top | item 45107549

Ask HN: How do you protect against malicious links in user-generated content?

3 points| TimLeland | 6 months ago

If your app allows users to post or share content, chances are they’ll eventually try to drop in links. Some of those may be spammy, others outright malicious (phishing, malware redirects, throwaway domains, etc.)

I’m curious how companies handle this in practice. Do you:

Block certain TLDs or domains?

Use external reputation or threat-intel APIs?

Follow redirects and scan the final destination?

Sanitize or nofollow everything?

Rely on user reports + moderation queues?

Something else entirely?

It seems like a constant balancing act between safety, performance, and not frustrating legitimate users.

What’s worked well (or failed) for you? Any battle-tested approaches you’d recommend?

discuss

No comments yet.