FYI Re: Forums

Vomitous
Cannon Fodder
Posts: 4
Joined: Fri Jul 17, 2009 11:34 am

FYI Re: Forums

Post by Vomitous » Mon Sep 28, 2009 11:06 pm

My 'Always show my email address' setting defaulted to on; I just received a spam on the address I set up just for these forums. Not the end of the world, but I wanted to put this out there in case you didn't know it was happening. There are spambots that specialize in harvesting email addresses from Member lists on phpbb's. It may be a good idea to turn this setting off by default.. if it's possible to do so.

As an individual user who's already signed up:
Profile->Privacy Choices->Always show my e-mail address [No]

As an admin control panel on my board I see:
General->E-mail settings->Hide e-mail addresses

..but I'm not sure this does what I'm thinking of, which is to default the setting to off, but allow people to turn it on. The above assumes phpbb3.

Renaming or changing permissions on memberlist.php will also 'fix' it in that the members' list will no longer work and the bots won't be able to harvest from it. If you know a bit of php you could probably also modify it to not show the email column.


What(if anything) you want to do is up to you, of course. With the amount of spam out there already it's probably not a big deal for most. Certainly not worth drawing much attention away from more worthwhile pursuits.


Edit: Oops, after posting I noticed the 'Comments on this website' Forum.

User avatar
Omnidon
Site Admin
Posts: 2186
Joined: Mon Feb 06, 2006 7:46 pm
Location: NY State, USA
Contact:

Re: FYI Re: Forums

Post by Omnidon » Tue Sep 29, 2009 1:31 am

Vomitous wrote:My 'Always show my email address' setting defaulted to on;
I wasn't aware that it defaulted to on. I think that changed in one of the patches.

No, there isn't any option in the admin panel to disable it without disabling all email features entirely. This is a heavily modified version of phpBB2, not phpBB3.

However, I just went and edited the php and hard-coded it to default to off, while still allowing users to choose to show their email.
Note that this only affects new users. Existing users will have to doublecheck their profile settings if they are worried about it.

If I find the time, I may modify the email display code to be more secure against bots.

User avatar
heruca
Developer
Posts: 9370
Joined: Sun Nov 20, 2005 11:58 pm
Location: Buenos Aires, Argentina
Contact:

Re: FYI Re: Forums

Post by heruca » Tue Sep 29, 2009 2:26 am

Vomitous wrote:I just received a spam on the address I set up just for these forums.
Sorry about the spam. As you surmised, it must have been a spam-bot that harvested your address.

Thanks for mentioning it, though, since no one else has. I hope a future forum update will put an end to that silliness.
:arrow: Please help spread the word about BRPG and BGE, and never hesitate to tell me how I can make them better suit your gaming needs.

Vomitous
Cannon Fodder
Posts: 4
Joined: Fri Jul 17, 2009 11:34 am

Post by Vomitous » Wed Sep 30, 2009 2:54 pm

I run a forum, and as such have had to deal with all kinds of horrible bots, as you guys have. I was not trying to give anyone a hard time or force you to do any extra work, but I'm glad to hear you were able to change the behavior nonetheless. No need to apologize about it, thanks for the quick response.

Post Reply