Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#13 2006-07-31 12:13:41
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: Text Pattern forum compromized? [ed: no]
By the way, anyone know how to delete an email account from TextDrive using Webmin?
It’s under Virtual Servers > your domain > Edit Mail & FTP users
Offline
Re: Text Pattern forum compromized? [ed: no]
here are all the helpbase topics in there
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Text Pattern forum compromized? [ed: no]
Mary, colak…thanks.
Offline
Re: Text Pattern forum compromized? [ed: no]
The current email settings seem to actually reveal everyone’s email addresses in a mailto link instead of forcing it through the forum form, even when set to “Hide your e-mail address and disallow form e-mail.” This actually seems worse then before as a registered spammer could then just harvest pages and pages of email addresses.
Changing the privacy setting back “Hide your e-mail address but allow form e-mail.” does not seems to change anything though. I still get just a mailto link with the email address in there for the taking.
Also I can’t remeber but is there a way to allow form emails from the profile page? That was the way people contacted me for textbook accounts.
Shoving is the answer – pusher robot
Offline
#17 2006-08-07 18:18:45
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: Text Pattern forum compromized? [ed: no]
Patrick, you’re a moderator: you can always see email addresses. Other users do not. :)
Edit:
…is there a way to allow form emails from the profile page?
See my post. I’ve already been asked: it’s all or nothing. Either everyone can get the email form, or nobody can. Another PunBB limitation.
Last edited by Mary (2006-08-07 18:20:50)
Offline
Re: Text Pattern forum compromized? [ed: no]
D’oh! I’m an idiot. I think a week of non stop packing is getting to me.
If I change my setting to “Hide your e-mail address but allow form e-mail.” will that allow the form mail to work from the profile page? So people can contact me for textbook acocunts.
Not sure how to check what registered users see.
Shoving is the answer – pusher robot
Offline
#19 2006-08-07 18:31:56
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: Text Pattern forum compromized? [ed: no]
If I change my setting to “Hide your e-mail address but allow form e-mail.” will that allow the form mail to work from the profile page? So people can contact me for textbook acocunts.
Yes.
Offline
Re: Text Pattern forum compromized? [ed: no]
Rock! thanks Mary.
Shoving is the answer – pusher robot
Offline
#21 2006-08-10 22:06:06
- Agentflit
- New Member
- Registered: 2006-07-20
- Posts: 4
Re: Text Pattern forum compromized? [ed: no]
Thanks for the confirmation that no addresses were revealed, I got one of these and was worried.
Offline
Re: Text Pattern forum compromized? [ed: no]
zem wrote:
Update: confirmed. From the mail logs, it appears that no more than about 20 messages were sent. We’ve banned the user in question, and we’re looking at ways of restricting the use of the ‘send mail’ function (e.g. making it unavailable to new signups).
Can you see (maybe checking the timings) if the mail messages were sent actually by hand by a real human or that might have been scripted?
If the latter is true, maybe optionally adding captcha (captcha.net) to the ‘send mail’ function? would there be a PunBB extension to do this?
hakjoon wrote:
Not sure how to check what registered users see.
Maybe creating another forum account for yourself and using it for testing? (you’d need to use a different browser for this so you don’t have to be logging in and out every time).
Last edited by baby (2006-08-18 20:40:09)
Mariano Absatz – El Baby
I don’t suffer from insanity. I enjoy every minute of it.
Offline
#23 2006-08-19 00:22:59
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: Text Pattern forum compromized? [ed: no]
It was done by a person, by hand.
Patrick’s problem is that he forgets he has too much “power”. hehe
Offline
Re: Text Pattern forum compromized? [ed: no]
And now we have <a href=“http://forum.textpattern.com/viewtopic.php?pid=122737#p122737”>forum</a> <a href=“http://forum.textpattern.com/viewtopic.php?id=18287”>spam</a>. Sigh.
Can that user account and/or IP address be banned, please?
Offline