| Author |
 Topic  |
|
|
gpspassion
Junior Member
260 Posts |
 Posted - 07 July 2004 : 21:08:55
|
Tonight a friendly person from the Ivory Coast registered on my forums with a valid @yahoo.it addess and used the forum email feature to send unsollicited emails, a variation on the Nigerian Spam
Any wasy to prevent this, other than "killing" the email feature which I need for notifications? Possibly logging to be able to react quickly in case something like this happens? |
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 07 July 2004 : 21:16:51
|
Lock his account.
Turn on "Require unique email" option, so they can't register with the same email address. |
Support Snitz Forums
|
 |
|
|
gpspassion
Junior Member
260 Posts |
Posted - 07 July 2004 : 21:21:13
|
| Right, and I also locked out the IP and "cookied" it with IPGate, but that won't prevent someone else on another computer to start again. I think the only effective way would be to monitor "PM" activity (not necessarily content to avoid privacy issues) so as to react quickly if something like this happens. |
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 07 July 2004 : 21:47:20
|
| you could probably do something like requiring a certain amount of posts before someone could send e-mails to users. Or maybe require them to be a member for a certain amount of time. You could probably also limit the amount of text in the e-mail so that things like this "Nigerian Spam" couldn't be sent (unless they make it really brief). |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 07 July 2004 : 21:53:11
|
| That's a good point Richard. They would have to prove to be a respecting member before being allowed to use all the features of the forum. |
Support Snitz Forums
|
|
|
|
gpspassion
Junior Member
260 Posts |
Posted - 07 July 2004 : 22:06:35
|
| Yes, alhtough that might cut out people with a legit reason to send email. I thin some type of monitoring option for PM could help. |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 07 July 2004 : 22:18:41
|
Why would anyone need to send email to a forum member after just signing up? They can use the forum to communicate to the forum member or post thier email address and ask the member to email them.
A PM Monitoring option? You said the person sent the spam via email? How would monitoring the Private Messages help in that regards?
The idea of limiting the amount of text sent in an email is also a good idea. You could limit the amount of text for new users. After a certain amount of posts or amount of time being a member, you can extend that limit. So if they MUST email a member, they can email a short message saying that they want to contact them. |
Support Snitz Forums
|
|
|
|
Dave.
Senior Member
USA
1037 Posts |
Posted - 07 July 2004 : 22:52:23
|
| How about you have a field on the database, M_LASTEMAIL. Have the text from the last email they sent in it, and if they send more than 3 emails with the same text...they are automatically locked? |
|
|
|
gpspassion
Junior Member
260 Posts |
Posted - 08 July 2004 : 05:34:39
|
By "PM" I meant "Forum Email"
Yes that last solution sounds like a goood fix, but I wouldn't know how to implement it.
I do think that this is a "hole" in the current Sntz implementation and it's possible that spammers are going to spread the word at some point. Other than shutting off the email server I don't see a way of preventing it, with my limited knowledge of course and shutting off the email server will prevent new registration (unless you don't validate emails...) so that can only be done in case of an emergency.
|
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 08 July 2004 : 05:48:36
|
| sending e-mail via the forum is not quick and easy. You have to send each one individually, which takes time. Spammers like to load up their mass mailers and feed it a list of e-mail addresses and let it do all the work. |
|
|
|
HuwR
Forum Admin
United Kingdom
20595 Posts |
Posted - 08 July 2004 : 08:44:38
|
| also not every member will have opted to receive emails, which makes using the forums to spam users even more dificult and time consuming. The fact that members can email other members is a feature not a bug or hole that requires fixing. |
|
|
|
gpspassion
Junior Member
260 Posts |
Posted - 08 July 2004 : 13:54:26
|
| Sure, all I'm saying is that some crazy dude spent hours sending several hundred messages yesterday to so many of my forum members, making me look a bit stupid in the process. Worst part is that unless I shut down the email server it migh happen again at any time as well as to anyone running Snitz forums. I think it's a valid concern and Dave's solution looks a good fix, unfortunately I wouldn't know where to start to implement it :-( |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 08 July 2004 : 17:14:53
|
For someone to do that, they probably have something against you, your members or your site. Because spammers are not going to sit down, register at a forum, then one by one, send a spam email to each of your members. That's a waste of thier time.
Seeing as this how it is in all the major forum software out there, this would be a bug in all of them.
So I wouldn't call it a hole in the software. It's just that this particular person has targetted your site. You need to take measures to prevent him/her from doing it again. Don't shut down the email server. Just turn off the email capabilities on your forum until you implement a solution.
If you prefer Dave's solution, I can work with you in creating a mod to do that. |
Support Snitz Forums
|
|
|
|
gpspassion
Junior Member
260 Posts |
Posted - 09 July 2004 : 20:16:38
|
Maybe I should be more suspicious, but that looked like a bona fide "Nigerian Scam" email (see below) with an IP in the Netherlands and I agree that it's a terrible waste of time!
Would love to see a MOD around Dave's suggestions ;-)
*****************************************************************
For entertainment purposes:
FROM Maris and Michael
NOTE:PLEASE REPLY TO MY PRIVATE E-MAIL BOX
BELOW;( maris_hugos@yahoo.it)
Abidjan,Cote d'ivoire
Dear,One
WE ARE INTRODUCING OURSELF, I AM Maris Hugos AND MY BROTHER IS MICHAEL HUGOS, WE ARE THE ONLY CHILDREN OF THE LATE MR AND MRS SMITH HUGOS
I wish to request for your assistance in a financial transaction. Dear I get your contact from a member of this your sit.We wish to invest in Manufacturing and real estate management in your country. With the fund our late Father deposited with a security company in europe.And the amount is ten million,five houndred thousand state dollarls (10.5mDollars to invest in the transaction and I will require your assistance in receiving the funds in your account in your country. We will gladly give to you 15% of the total sum for your assistance. please it is important you contact us immediately with our private e-mail address (maris_hugos@yahoo.it) for further explanation.
Awaiting your immediate response thanks and God bless.
Regards
Maris Hugos |
Edited by - gpspassion on 09 July 2004 20:22:23 |
|
|
| |
Topic |
|
Topic Locked
