It is currently Thu May 25, 2017 5:47 pm

All times are UTC - 6 hours




Post new topic Reply to topic  [ 14 posts ] 
Author Message
 
PostPosted: Tue Apr 12, 2011 9:45 am 
Offline
User avatar

Joined: Tue Jun 26, 2001 6:00 pm
Posts: 2782
Location: Montreal, Canada
Today I received a SPAM to an email address I use only here at Chiff. Actually, I took the habit of using a specific address for all sites I use my address on, so that I can pinpoint the source of spam... I'm not sure if you can qualify this email of SPAM, because maybe it was sent manually to many Chiff members... it's from Mysterious Records, pointing to url http://WWW.Ke-Ju.COM. It's music related, so maybe someone actually went through all members to send the email... but as far as I know, there is no way for a bot to 'fetch' email addresses automatically from phpBB, so I hope someone didn't hack the accounts!

PS: I call SPAM any unsolicited mail that is sent in an automatic, bulk manner. I don't care what the subject is.
PS2: Annoyingly enough, there is no way to get 'removed' from the company's mailing list


Top
 Profile  
Reply with quote  
 
PostPosted: Tue Apr 12, 2011 1:17 pm 
Offline
Moderatorer
User avatar

Joined: Wed Dec 18, 2002 6:00 pm
Posts: 31831
Location: Minneapolis
Just checked my email, and I have not received this spam. Dunno if that's due to good filters, or what.

_________________
"Dreams about the future are always filled with gadgets." - Neil deGrasse Tyson

"An anti-lunacy gadget would be nice..." - Nano


Top
 Profile  
Reply with quote  
 
PostPosted: Thu Apr 14, 2011 4:36 am 
Offline
User avatar

Joined: Tue Jul 06, 2010 10:02 am
Posts: 312
Location: Surrey, United Kingdom
I got that spam mail too, but wouldn't be able to pinpoint the origin as I use this address for almost everything.


Top
 Profile  
Reply with quote  
 
PostPosted: Thu Apr 14, 2011 5:49 am 
Offline
Moderator
User avatar

Joined: Wed Jan 14, 2009 5:21 pm
Posts: 10589
Location: Unimportant island off the great mainland of Europe
I got the same one, and did assume it had come via here, or that that's where the spammers had got my e-mail. But I didn't much care - I just deleted it.

_________________
"Only connect!"


Top
 Profile  
Reply with quote  
 
PostPosted: Thu Apr 14, 2011 5:56 am 
Offline
The Landlord
User avatar

Joined: Wed May 16, 2001 6:00 pm
Posts: 10273
Location: Chiff & Fipple's LearJet: DaleForce One
I think that has happened before and it's hard to know why. Bots are not supposed to be able to grab user data from the forum. But, email addresses held by Epsilon weren't supposed to be breached either, but it happened.


Top
 Profile  
Reply with quote  
 
PostPosted: Thu Apr 14, 2011 9:27 am 
Offline

Joined: Thu Feb 07, 2008 3:30 pm
Posts: 561
Location: Ohio
they wouldn't have to grab user data from the forum in the sense of 'from the database'...
because email addresses are in the html of the page - the button labeled email at the bottom of each post has an email for the poster in plain text - not all posts have this button showing so it is probably some user setting.

Bill

edit: note that those saying they received the email have the email button in their posts (at least for now - does this change for old posts if their settings are updated) and the couple that posted that they did not get the email (which includes me) do not have the email button turned on

_________________
“When a Cat adopts you there is nothing to be done about it except put up with it until the wind changes.” T.S. Elliot


Top
 Profile  
Reply with quote  
 
PostPosted: Thu Apr 14, 2011 2:14 pm 
Offline
User avatar

Joined: Sat Sep 30, 2006 12:45 pm
Posts: 18663
Location: San Diego, CA
Yep, what highwood said. A web scraper can suck e-mail addresses from the HTML page. Thankfully, this has not been a widespread problem here.

_________________
Vivat diabolus in musica! MTGuru's (old) GG Clips / Blackbird Clips

Joel Barish: Is there any risk of brain damage?
Dr. Mierzwiak: Well, technically speaking, the procedure is brain damage.


