What does it actually do? (READ)

  • Disables use of people using Slackbot to remind channels.
  • Disables people from sending messages as anyone through the open legacy tokens api.
    • You can whitelist the bot_ids in config.ini that are allowed to post messages.
    • This will also reduce the attack vector of people creating apps and messaging everyone to look more legit.
  • Periodically remind you to enable 2fa if it's not enabled.
  • Posts warnings of URLs in messages if they're currently being tracked in EtherScamDB.
  • Archive the auto-deleted messages to an archive private channel for admins to look at.
  • A quick "Deploy to Heroku" so you can get on with business and have this running in the background, doing its thing.

What are commands? (READ)

In the config.ini file, you will have a admin[userid] item, this will allow you to send +cmd within the @Slackbot channel to tell SafeSlack to do things, like update a fresh copy of EtherScamDB tracked scam domains so that messages with these links are auto-flagged.

What's happening now in public channels

Below you will see an example of a bad actor using Slack API to send a message to a public channel as any user (notice "MyEtherWallet" isn't a listed user or app) and make an 'attachment' with a link to what looks like myetherwallet.com - but it's not. It's a link to another domain, which usually is a MyEtherWallet clone (or ICO website clone) modified to steal users private keys. This is also happening within the @Slackbot channel.

With the SafeSlack tool

Below you will see the same message being sent - but because the bot isn't whitelisted (in config.ini) the message gets auto-deleted before anyone has the chance to read and click it - it also gets auto-deleted within the @Slackbot channel.