Textpattern CMS

#13 2006-07-31 12:13:41

Mary

Sock Enthusiast

Registered: 2004-06-27

Posts: 6,236

Re: Text Pattern forum compromized? [ed: no]

By the way, anyone know how to delete an email account from TextDrive using Webmin?

It’s under Virtual Servers > your domain > Edit Mail & FTP users

#14 2006-07-31 12:29:05

colak

Admin

From: Cyprus

Registered: 2004-11-20

Posts: 9,028

Website GitHub Mastodon Twitter

Re: Text Pattern forum compromized? [ed: no]

here are all the helpbase topics in there

---

Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

#15 2006-08-01 12:25:58

Destry

Member

From: Haut-Rhin

Registered: 2004-08-04

Posts: 4,909

Website

Re: Text Pattern forum compromized? [ed: no]

Mary, colak…thanks.

#16 2006-08-07 18:16:59

hakjoon

Member

From: Arlington, VA

Registered: 2004-07-29

Posts: 1,634

Website

Re: Text Pattern forum compromized? [ed: no]

The current email settings seem to actually reveal everyone’s email addresses in a mailto link instead of forcing it through the forum form, even when set to “Hide your e-mail address and disallow form e-mail.” This actually seems worse then before as a registered spammer could then just harvest pages and pages of email addresses.

Changing the privacy setting back “Hide your e-mail address but allow form e-mail.” does not seems to change anything though. I still get just a mailto link with the email address in there for the taking.

Also I can’t remeber but is there a way to allow form emails from the profile page? That was the way people contacted me for textbook accounts.

---

Shoving is the answer – pusher robot

#17 2006-08-07 18:18:45

Mary

Sock Enthusiast

Registered: 2004-06-27

Posts: 6,236

Re: Text Pattern forum compromized? [ed: no]

Patrick, you’re a moderator: you can always see email addresses. Other users do not. :)

Edit:

…is there a way to allow form emails from the profile page?

See my post. I’ve already been asked: it’s all or nothing. Either everyone can get the email form, or nobody can. Another PunBB limitation.

Last edited by Mary (2006-08-07 18:20:50)

#18 2006-08-07 18:26:57

hakjoon

Member

From: Arlington, VA

Registered: 2004-07-29

Posts: 1,634

Website

Re: Text Pattern forum compromized? [ed: no]

D’oh! I’m an idiot. I think a week of non stop packing is getting to me.

If I change my setting to “Hide your e-mail address but allow form e-mail.” will that allow the form mail to work from the profile page? So people can contact me for textbook acocunts.

Not sure how to check what registered users see.

---

Shoving is the answer – pusher robot

#19 2006-08-07 18:31:56

Mary

Sock Enthusiast

Registered: 2004-06-27

Posts: 6,236

Re: Text Pattern forum compromized? [ed: no]

If I change my setting to “Hide your e-mail address but allow form e-mail.” will that allow the form mail to work from the profile page? So people can contact me for textbook acocunts.

Yes.

#20 2006-08-07 19:41:29

hakjoon

Member

From: Arlington, VA

Registered: 2004-07-29

Posts: 1,634

Website

Re: Text Pattern forum compromized? [ed: no]

Rock! thanks Mary.

---

Shoving is the answer – pusher robot

#21 2006-08-10 22:06:06

Agentflit

New Member

Registered: 2006-07-20

Posts: 4

Re: Text Pattern forum compromized? [ed: no]

Thanks for the confirmation that no addresses were revealed, I got one of these and was worried.

#22 2006-08-18 20:38:38

baby

Plugin Author

From: Buenos Aires, Argentina

Registered: 2005-10-16

Posts: 95

Website

Re: Text Pattern forum compromized? [ed: no]

zem wrote:

Update: confirmed. From the mail logs, it appears that no more than about 20 messages were sent. We’ve banned the user in question, and we’re looking at ways of restricting the use of the ‘send mail’ function (e.g. making it unavailable to new signups).

Can you see (maybe checking the timings) if the mail messages were sent actually by hand by a real human or that might have been scripted?

If the latter is true, maybe optionally adding captcha (captcha.net) to the ‘send mail’ function? would there be a PunBB extension to do this?

hakjoon wrote:

Not sure how to check what registered users see.

Maybe creating another forum account for yourself and using it for testing? (you’d need to use a different browser for this so you don’t have to be logging in and out every time).

Last edited by baby (2006-08-18 20:40:09)

---

Mariano Absatz – El Baby

I don’t suffer from insanity. I enjoy every minute of it.

#23 2006-08-19 00:22:59

Mary

Sock Enthusiast

Registered: 2004-06-27

Posts: 6,236

Re: Text Pattern forum compromized? [ed: no]

It was done by a person, by hand.

Patrick’s problem is that he forgets he has too much “power”. hehe

#24 2006-08-25 01:18:56

Elenita

Member

From: Falls Church, VA

Registered: 2004-05-16

Posts: 407

Website

Re: Text Pattern forum compromized? [ed: no]

And now we have <a href=“http://forum.textpattern.com/viewtopic.php?pid=122737#p122737”>forum</a> <a href=“http://forum.textpattern.com/viewtopic.php?id=18287”>spam</a>. Sigh.

Can that user account and/or IP address be banned, please?