What does it actually do? (READ)
- Disables use of people using Slackbot to remind channels.
- Disables people from sending messages as anyone through the open legacy tokens api.
- You can whitelist the
config.inithat are allowed to post messages.
- This will also reduce the attack vector of people creating apps and messaging everyone to look more legit.
- Periodically remind you to enable 2fa if it's not enabled.
- Posts warnings of URLs in messages if they're currently being tracked in EtherScamDB.
- Archive the auto-deleted messages to an archive private channel for admins to look at.
- A quick "Deploy to Heroku" so you can get on with business and have this running in the background, doing its thing.
What's happening now in public channels
Below you will see an example of a bad actor using Slack API to send a message to a public channel
as any user (notice "MyEtherWallet" isn't a listed user or app) and make an 'attachment' with a link
to what looks like myetherwallet.com - but it's not. It's a link to another domain, which usually is
a MyEtherWallet clone (or ICO website clone) modified to steal users private keys. This is also
happening within the
With the SafeSlack tool
Below you will see the same message being sent - but because the bot isn't whitelisted (in
the message gets auto-deleted before anyone has the chance to read and click it - it also gets
auto-deleted within the