and abandoned, but still make a lot fresh installs per day (even if a script was not updated for years) and have a thousands of old active users (assumed by updates checks in the scripts statistics).

Example of the script: https://greasyfork.org/scripts/735

Guys, I really hope you have some premoderation of the big-scripts updates, especially not updated for years. ESPECIALLY marked with @include http*://*/*

Also, just look at that: https://greasyfork.org/scripts/405943

It's a kind of smart, wow. I will make an on screenshot explanation. This guy soon will can kick any of his enemy from that games

https://i.imgur.com/kxpkBLf.png

Guys, this is a 50-lines script that I found literally a minute ago just fast-checking first and second page of the top scripts. This is so bad

https://i.imgur.com/AKGrTpq.png

wOxxOmMod
§
Pubblicato: 14/11/2020

There are simple checks against spam bots but there's no human premoderation, of course. For something as big and as frequently updated as GreasyFork you would need like a hundred of full-time reviewers which even Google/Mozilla don't have. You can report those scripts individually, however you would need to present a proof in a fashion that's immediately obvious and verifiable, something I haven't been able to see in your message above.

wOxxOmMod
§
Pubblicato: 14/11/2020

An example of an actionable proof would be your first screenshot.

§
Pubblicato: 14/11/2020
Modificato: 14/11/2020

I just checked a nearby discussion

https://greasyfork.org/discussions/greasyfork/65072-why-does-greasy-fork-moderation-allow-blatant-spam-bots-on-the-site

I don't think you need a hundred full-time reviewers to reject a reports of a scripts that can be useful only for spam and nothing else.

Also, script I have reported here still was not disabled even after the mod answered me, so I think I can't do anything else about here.

At last I just want to say, when the new user that came here for a good script, doesn't matter small one or large, goes to check some another popular script and gets malicious crap, what you think will he do? Answer: he probably will delete both of them, because of no trust. Not a good thing for the good scripts authors, isn't it?

wOxxOmMod
§
Pubblicato: 14/11/2020

You need to use the reporting function on a script so the author has a chance to defend themselves. In this case I don't see any urgent need to delete the script as it's not even confirmed that the code you found has been actually ever used.

I don't think you need a hundred full-time reviewers to reject a reports of a scripts that can be useful only for spam and nothing else.

The rules on GreasyFork are simple so it doesn't take more than a second to realize that a report is invalid. Reviewing code to find possible exploits is orders of magnitude more complicated. This is totally incomparable.

At last I just want to say, when the new user that came here for a good script, doesn't matter small one or large, goes to check some another popular script and gets malicious crap, what you think will he do? Answer: he probably will delete both of them, because of no trust. Not a good thing for the good scripts authors, isn't it?

There are no big galleries where users can or should trust the content implicitly. There is exactly zero reason to trust a random extension in Chrome Web Store or an app in Google Play or even a non-recommended extension in Mozilla's addons gallery.

§
Pubblicato: 14/11/2020
As mentioned, it's not feasible for us to check every script. We rely on users to report anything that goes against our rules.

If you find something, please report it, and include in detail what it's doing and what code is doing it, if possible. The moderators all know JavaScript, but will likely not know the specifics of how the site/game/whatever works.

Pubblica risposta

Accedi per pubblicare una risposta.