Chiff and Fipple Forums
http://forums.chiffandfipple.com/

Spam bot got into Chiff's accounts??
http://forums.chiffandfipple.com/viewtopic.php?f=5&t=81590
Page 1 of 1

Author:  Azalin [ Tue Apr 12, 2011 9:45 am ]
Post subject:  Spam bot got into Chiff's accounts??

Today I received a SPAM to an email address I use only here at Chiff. Actually, I took the habit of using a specific address for all sites I use my address on, so that I can pinpoint the source of spam... I'm not sure if you can qualify this email of SPAM, because maybe it was sent manually to many Chiff members... it's from Mysterious Records, pointing to url http://WWW.Ke-Ju.COM. It's music related, so maybe someone actually went through all members to send the email... but as far as I know, there is no way for a bot to 'fetch' email addresses automatically from phpBB, so I hope someone didn't hack the accounts!

PS: I call SPAM any unsolicited mail that is sent in an automatic, bulk manner. I don't care what the subject is.
PS2: Annoyingly enough, there is no way to get 'removed' from the company's mailing list

Author:  Nanohedron [ Tue Apr 12, 2011 1:17 pm ]
Post subject:  Re: Spam bot got into Chiff's accounts??

Just checked my email, and I have not received this spam. Dunno if that's due to good filters, or what.

Author:  Anyanka [ Thu Apr 14, 2011 4:36 am ]
Post subject:  Re: Spam bot got into Chiff's accounts??

I got that spam mail too, but wouldn't be able to pinpoint the origin as I use this address for almost everything.

Author:  benhall.1 [ Thu Apr 14, 2011 5:49 am ]
Post subject:  Re: Spam bot got into Chiff's accounts??

I got the same one, and did assume it had come via here, or that that's where the spammers had got my e-mail. But I didn't much care - I just deleted it.

Author:  Dale [ Thu Apr 14, 2011 5:56 am ]
Post subject:  Re: Spam bot got into Chiff's accounts??

I think that has happened before and it's hard to know why. Bots are not supposed to be able to grab user data from the forum. But, email addresses held by Epsilon weren't supposed to be breached either, but it happened.

Author:  highwood [ Thu Apr 14, 2011 9:27 am ]
Post subject:  Re: Spam bot got into Chiff's accounts??

they wouldn't have to grab user data from the forum in the sense of 'from the database'...
because email addresses are in the html of the page - the button labeled email at the bottom of each post has an email for the poster in plain text - not all posts have this button showing so it is probably some user setting.

Bill

edit: note that those saying they received the email have the email button in their posts (at least for now - does this change for old posts if their settings are updated) and the couple that posted that they did not get the email (which includes me) do not have the email button turned on

Author:  MTGuru [ Thu Apr 14, 2011 2:14 pm ]
Post subject:  Re: Spam bot got into Chiff's accounts??

Yep, what highwood said. A web scraper can suck e-mail addresses from the HTML page. Thankfully, this has not been a widespread problem here.

Author:  Denny [ Thu Apr 14, 2011 5:24 pm ]
Post subject:  Re: Spam bot got into Chiff's accounts??

I've noticed that the default is to show the email address.
Someone might want to change that.

Most of the new members have email address shown.
It is somewhat like begging.

Author:  MTGuru [ Thu Apr 14, 2011 6:27 pm ]
Post subject:  Re: Spam bot got into Chiff's accounts??

I think we want to leave e-mail displayed by default. Individuals are welcome to turn it off. But we must have a valid e-mail addy in our database. We can change the default and/or tighten up bot access if scraping becomes a problem.

Author:  I.D.10-t [ Thu Apr 14, 2011 7:04 pm ]
Post subject:  Re: Spam bot got into Chiff's accounts??

MTGuru wrote:
I think we want to leave e-mail displayed by default. Individuals are welcome to turn it off. But we must have a valid e-mail addy in our database. We can change the default and/or tighten up bot access if scraping becomes a problem.
It would still be in the database (as mine is) but it wouldn't be automatically displayed with the little button (like mine is not to all non Admin).

Author:  MTGuru [ Thu Apr 14, 2011 7:12 pm ]
Post subject:  Re: Spam bot got into Chiff's accounts??

I.D.10-t wrote:
It would still be in the database (as mine is) but it wouldn't be automatically displayed with the little button (like mine is not to all non Admin).

Oh, sorry ... Yes, that's right. I meant the "valid e-mail addy" comment as a separate (but related) issue.

Author:  Denny [ Thu Apr 14, 2011 7:25 pm ]
Post subject:  Re: Spam bot got into Chiff's accounts??

I don't feel that many of them are tech savvy enough understand the implications of leaving it shown.

Author:  MTGuru [ Thu Apr 14, 2011 7:33 pm ]
Post subject:  Re: Spam bot got into Chiff's accounts??

Let's put it this way: It's been that way for 10 years. We're not inclined to change it for now. :wink:

Author:  Azalin [ Fri Apr 22, 2011 8:03 pm ]
Post subject:  Re: Spam bot got into Chiff's accounts??

Well, I am shocked! I just checked the source of the HTML and yes, the email is there in plain text! The reason I am shocked is that there are many efficient ways to 'hide' or 'scramble' an email address in the source html code using javascript (those are called email obfuscators). As a web programmer, I've been doing this for years and the bots are never able to harvest displayed emails. I would have thought phpBB would be using such email scrambler, but it seems they don't!!

I just checked and it seems there's no obfuscator module available for phpBB. :-? I guess I'm going to disable the email feature then...

Page 1 of 1 All times are UTC - 6 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/