Search Results for 'spam'
-
AuthorSearch Results
-
December 15, 2009 at 2:45 pm #58782
In reply to: User / messaging exploit? Causing spam
David LewisParticipantYou know you’ve made it when… LOL
I would highly recommend against closing off the private messaging system or even allowing it as an option. Being able to message someone you are not friends with is a HUGE use case in my opinion. Crucial even. I wouldn’t give users the option to set it to friends only. Or at least… I would like the site admin to have the ability to disable that option.
Personally… I despise CAPTHCA. Don’t pass your problems off on your users. Like websites that say “Best viewed in” or “Set your screen size to”… etc. Any solution must be invisible to users. I’ve heard of people using javascript events (mouse click for instance) as an alternative. Sounds good to me. Here’s something I found with a quick Google search.
http://www.webdesignfromscratch.com/javascript/human-form-validation-check-trick.php
Alternately… you could use a simple math question… like as in example. LOL
http://farm3.static.flickr.com/2174/2268237733%5Fcda4a1dbb3.jpg?v=0
December 15, 2009 at 2:33 pm #58781In reply to: User / messaging exploit? Causing spam
stripedsquirrelParticipant@DJ PAul & Jeff.
DJ Paul: Agree that a user should be able to choose whether he wants PM from strangers or only from friends.
Jeff, not sure if this is what you mean, but does the Privacy Component allow you to define this setting as just described? Do you have any update about whether your work might be added to core or if it is considered a plugin?
December 15, 2009 at 2:22 pm #58779In reply to: User / messaging exploit? Causing spam
af3Participantreceived this 4hrs ago from babyzin, a day after hakam’s, and i do look quite ok:
My dear
how are you,
i hope that all is ok, as is my pleasure to contact you after viewing your profile at (buddypress.org) which really interest me in having communication with you if you will have the desire with me ,
here is my email as i will be waiting to hear from you,
yours linda
December 15, 2009 at 1:47 pm #58775In reply to: User / messaging exploit? Causing spam
Jeff SayreParticipant@Harry (a.k.a. stripedsquirrel)
I think a very good start is that you can only message your friends. Thought that this would be already ths case, that is why I wondered how we could get spammed?
See this discussion: https://buddypress.org/forums/topic/compose-message-send-to-username
Basically, the autocomplete message recipient list only autofills from your friends list. However, anyone can message any other individual via the “Send Message” button on user’s profile screen. All that is needed for a user to send a PM is that they have a member account and that they are logged in to the system.
On a related note, my Privacy Component does have an option to filter out the “Send Message” button, making it only visible to those you choose.
December 15, 2009 at 1:45 pm #58774In reply to: User / messaging exploit? Causing spam
Paul Wong-GibbsKeymaster– Anyway, I think a very good start is that you can only message your friends. Thought that this would be already ths case, that is why I wondered how we could get spammed?
In my case, I need to be able to receive messages from anyone. Such a thing needs to be a per-person decision/setting.
December 15, 2009 at 1:25 pm #58772In reply to: User / messaging exploit? Causing spam
stripedsquirrelParticipantHi DJ Paul.
as far as I can see, nobody is complaining that the sky is falling, that would be a quite silly thing to do. Well I guess technically it is, but at least the earth is stopping it from doing so
Just pointing out an inaccuracy in thinking, I am sure that this is allowed without immediately posting PHP to fix it?
Back on topic; the question should also be: how could this spammer get access to all the usernames automatically? Of course everybody is listed, but somehow the were harvested and added to the pm list.
– Anyway, I think a very good start is that you can only message your friends. Thought that this would be already ths case, that is why I wondered how we could get spammed?
– Additionally: a maximum of PM’s per user per x amount of time (seems that 1/minute should be enough, + 50 per day. of course this should be optional and configurable with error notification (site options or plugin?)
– Maybe a maximum mailbox size, which included sent messages. So that at least spammers have to clean out their sent box before being able to send new messages.
– Also a maximum of adressees per PM, else the other 2 are useless
– maybe a minimum age of user (meaning time since registration), before he can send out PM at all?
Of course, any of these can be worked around, but at least it might slow spam down, at least from strangers..
Cheers, Harry
December 15, 2009 at 12:50 pm #58769In reply to: User / messaging exploit? Causing spam
Paul Wong-GibbsKeymasterRather than complaining that the sky is falling, how would you propose we resolve this issue? A captcha on the Messages screen (or at least making sure hooks are in to allow a plugin dev to add this)? Messages sent only to friends?
December 15, 2009 at 12:34 pm #58764In reply to: User / messaging exploit? Causing spam
stripedsquirrelParticipantHi Andy, I think you are incorrect there. Spammers like to send spam. I am sure you get some in your email?
What is easier to get into a nice big community (without having to create a blog) and easily (?) send spam PM to all members of the community? You don’t even have to infect computers, as you can use the internal messaging system and you know most users will get the message as an email as well.
Hey, it saves them from email harvesting or buying ‘5 billion email addreses’ dbases as the community has already done this.
So, no, apparently (and this example that started this topic has proven this), it is possible on BuddyPress and it serves the spammers purpose, so disabling blog registration will not stop this. You can disable blog and user registration, but it might be hard to start a community that way..
Cheers, Harry
December 15, 2009 at 6:48 am #58745In reply to: User / messaging exploit? Causing spam
Andy PeatlingKeymasterSpam is generally only a problem if you have blog registrations on, spammers only care about creating and spamming on blogs. I think some work will be done on this, but it’s not going to be on the BuddyPress side.
December 15, 2009 at 5:28 am #58742In reply to: User / messaging exploit? Causing spam
Arx PoeticaParticipantWord. Patch it!
