| Author |
 Topic  |
|
Kerry
Average Member
USA
553 Posts |
 Posted - 21 March 2001 : 07:02:07
|
Regarding this thread:
http://forum.snitz.com/forum/link.asp?topic_id=6632
It looks as though bulk email list compilers may be noticing Snitz forums in general as a good source of harvesting email addresses.
This is a replacement for pop_mail.asp and took less time to do than to write this. Basically, it just removes the recipients email from the HTML all together and grabs it from the db based on user ID.
Next step should be pop_profile.
Link:
http://www.cantonweb.com/kerrycode/pop_mail.txt
-Kerry
Edited by - kerry on 21 March 2001 07:13:13 |
|
|
Kerry
Average Member
USA
553 Posts |
Posted - 21 March 2001 : 07:36:45
|
In pop_profile.asp at around line 162, look for:
<tr>
<td bgColor=<% =strPopUpTableColor %> align=right width="10%" nowrap><b><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>">Email Address: </font></b></td>
<td bgColor=<% =strPopUpTableColor %><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>"> <a href="JavaScript:openWindow('pop_mail.asp?id=<% =rs("MEMBER_ID") %>')"><% =ChkString(rs("M_EMAIL"), "display") %></a> </font></td>
</tr>
And replace it with this:
<tr>
<td bgColor=<% =strPopUpTableColor %> align=right width="10%" nowrap><b><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>">Email User: </font></b></td>
<td bgColor=<% =strPopUpTableColor %>><font face="<% =strDefaultFontFace %>" size="<% =strDefaultFontSize %>"><a href="JavaScript:openWindow('pop_mail.asp?id=<% =rs("MEMBER_ID") %>')"><% =ChkString(rs("M_NAME"),"display") %></a></font></td>
</tr>
-Kerry
Edited by - kerry on 21 March 2001 08:15:06 |
 |
|
|
blackinwhite
Average Member
Turkey
657 Posts |
Posted - 21 March 2001 : 10:41:00
|
it is really great mod and works fine.Thank you very much Kerry. That could be nice if added to the next version.
|
|
|
|
jramers
Junior Member
133 Posts |
Posted - 21 March 2001 : 13:51:24
|
Excellent, works perfect. I knew it wasn't that big a hack but a very important one. Thanks.
Edited by - jramers on 21 March 2001 13:51:48 |
|
|
|
Kerry
Average Member
USA
553 Posts |
Posted - 21 March 2001 : 14:19:31
|
quote:
Excellent, works perfect. I knew it wasn't that big a hack but a very important one. Thanks.
No prob. It's a small but (I think) potentially impactful code change
I'd kinda like to see implimented *here* (hint, hint, nudge, nudge )
-Kerry
|
|
|
|
Rob Poretti
Junior Member
Canada
435 Posts |
Posted - 21 March 2001 : 14:43:06
|
Thank-you, thank-you...
These kinds of mods are to me, as important (perhaps even more so), than some of the flashy new features that have been coming down the pipe...
Cheers Kerry! 
Rob
|
|
|
|
Kerry
Average Member
USA
553 Posts |
Posted - 21 March 2001 : 14:48:40
|
If anyone wants to see this before they impliment it, I've got it running and
so far can't find any "leaks" where an address shows up. If you see one, let me
know and we'll get the patch kit out right away .
Demo: www.cantonweb.com/forums/default.asp
-Kerry
Edited by - kerry on 21 March 2001 14:49:21 |
|
|
|
work mule
Senior Member
USA
1358 Posts |
Posted - 21 March 2001 : 14:50:25
|
Nice modification. It was simple enough to implement, but it's important. It adds more protection for users of Snitz! Thanks!
You have my vote (whatever that's worth) for putting this in the standard.
|
|
|
|
Kerry
Average Member
USA
553 Posts |
Posted - 21 March 2001 : 17:37:01
|
I was curious about the actual ease with which this site could be
"harvested" for addresses so I spidered it with no filters on using a cheap
shareware spider.
And....
-Kerry
|
|
|
|
wedont
Junior Member
Canada
344 Posts |
Posted - 21 March 2001 : 17:54:46
|
Is this script "allergic" to v3.1sr2 (cookie conflict) or is it safe to implement ?
