Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: My wife and I created a free tool to (legally) take down scam websites (scammerlocker.vercel.app)
7 points by richardvanorton 6 months ago | hide | past | favorite | 13 comments



Hi HN, My wife & I have built a free, open-source tool to lock scammers out of their domains.

Github: https://github.com/richardvanorton/scammerlocker Website: https://scammerlocker.vercel.app

Here's how it works:- The tool does a WHOIS lookup to get the domain registrar's abuse contact email. Then it uses Groq's mixtral-8x7b model to use the context and target URL provided by the user to generate an abuse report email with a matching subject. Using Mailgun, it emails the domain provider at their designated abuse contact.

The tool works for any illegal websites, including but not limited to investment scams, crypto pump, and dump, phishing pages, animal abuse, etc. All domain registrars, hosting providers, and TLDs are legally required to take action when they receive an abuse report. Typically, it takes several days to a few weeks to take the website down.

We were learning Next.js 14 and figured the best way to learn something, is to build projects with it and here we are!


I just switched the Groq model to llama3-70b-8192 on the website for better performance!


What does it do if someone points it at a legitimate site?


Fake abuse reports will be ignored when the registrar investigates anyway. But for the demo, I added hCaptcha to the form so that malicious actors won't be able to spam the form with abuse reports to a) damage the demo domain's MX reputation or b) overload a domain registrar's inbox.


Does it show you what it generated before sending it, or do we just have to hope that it makes sense and hasn't interpreted anything incorrectly?


This is an MVP. So we couldn't add all the features we wanted. It is certainly on our list to add in the future.

Here is an example report

https://pbs.twimg.com/media/GUZLIcZaYAADlNh?format=png&name=...


My advice is to add some description to the site.

From mobile it looks like some DDOS tool


I will keep this in mind. Thank you.


I submitted https://scammerlocker.vercel.app/ for takedown. Let's see if that works.


Haha, It wouldn't. Invalid reports are ignored by registrars. Nice try though


How do they know what is valid and what is invalid?

Are you just burgening registrars with complaints? I fail to see how your tool can not be used for sending mass complaints out of which 10% or less could be valid.


The tool is intended for taking down obvious scams, like wallet drainers, phishing pages, counterfeit items, drug stores, animal abuse, etc. It's up to the domain registrar to investigate and validate the report.

I don't understand your point about the tool being abused for mass complaints. We do have a captcha implemented with the form. If someone wants to spam a domain registrar, they can also spam from their email accounts. I don't see how we enable mass spam directly.





Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: