Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: Text Pattern forum compromized? [ed: no]
The current email settings seem to actually reveal everyone’s email addresses in a mailto link instead of forcing it through the forum form, even when set to “Hide your e-mail address and disallow form e-mail.” This actually seems worse then before as a registered spammer could then just harvest pages and pages of email addresses.
Changing the privacy setting back “Hide your e-mail address but allow form e-mail.” does not seems to change anything though. I still get just a mailto link with the email address in there for the taking.
Also I can’t remeber but is there a way to allow form emails from the profile page? That was the way people contacted me for textbook accounts.
Shoving is the answer – pusher robot
Offline
#17 2006-08-07 18:18:45
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: Text Pattern forum compromized? [ed: no]
Patrick, you’re a moderator: you can always see email addresses. Other users do not. :)
Edit:
…is there a way to allow form emails from the profile page?
See my post. I’ve already been asked: it’s all or nothing. Either everyone can get the email form, or nobody can. Another PunBB limitation.
Last edited by Mary (2006-08-07 18:20:50)
Offline
Re: Text Pattern forum compromized? [ed: no]
D’oh! I’m an idiot. I think a week of non stop packing is getting to me.
If I change my setting to “Hide your e-mail address but allow form e-mail.” will that allow the form mail to work from the profile page? So people can contact me for textbook acocunts.
Not sure how to check what registered users see.
Shoving is the answer – pusher robot
Offline
#19 2006-08-07 18:31:56
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: Text Pattern forum compromized? [ed: no]
If I change my setting to “Hide your e-mail address but allow form e-mail.” will that allow the form mail to work from the profile page? So people can contact me for textbook acocunts.
Yes.
Offline
Re: Text Pattern forum compromized? [ed: no]
Rock! thanks Mary.
Shoving is the answer – pusher robot
Offline
#21 2006-08-10 22:06:06
- Agentflit
- New Member
- Registered: 2006-07-20
- Posts: 4
Re: Text Pattern forum compromized? [ed: no]
Thanks for the confirmation that no addresses were revealed, I got one of these and was worried.
Offline
Re: Text Pattern forum compromized? [ed: no]
zem wrote:
Update: confirmed. From the mail logs, it appears that no more than about 20 messages were sent. We’ve banned the user in question, and we’re looking at ways of restricting the use of the ‘send mail’ function (e.g. making it unavailable to new signups).
Can you see (maybe checking the timings) if the mail messages were sent actually by hand by a real human or that might have been scripted?
If the latter is true, maybe optionally adding captcha (captcha.net) to the ‘send mail’ function? would there be a PunBB extension to do this?
hakjoon wrote:
Not sure how to check what registered users see.
Maybe creating another forum account for yourself and using it for testing? (you’d need to use a different browser for this so you don’t have to be logging in and out every time).
Last edited by baby (2006-08-18 20:40:09)
Mariano Absatz – El Baby
I don’t suffer from insanity. I enjoy every minute of it.
Offline
#23 2006-08-19 00:22:59
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: Text Pattern forum compromized? [ed: no]
It was done by a person, by hand.
Patrick’s problem is that he forgets he has too much “power”. hehe
Offline
Re: Text Pattern forum compromized? [ed: no]
And now we have <a href=“http://forum.textpattern.com/viewtopic.php?pid=122737#p122737”>forum</a> <a href=“http://forum.textpattern.com/viewtopic.php?id=18287”>spam</a>. Sigh.
Can that user account and/or IP address be banned, please?
Offline
Re: Text Pattern forum compromized? [ed: no]
There’s an Akismet plugin for PunBB that’s looking promising.
Spammers are everywhere, I delete spam on a daily basis from my PunBB forums and Textpattern sites. On Textpattern it’s easy cause I have moderation setup and I get emails but on a forum like this with the amount of traffic it gets, it would be a daunting task to use moderation.
We Love TXP . TXP Themes . TXP Tags . TXP Planet . TXP Make
Offline
#26 2006-08-25 04:50:07
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: Text Pattern forum compromized? [ed: no]
Spam is deleted and the user banned, usually within the same day. Nothing can really be done about it that wouldn’t be more of a headache for the vast majority of legitimate users.
Offline
Re: Text Pattern forum compromized? [ed: no]
<a href=“http://forum.textpattern.com/viewtopic.php?pid=122903#p122903”>Here we go again</a>.
Offline
Re: Text Pattern forum compromized? [ed: no]
Should we use the ‘Report’ link to report spam or should it be reported here?
Offline
#29 2006-08-27 02:54:06
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: Text Pattern forum compromized? [ed: no]
Should we use the ‘Report’ link to report spam…?
Yes.
Typically, I check the forum at least once a day, but often several times throughout. I scan through all the new threads since my last login, and can usually tell if it is spam and deal with it appropriately. I’m also notifed of every bounced email and user signup, so I can often root out spam before it is attempted as well.
When you “Report” any thread, any administrator and moderator can see those as well, so they often get dealt with before I even am aware of their presence. :)
Offline