Configuring P.U.R.L.S.
Let's get that epic dangerous URL detector up and running.
Last updated
Let's get that epic dangerous URL detector up and running.
Last updated
Some of you know probably know what Purls is already. The brand-new passive dangerous URL detection system. It's actually called the "Passive Uniform Resource Locator Scanner", but to make your life easier we called it PURLS for short.
Enough intro - now let's get it set up.
The Purls control panel should look similar to the Xyron Antispam control panel - but it looks a lot more complicated (and maybe scary).
Turn Purls on. Just run nv!svr_purls toggle.
And then you'll see all those options you can configure to get the best PURLS experience for your server.
Let's configure Purls' sensitivity now.
PURLS uses three sensitivity modes so you can choose the one that fits your server best. Starting from phishing protection, and going all the way to AI-powered detection. We didn't program the AI, the cool guys at IPQS did.
The sensitivities are available here by the way. To configure the sensitivity, run nv!svr_purls sensitivity <sensitivity>.
PhishTank is not owned or developed by NeoSoft, however no data is being sent to PhishTank. We do not hold any responsibility for false positives detected by this service.
PURLS will find a URL in the PhishTank database that matches the similarity threshold when compared with the URL it is trying to scan.
We recommend setting the threshold between 0.8 and 0.95 to find as many phishing URLs as possible while reducing false positives.
To set the threshold, just run nv!svr_purls threshold <threshold> .
Minimum threshold is locked to 0.7.
IPQS is not owned or developed by NeoSoft. Only the URL to scan is being sent to IPQS. We do not hold any responsibility for false positives detected by this service, although this service is the most accurate engine by far.
For servers with Sensitivity 2 unlocked, this will be helpful. Configuring IPQS allows you to get the maximum protection PURLS can offer. IPQS rates a website's sus-o-meter suspiciousness by a score from 0 to 100. PURLS is programmed to only scan websites with a score 75 and up.
Here's how the scores are divided, so you can have an easier time setting things up.
No risk (safe): 0
Low risk (safe): 1-74
High risk (suspicious): 75-84
Very high risk (definitely suspicious): 85-99
Certainly dangerous (malicious): 100
You can configure the actions on what to do for High risk, Very high risk and Certainly dangerous. Just run nv!svr_purls action_<risklevel> <action> .
Not everyone is good. Some people may send bad things, and you need to know what to do in those situations. We offer three options when these bad URLs are detected: scan it with VirusTotal, quarantine the user or ban the user. In the event these detections are from the VirusTotal scan, you can make Purls quarantine, ban or do nothing.
The on-positive action keys should start with "action_". To configure these, run nv!svr_purls <action_key> <action>.
Purls also needs you to configure some settings so it knows what channel to report the detection in, what channels to not run in, what the quarantine role is and if bots should not be scanned or not. This should be obvious at this point, but for the report_ch and whitelist keys, you're gonna need the channel ID.
