Re: User / messaging exploit? Causing spam
Hi DJ Paul.
as far as I can see, nobody is complaining that the sky is falling, that would be a quite silly thing to do. Well I guess technically it is, but at least the earth is stopping it from doing so 
Just pointing out an inaccuracy in thinking, I am sure that this is allowed without immediately posting PHP to fix it?
Back on topic; the question should also be: how could this spammer get access to all the usernames automatically? Of course everybody is listed, but somehow the were harvested and added to the pm list.
– Anyway, I think a very good start is that you can only message your friends. Thought that this would be already ths case, that is why I wondered how we could get spammed?
– Additionally: a maximum of PM’s per user per x amount of time (seems that 1/minute should be enough, + 50 per day. of course this should be optional and configurable with error notification (site options or plugin?)
– Maybe a maximum mailbox size, which included sent messages. So that at least spammers have to clean out their sent box before being able to send new messages.
– Also a maximum of adressees per PM, else the other 2 are useless
– maybe a minimum age of user (meaning time since registration), before he can send out PM at all?
Of course, any of these can be worked around, but at least it might slow spam down, at least from strangers..
Cheers, Harry