Thanks,
Wedont
snitz ver3.1 sr2
access 2k. |
|
|
|
Kerry
Average Member
USA
553 Posts |
Posted - 21 March 2001 : 17:57:39
|
It should be fine (line #'s will be different) because no cookies are involved.
...And I just noticed it can grab UIN's as well.
-Kerry
|
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 21 March 2001 : 18:28:57
|
At my Hotmail account, I've reached the limit of blocked addresses in my Block Adresses list (I think it's a 250 address limit).
My Yahoo Blocked Addresses list is growing everyday. |
|
|
|
Kerry
Average Member
USA
553 Posts |
Posted - 21 March 2001 : 18:43:28
|
Yup. The reason I tend to pay attention to spam-related issues is that I
run my own mail servers. Having a large number of email users, I'm frequently
trying to correct / avoid spam-related problems. For nearly a week
I banned the entire countries of Thailand and Peru.
I recently began using MAPS Blackhole service, but I still have to login
almost nightly and block IP's or servers - or email the abuse@'s that can
either cancel an offending account or close up a relay somebody left open.
I don't use IM's, but I've heard spam is becoming a headache there as well.
-Kerry
Edited by - kerry on 21 March 2001 18:46:12 |
|
|
|
wedont
Junior Member
Canada
344 Posts |
Posted - 21 March 2001 : 19:21:40
|
Thanks Kerry, Most Appreciated!
BTW for v3.1 user, to prevent any cookie conflict:
In the New pop_mail.asp use this (around line:116):
Err_Msg = ""
if rs("M_EMAIL") <> " " then
if strAuthType="nt" then
'## Forum_SQL
strSql = "SELECT M_NAME, M_USERNAME, M_EMAIL "
strSql = strSql & " FROM " & strMemberTablePrefix & "MEMBERS"
strSql = strSql & " WHERE M_USERNAME = '" & Session(strCookieURL & "userid") & "'"
elseif strAuthType="db" then
'## Forum_SQL
strSql = "SELECT M_NAME, M_EMAIL "
strSql = strSql & " FROM " & strMemberTablePrefix & "MEMBERS"
strSql = strSql & " WHERE M_NAME = '" & Request.Cookies(strCookieURL & "User")("Name") & "'"
end if
to replace this:
Err_Msg = ""
if rs("M_EMAIL") <> " " then
strSql = "SELECT M_NAME, M_USERNAME, M_EMAIL "
strSql = strSql & " FROM " & strMemberTablePrefix & "MEMBERS"
strSql = strSql & " WHERE "&Strdbntsqlname&" = '" & STRdbntUserName & "'"
PS:Kerry, your site cantonweb.com is awesome.
Wedont
snitz ver3.1 sr2
access 2k.
Edited by - wedont on 21 March 2001 19:47:31 |
|
|
|
James
Average Member
USA
539 Posts |
Posted - 21 March 2001 : 21:53:31
|
Kerry, you do have a nice site.
The security fix looks good too. However, I
still run 3.0sr2 and I imagine it would be a
lot more involved for me. I've been hesitant
to upgrade as I have several mods I don't
want to lose and waiting on a version of
snitz which has most of these mods and also
has Private Messages (which means I'll
probably have to do a two step upgrade to
3.1 first, then to that version). Anyway,
checked out the fix on your site and it
works as promised. I like the fact that the
e-mail is never revealed.
-
Edited by - James on 21 March 2001 21:58:11 |
|
|
|
Kerry
Average Member
USA
553 Posts |
Posted - 21 March 2001 : 23:38:29
|
James,
You might want to backup your current copies of pop_profile & pop_mail and give it a shot with wedont's code above. I'm not sure which part of my brain was asleep to let me think there wasn't a cookie-compat issue between 3.1 and sr4 in this code  .
Anyway, the 3.1 files *might* work - I'm not familiar enough with the cookie history to be able to give an reliable opinion. I'd give it a try and if it doesn't work, reload you old files and we'll see what we can do to modify your old files.
-Kerry
|
|
|
|
Topic |
|
Topic Locked
