Problem solved for now... (General)

by erikp, Friday, March 07, 2008, 23:00 (5865 days ago) @ Bert

Many installs lets anyone register and the registering is automatic. A spammer could use this and register, and then use the email function to email anyone by using the contact form.


Captcha prevents this to happen automatically but a sick person could type in his SPAM and send it manually and anonymous to anyone. No way to find the sender back to be able to block him through the banlist...

The User Area is deactivated when visitors are not logged in, a simple change of the code should be able to change that for the email address just the same...

For the time being I removed the code that shows the email and homepage information from the /lang/english.lang file...

Old:


posted_by =                 by <b>[name]</b>[email_hp], [time]
posted_by_location =        by <b>[name]</b>[email_hp], [location], [time]

New:


posted_by =                 by <b>[name]</b> [time]
posted_by_location =        by <b>[name]</b>, [location], [time]

The user infromation is still visible through the user area though but a nicer way would be appriciated (i.e. only visible for users logged in!) so that normal users do have the feature to write an email through the forum.

Bert

The captchas is a nice solution. They prevent bulk mailing (they are not that hard to break, but doing so involves a little more work so I guess they reduce the risk). I think I will look into the code and just remove the possibility to enter the sender address and instead always get it from the database.

/erikp

locked
4577 views

Complete thread:

 RSS Feed of thread