Asklemmy

49394 readers

576 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
!lemmy411@lemmy.ca: a community for finding communities

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 6 years ago

MODERATORS

How to check whether a particular url is safe or not ? (lemmy.world)

submitted 1 month ago by Docker@lemmy.world to c/asklemmy@lemmy.ml

7 comments fedilink hide all child comments

top 7 comments

sorted by: hot top controversial new old

[–] chaosCruiser 6 points 1 month ago

https://www.virustotal.com/gui/home/url

[–] Stovetop@lemmy.world 4 points 1 month ago* (last edited 1 month ago) (1 children)

You don't really, other than checking certificates.

URLs are just an address to access content, they don't have much inherent connection to the content that is there. Most legitimate websites use signed certificates to demonstrate validity, but certificates won't tell you if someone infiltrated a legitimate site and uploaded malware to it, for instance.

Avoid http:// connections in favor of https://, as http:// is unsigned, unencrypted, open traffic that anyone with access to your network can snoop on.

[–] thepreciousboar@lemm.ee 6 points 1 month ago (1 children)

Also certificate does not ensure the website is safe, only that you are really talking with the server the URL points to, and not a man-in-the-middle trying to hijack your information (like passwords or payment details).

Nothing stops a malicious site to have a valid https certificate. Sure, more spam-friendly Certification Authorities like Let's Encrypt might revoke spammy certificate, but that's not nevesserily always true.

[–] elvith@feddit.org 2 points 1 month ago

Also it's no indication that the server itself is secure - if I manage to get access to... say Amazon's webserver, I could modify it to send all credit card details, usernames, passwords, etc. to me when someone buys something/logs in. The certificate wouldn't indicate any of that

[–] Zak@lemmy.world 2 points 1 month ago

You can't. You can, however tell if a particular URL is believed to be dangerous by any of several organizations that track such things.

Your browser probably has something built in; Firefox and Chrome do, for example. If you attempt to visit a known-bad URL, the browser will warn you and make you click through the warning before you do. Some other comments in this thread suggest third-party services that will also do this, and may even attempt to check the content found at the URL for known malware.

[–] Intheflsun@lemmy.world 2 points 1 month ago* (last edited 1 month ago)

There are a couple ways, safest is most dns or online toolboxes have checkers, I use this one a lot https://easydmarc.com/tools/phishing-url, really helpful when you're checking quarantined message links.

[–] WhiteHotaru@feddit.org 1 points 1 month ago

If you are dealing with a business you could check, if their adress and tax number are the same as in any official records and sound plausible.