Inspiration
This project idea came to my mind when I realized and witnessed how many internet users fall victim to internet scams and lose their hard-earned money to them. I myself got scammed recently by a fake e-commerce website and lost my share to these scams. Ever since then, I wanted to make use of my coding skills to build something that can help people to stay safe from internet scams. Of course, I can create videos and write blog posts (which I did) to bring awareness to internet users about such scams, but I really wanted to automate the process of determining whether a website is a scam or legitimate. My initial thoughts were building a web app, but then I thought - why not build a Twitter bot instead? Building a web app is great, but what can be even simpler and easier to use - is if there exists a Twitter bot, which you can just mention in a tweet and ask it to scan a URL, and you get a response within minutes saying whether that website is a scam or real. You don't have to go to a web app to perform scans on a suspicious site - you can do all that from within Twitter with just a simple tweet!
What it does
The bot performs some checks on the inputted URL, and comes up with a decision on whether it is a scam or a legitimate website. These checks range from checking the Whois data of the target website for suspicious entries (like the age of the domain) to performing a Google search to analyze the search results and look for suspicious terms that may suggest that the site is a scam. The whole concept of the bot is to automate tasks that a human would do to determine if a website is a scam. What makes it even better is that it has the potential to get more efficient in the future with the help of the community - people can contribute new checks to the bot easily and help inculcate the results it yields.
How we built it
I built it using Python and MySQL. I used the Twitter API v2 with the help of a python twitter wrapper library called Tweepy. The whole process of me building it is documented in a video and it is available on my YouTube It took around 2-4 days to build this project from scratch.
Challenges we ran into
I ran into quite some problems while building this project, but the most "worth-mentioning" challenge that I faced is a vulnerability called SQL Injection. My app was initially vulnerable to SQLi and before it was too late and exploited by someone, I was able to fix this loophole. All this is also documented in this YouTube video. There are also other challenges where some of the checks required additional resources - for example, to perform google searches required a google JSON search API key which had a very strict quota restriction, and traditional whois lookups did not always return correct values. I had to write alternate "plan B" logic for these checks so that if they fail, the bot can shift to the alternate logic and still be able to process the checks. Other challenges I faced included performing various checks effectively on the target website by not affecting the scan results time, parsing the URLs correctly, properly breaking the URL into subdomain, domain, and TLD, etc.
Accomplishments that we're proud of
Ever since the app was deployed, I am proud to say that 90% of the results it yielded to real inputs are correct. It was able to rightly distinguish scam websites from legitimate websites in an average time of 1 - 2 minutes.
What we learned
I learned that many creative things can be achieved by making use of Twitter API. Due to the crystal clear documentation, and incredibly fast response times, powerful apps can be built on top of Twitter API.
What's next for Is it just a scam
The future plan for this project is to implement Machine Learning to further improve the results it generates. Other plans include adding more clever checks for detecting scams.
Log in or sign up for Devpost to join the conversation.