Fix false positives for Coders Rank and LessWrong #2591
Conversation
…e:- Coders Rank: Changed from message to status_code detection - Removed unreliable message detection 'not a registered member' - Added errorCode 404 for better false positive prevention - LessWrong: Added exclusion for false positive prevention - Site returns empty HTTP 200 responses for all users - Cannot distinguish between real and fake users - Excluded to prevent false positive resultsBoth changes contribute to resolving issue sherlock-project#2547 false positive remediation.Tested with fake usernames to verify false positive behavior.
Automatic validation of changes
Failures were detected on at least one updated target. Commits containing accuracy failures will often not be merged (unless a rationale is provided, such as false negatives due to regional differences). |
|
Coders Rank returns HTTP 200 for fake users making detection extremely difficult |
|
Hello, @BUZZ1592003 Regarding Less Wrong site, Sherlock seems to be blocked by the Vercel security layer. (You can verify that using the --dump-response flag). So to get past that, I believe we have to bring about quite a few changes in Sherlock's working. I tried with a couple of headers, but Vercel Security Layer seems to block all of them |
Thanks @akhi7177 That explains the empty responses perfectly. Should I keep this open as documentation or would you prefer I close it until the Vercel security layer issues are resolved.......? |
Let's keep this PR open for the time being and have @ppfeister throw some light on this. |
Description
Fixes false positive detection issues for two sites that were incorrectly reporting fake usernames as existing users.
Changes Made
Coders Rank
messagetostatus_codewitherrorCode: 404LessWrong
Testing Evidence
Tested with fake username
testuser123:Contributes to Issue
Addresses #2547 - False Positive Remediation