Page 1 of 1

FYI Re: Forums

Posted: Mon Sep 28, 2009 11:06 pm
by Vomitous
My 'Always show my email address' setting defaulted to on; I just received a spam on the address I set up just for these forums. Not the end of the world, but I wanted to put this out there in case you didn't know it was happening. There are spambots that specialize in harvesting email addresses from Member lists on phpbb's. It may be a good idea to turn this setting off by default.. if it's possible to do so.

As an individual user who's already signed up:
Profile->Privacy Choices->Always show my e-mail address [No]

As an admin control panel on my board I see:
General->E-mail settings->Hide e-mail addresses

..but I'm not sure this does what I'm thinking of, which is to default the setting to off, but allow people to turn it on. The above assumes phpbb3.

Renaming or changing permissions on memberlist.php will also 'fix' it in that the members' list will no longer work and the bots won't be able to harvest from it. If you know a bit of php you could probably also modify it to not show the email column.


What(if anything) you want to do is up to you, of course. With the amount of spam out there already it's probably not a big deal for most. Certainly not worth drawing much attention away from more worthwhile pursuits.


Edit: Oops, after posting I noticed the 'Comments on this website' Forum.

Re: FYI Re: Forums

Posted: Tue Sep 29, 2009 1:31 am
by Omnidon
Vomitous wrote:My 'Always show my email address' setting defaulted to on;
I wasn't aware that it defaulted to on. I think that changed in one of the patches.

No, there isn't any option in the admin panel to disable it without disabling all email features entirely. This is a heavily modified version of phpBB2, not phpBB3.

However, I just went and edited the php and hard-coded it to default to off, while still allowing users to choose to show their email.
Note that this only affects new users. Existing users will have to doublecheck their profile settings if they are worried about it.

If I find the time, I may modify the email display code to be more secure against bots.

Re: FYI Re: Forums

Posted: Tue Sep 29, 2009 2:26 am
by heruca
Vomitous wrote:I just received a spam on the address I set up just for these forums.
Sorry about the spam. As you surmised, it must have been a spam-bot that harvested your address.

Thanks for mentioning it, though, since no one else has. I hope a future forum update will put an end to that silliness.

Posted: Wed Sep 30, 2009 2:54 pm
by Vomitous
I run a forum, and as such have had to deal with all kinds of horrible bots, as you guys have. I was not trying to give anyone a hard time or force you to do any extra work, but I'm glad to hear you were able to change the behavior nonetheless. No need to apologize about it, thanks for the quick response.