Metamask issue of phishing attack

Moralis General

LoneS58 July 5, 2023, 11:19am #1

There is an error while trying to sign into metamask. The issue is that:

Its a self hosted moralis server on http://xxxxxxxxxxx.us-east-1.elasticbeanstalk.com/server
I applied SSL certificate to load balancers on elasticbeanstalk. That secured the backend to a https URL: https://backend.treasurehunttoken.com/server
My website is made in nextjs and the auth is implemented on frontend. At https://beta.treasurehunttoken.com/

Whenever I login via metamask, I get this warning:

The message while signing looks something like this:

Here is the Parse cloud function:

cryptokid July 5, 2023, 6:15pm #2

you have to change the uri and domain in that info that is displayed (you have to change those parameters when you use Auth API) so that it matches the current domain

LoneS58 July 5, 2023, 6:35pm #3

Should I add parameters inside the parse cloud function’s code? Stating the domain to be frontend’s url and domain?

cryptokid July 5, 2023, 8:25pm #4

you can try that, I don’t know where from it got that default URI

LoneS58 July 5, 2023, 10:08pm #5

If I click on requestMessage, it leads me to some authService.ts file which has the values embedded to use SERVER_URL environment variable

While hosting, I tend to keep the SERVER_URL to be http://xxxxxx.us-east-1.elasticbeanstalk.com/server

After that, I just apply the SSL certificates and take my site to https://backend.treasurehunttoken.com/server

This time I redeployed the server with https://backend.treasurehunttoken.com/server
Keeping the same SERVER_URL as the above one ^. The error does not go away.

cryptokid July 6, 2023, 5:24am #6

you can make the changes there or overwrite them, when it calls authApi in that code that you found