| Author |
 Topic  |
|
|
Lorn
Starting Member
15 Posts |
 Posted - 20 February 2008 : 10:21:39
|
A member of the Forum v3.3.05 sent these comments and I want to confirm with the experts here if there is any truth to this person's allegations.
The site is at http://www.recovery-inc.com/members/forums
and the comments follow:
"the subject is the hole in the site that allows anyone to see any members email address and often their last name. The site is not secure.
I also mentioned that the recent new members seems to contain a good number of people who seem to be porn dealers judging from the home pages and cool sites that they list. Any of these people can farm all our addresses."
Please advise.
Thanks.
Lorn -Administrator
|
Edited by - Lorn on 20 February 2008 11:10:27 |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 20 February 2008 : 10:35:52
|
| well, in the first instance you really should upgrade to the latest version, there have been a lot of security updates since 3.3.05, if you do not update, farming email addresses will be the least of your problems. |
 |
|
|
Lorn
Starting Member
15 Posts |
Posted - 20 February 2008 : 11:29:35
|
ok.
Thank you for the input.
A new website is being developed and I believe the latest version of Snitz will be on it.
In the meantime, how can I suppress or hide the e-mail icon on the topic template? And is it possible to hide the e-mail icon on topics already posted?
Lorn |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 20 February 2008 : 12:24:56
|
| the email icon is not an issue, it does not contain an email address so they can not be harvested that way, unless they physically click on the icon to open the popup (which would not be constituted as harvesting, and can only be done by members anyway) so is not a security issue, if your members are spamming each other just lock the offending account. |
|
|
|
Lorn
Starting Member
15 Posts |
Posted - 20 February 2008 : 14:44:52
|
Thank you for your expertise. I very much appreciate it.
I want to switch gears a little to keep the ideas here.
I'm told Snitz is a windows based product. I'm told we're
deploying Java Web applications to a Tomcat Web server.
Is this a compatible environment for Snitz? |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 20 February 2008 : 17:31:26
|
| There are some who have gotten it working using Sun ONE (or whatever the hell they're calling it this week), but it will take a little work and some tweaking as its a lot more fussy about formatting etc. If you search around here for Sun ONE you should turn up some of the topics (as well as at least one with the new name...) |
|
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 21 February 2008 : 11:52:54
|
| If you're going to be trying to mix your snitz up with a java application, you may run into all kinds of problems with variable types and passing, scope, etc. Try to stay in one environment or the other, and if that's Java, that's Java - it'll be a shame to lose you, but it'll save you a lot of grief in the long run. |
|
|
|
Lorn
Starting Member
15 Posts |
Posted - 25 February 2008 : 20:01:15
|
Good advice for the wise.
Seems the new site might cause a change in direction.
Always something. |
|
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 28 February 2008 : 14:09:52
|
| Keep your brain wide open and enjoy the wild ride :-) |
|
|
|
Lorn
Starting Member
15 Posts |
Posted - 11 March 2008 : 18:35:05
|
As it turned out the hackers penetrated the code and prevented Moderators from deleting their posts or their membership. I pulled the forum off the website. My laptop was infected with a virus and just depressing. Does the newer version have more security to prevent such calamities?
I'll look on these pages for more info.
Thanks. |
Edited by - Lorn on 11 March 2008 18:37:14 |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 11 March 2008 : 18:42:29
|
If you're still using v3.3, then the answer is a most definite yes. As HuwR posted at the beginning of this, there have been a lot of security updates since v3.3.
As for your current situation, I would lock the member instead of deleting the member as this prevents him from using that e-mail address and user name. You might want to check and see if he's elevated his privileges - if he has, knock him down to a regular user before locking him and that may solve the other problem too. Its also possible that he's already demoted your Moderators in order to prevent them from doing anything to his posts...
Lastly, there are some suggestions in this topic: [linkage] that would apply here even though the post was intended to specifically address a recent issue with the v3.4.06 code. |
|
|
| |
Topic |
|
Topic Locked