Top
 Profile  
Reply with quote  
 
PostPosted: Thu Apr 14, 2011 5:24 pm 
Offline
User avatar

Joined: Mon Nov 17, 2003 11:29 am
Posts: 24005
Location: N of Seattle
I've noticed that the default is to show the email address.
Someone might want to change that.

Most of the new members have email address shown.
It is somewhat like begging.

_________________
Picture a bright blue ball just spinning, spinning free
It's dizzying, the possibilities. Ashes, Ashes all fall down.


Top
 Profile  
Reply with quote  
 
PostPosted: Thu Apr 14, 2011 6:27 pm 
Offline
User avatar

Joined: Sat Sep 30, 2006 12:45 pm
Posts: 18663
Location: San Diego, CA
I think we want to leave e-mail displayed by default. Individuals are welcome to turn it off. But we must have a valid e-mail addy in our database. We can change the default and/or tighten up bot access if scraping becomes a problem.

_________________
Vivat diabolus in musica! MTGuru's (old) GG Clips / Blackbird Clips

Joel Barish: Is there any risk of brain damage?
Dr. Mierzwiak: Well, technically speaking, the procedure is brain damage.


Top
 Profile  
Reply with quote  
 
PostPosted: Thu Apr 14, 2011 7:04 pm 
Offline
User avatar

Joined: Wed Dec 17, 2003 9:57 am
Posts: 7633
Location: Minneapolis, MN, USA, Earth
MTGuru wrote:
I think we want to leave e-mail displayed by default. Individuals are welcome to turn it off. But we must have a valid e-mail addy in our database. We can change the default and/or tighten up bot access if scraping becomes a problem.
It would still be in the database (as mine is) but it wouldn't be automatically displayed with the little button (like mine is not to all non Admin).

_________________
"Be not deceived by the sweet words of proverbial philosophy. Sugar of lead is a poison."


Top
 Profile  
Reply with quote  
 
PostPosted: Thu Apr 14, 2011 7:12 pm 
Offline
User avatar

Joined: Sat Sep 30, 2006 12:45 pm
Posts: 18663
Location: San Diego, CA
I.D.10-t wrote:
It would still be in the database (as mine is) but it wouldn't be automatically displayed with the little button (like mine is not to all non Admin).

Oh, sorry ... Yes, that's right. I meant the "valid e-mail addy" comment as a separate (but related) issue.

_________________
Vivat diabolus in musica! MTGuru's (old) GG Clips / Blackbird Clips

Joel Barish: Is there any risk of brain damage?
Dr. Mierzwiak: Well, technically speaking, the procedure is brain damage.


Top
 Profile  
Reply with quote  
 
PostPosted: Thu Apr 14, 2011 7:25 pm 
Offline
User avatar

Joined: Mon Nov 17, 2003 11:29 am
Posts: 24005
Location: N of Seattle
I don't feel that many of them are tech savvy enough understand the implications of leaving it shown.

_________________
Picture a bright blue ball just spinning, spinning free
It's dizzying, the possibilities. Ashes, Ashes all fall down.


Top
 Profile  
Reply with quote  
 
PostPosted: Thu Apr 14, 2011 7:33 pm 
Offline
User avatar

Joined: Sat Sep 30, 2006 12:45 pm
Posts: 18663
Location: San Diego, CA
Let's put it this way: It's been that way for 10 years. We're not inclined to change it for now. :wink:

_________________
Vivat diabolus in musica! MTGuru's (old) GG Clips / Blackbird Clips

Joel Barish: Is there any risk of brain damage?
Dr. Mierzwiak: Well, technically speaking, the procedure is brain damage.


Top
 Profile  
Reply with quote  
 
PostPosted: Fri Apr 22, 2011 8:03 pm 
Offline
User avatar

Joined: Tue Jun 26, 2001 6:00 pm
Posts: 2782
Location: Montreal, Canada
Well, I am shocked! I just checked the source of the HTML and yes, the email is there in plain text! The reason I am shocked is that there are many efficient ways to 'hide' or 'scramble' an email address in the source html code using javascript (those are called email obfuscators). As a web programmer, I've been doing this for years and the bots are never able to harvest displayed emails. I would have thought phpBB would be using such email scrambler, but it seems they don't!!

I just checked and it seems there's no obfuscator module available for phpBB. :-? I guess I'm going to disable the email feature then...


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 14 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group
[ Time : 0.102s | 13 Queries | GZIP : On ]
(dh)