I’ve been having sign up spams (arguably a different issue) on my BP install, and just shut all signups down until I could figure out what to do about it.
Scouring the WordPress MU forums has made me realize three things:
1. Spamming is a huge problem for WordPress MU users
2. I’m betting that BuddyPress will/might have even larger problems due to the very nature of the beast (it’s all about users, right? Which is where the bots/spammers gravitate)
3. There are no sure-fire methods for preventing spammers
…well, there’s a fourth, too…
4. Many of the old hats on the WordPress MU forums are getting tired of explaining how to defend against so-called “splog” signup bots and spammers.
Just some observations, as BP just received its first official spammer. (Yes, I got the email too, and saw the small twitter firestorm this morning over it.)
December 15, 2009 at 4:20 am #58739In reply to: User / messaging exploit? Causing spam
John James JacobyKeymaster@Seobrien, can you confirm that you were looking at the site users and not the blog users?
It’s a common mistake to think that users don’t exist because at first you naturally check “settings->users” instead of “site admin->users”. The first is only showing you users on the blog you’re looking at, the second will show you users on your site.
I can’t think of a circumstance where a user could somehow function through-out the site without a user account. Even if there’s a misalignment of data between BP and WP, if there’s no WP account, they can’t login. Also, they cannot login simply with an incomplete registration in WPMU (wp_signups), since the login page checks only the (wp_users) table.
@nexia, if you are duplicate this phantom registration method on any WPMU or BP installation, I’d love for you to PM me the steps so we can help patch the issue.
December 15, 2009 at 3:50 am #58738In reply to: User / messaging exploit? Causing spam
SeobrienParticipantI suppose I should take it as a good sign that my site got hit with the spam first?
December 14, 2009 at 8:53 pm #58717In reply to: Spam from buddypress.org
Andy PeatlingKeymasterI’ve spammed the user – please don’t re-post the messages in the forums since that sort of aids their cause.
December 14, 2009 at 8:47 pm #58716In reply to: Spam from buddypress.org
abcde666ParticipantI am sure Linda is a very pretty girl
December 14, 2009 at 4:33 pm #58696In reply to: New Default Theme Is Available
D CartwrightParticipantedit: These errors fixed as of rev 2174. I’ll stop spamming you now Andy
edit again: There’s still no “My Blogs” adminbar item though.
December 14, 2009 at 3:28 pm #58690In reply to: New BuddyPress 1.2 default theme
D CartwrightParticipantOohh.. Time to spam F5 on the trac methinks
December 14, 2009 at 1:36 am #58655In reply to: wp-signup.php and login issues
MarkParticipantI posted this elsewhere but it now belongs as part of this discussion: When using Buddypress, should /wp-signup.php result in an blank page or the registration form (or redirect to /register)? If the issue described here exists, how do you get the proper default buddypress behavior?
see: http://ttacconnect.org/wp-signup.php
I could delete /wp-signup to remove the errors but I’d like to understand how bp and wpmu is designed to work (are there any consequences for deleting wp-signup.php?).
I know BuddyPress is using /register.php and not /wp-signup.php. But when /wp-signup.php is hit (typically by spam bots) a PHP Warning is generated. No white space outside of php closing tags in header.php. I’m not too concerned about that as I figure if it’s working as it should (no registration form), then the php warning will take care of itself (and not be generated). So what needs to change to get /wp-signup.php to result in a blank page?
PHP Warning: Cannot modify header information – headers already sent by (output started at xxxx/bp-sn-parent/header.php:3) in xxxx/wp-includes/pluggable.php on line 865
See no Warning and no Registration Form (blank page). Is this the proper default buddypress/wpmu behavior?
http://nourishnetwork.com/wp-signup.php
Here /wp-signup.php was deleted and results in a page not found:
http://memomu.com/wp-signup.php
wpmu 2.8.6 with active plugins on main bp site:
bp 1.1.3, bp-groupblog, auto group join, Group Forum Subscripton, bad behavior
December 14, 2009 at 12:58 am #58652In reply to: User / messaging exploit? Causing spam
stripedsquirrelParticipantI don’t think it’s spam as she clearly picked only the handsome guys.
Still waiting for her picture though…
December 13, 2009 at 9:42 pm #58633In reply to: User / messaging exploit? Causing spam
Jeff SayreParticipantHaha! Yes, I told my wife about it and she said go ahead.
Seriously though, it is amazing that this is the first spam exploit that has hit our PM system. I get so many of these pathetic attempts via email each day that I was surprised this morning when I checked my email and saw that one had been sent via the BP PMing system.
December 13, 2009 at 7:49 pm #58624In reply to: User / messaging exploit? Causing spam
Jean-Pierre MichaudParticipantif you have no wife and no problem with the police, you’re safe Jeff…
December 13, 2009 at 7:32 pm #58621In reply to: User / messaging exploit? Causing spam
Jeff SayreParticipantI actually responded to her email. Was I not supposed to? She seemed so nice.
December 13, 2009 at 7:14 pm #58623In reply to: User / messaging exploit? Causing spam
@mercimeParticipantOpened up the same message myself a few minutes ago. Thanks.
December 13, 2009 at 3:11 pm #58600In reply to: User / messaging exploit? Causing spam
pcwriterParticipantI got the same dummy message 2 hours ago. Marked as spam? Good
December 13, 2009 at 2:32 pm #58597In reply to: User / messaging exploit? Causing spam
Andy PeatlingKeymasterUser has been marked as spam.
December 13, 2009 at 12:48 pm #58591In reply to: User / messaging exploit? Causing spam
Paul Wong-GibbsKeymasterI’m aware of the hakam00 thing. If akismet looked at BP private messages to see if they were spam, we’d also need to build in an area for people to go and ‘unspam’ the messages.
-
AuthorSearch Results