Processing 1.0 - Processing Discourse - bug tracking system: emailaddress exposed to bots

We closed this forum 18 June 2010. It has served us well since 2005 as the ALPHA forum did before it from 2002 to 2005. New discussions are ongoing at the new URL http://forum.processing.org. You'll need to sign up and get a new user account. We're sorry about that inconvenience, but we think it's better in the long run. The content on this forum will remain online.

Index › Suggestions & Bugs › Website, Documentation, Book Bugs › bug tracking system: emailaddress exposed to bots

‹ Previous Topic | Next Topic ›

Pages: 1

bug tracking system: emailaddress exposed to bots (Read 2467 times)

Stefan Nowak

bug tracking system: emailaddress exposed to bots
Oct 10^th, 2006, 5:19pm

hello fry and reas!

if one submits a bug, her/his email adress is shown.
please let the submitter decide wheter to only show the email adress to "signed in users" or "even completely hide the email adress" to avoid users getting spammed by bots.

greetings

stefan nowak

P.S.: when posting to yabb, it says: "shortcuts (IE and NS6 only): hit alt+s to send, alt+p to preview, or alt+r to reset". this is also true for safari, just use the ctrl-key instead of the alt-key

fry YaBB Moderator Offline Posts: 2623 mass, usa	Re: bug tracking system: emailaddress exposed to b Reply #1 - Oct 10^th, 2006, 10:42pm have you actually been spammed by this? bugzilla claims it uses some kind of obfuscation to prevent bots.

Stefan Nowak

Re: bug tracking system: emailaddress exposed to b
Reply #2 - Oct 11^th, 2006, 11:49am

hello fry!

cant't tell if i already have been spammed because of this entry. spam is hard to track (only chance to track back is if u use a unique name or email adress which you only give at a specific site, and you receive spam for this specific name or email adress, but at the bugtracker i gave my main email adress and real name)

what i can tell you is that bugzilla DEFINETELY NOT obfuscates - in the contrary, it provides Name and emailadress in the readable text, and a mailto: link. perfect for spambots.

just have a look at my bug #409 (i delibereatly don t link to the site via an URL, which would even increase spambots to get there) then you can see it.

please do something about it, otherwise all welldoing contributors will be punished for their efforts by emails from Doctor thingy Enlarger.

JohnG Ex Member	Re: bug tracking system: emailaddress exposed to b Reply #3 - Oct 11^th, 2006, 12:31pm I've put numerous bugs into the database, with an email address that is only used for these forums and processing's bugzilla, and I've never recieved a single piece of spam to that address.

Stefan Nowak

Re: bug tracking system: emailaddress exposed to b
Reply #4 - Oct 11^th, 2006, 12:42pm

it is just a question of time and probability.
processing.org is linked to from many sites.
on the processing sites their are links to the bugtracker.
and there are links to the specific bugsites.

therefore a bot, who jumps from link to link and parses for emailaddresses, CAN fetch the emailadresses.

i propose that emailadresses are hidden in public-mode, and might be shown in loged-in mode. then a spammer would at least have to create an account, and then set his bot to the insidearea.

right now any bot, coming from ANYWHERE can get the emailadress.

fry

Re: bug tracking system: emailaddress exposed to b
Reply #5 - Oct 11^th, 2006, 5:37pm

again, bugzilla claims to use obfuscation, and i've never been spammed from that address, please see:
https://bugzilla.mozilla.org/show_bug.cgi?id=120030
https://bugzilla.mozilla.org/show_bug.cgi?id=219216
for the discussion of adding the obfuscation feature to bugzilla 2.18 (which is what we use).

i understand the concern, i get plenty of spam, but if it's already fixed, then we should be ok.

fjen

Re: bug tracking system: emailaddress exposed to b
Reply #6 - Oct 11^th, 2006, 7:27pm

bugzilla is actually not really obfuscating the address. it just uses the html-entity instead of the @. .. so this is not really super spam-safe.

since i'm familiar with the bugzilla templates (...) i can have a look and change the email-address to be visible only to bugzilla-admins (so ben can get in touch). others will only see the name there ...

best,
F

fjen

Re: bug tracking system: emailaddress exposed to b
Reply #7 - Oct 16^th, 2006, 3:55pm

ben, have you read my email? i can't make changes to the template files because of the owner-settings of my account. i prepared a file .../bugs/template/en/custom/bug/edit.html.tmpl.f2 ... maybe you can give that a run (can't test here).

(i changed the template to only show email-addresses to the "maintainers group" of bugzilla (you))

best,
F

Stefan Nowak

Re: bug tracking system: emailaddress exposed to b
Reply #8 - Oct 16^th, 2006, 6:05pm

hello fjen,

thank you for taking my fears and my evidence that it isn t obfuscated seriously and fixing the problem.

right now the adress is still there in clear text, but i guess as soon as your template file is compiled into the bugzilla system the email adresses will finally be readable to the competent people only.

i already received spam adressed to MY CORRECT PASTNAME, which i never published before, therefore it must have come from the bug-site.

greetings

stefan nowak

fjen God Member Offline Posts: 965	Re: bug tracking system: emailaddress exposed to b Reply #9 - Oct 29^th, 2006, 7:09pm should be fixed now. best, F

Stefan Nowak YaBB Newbies Offline Posts: 23	Re: bug tracking system: emailaddress exposed to b Reply #10 - Oct 29^th, 2006, 7:23pm confirmed: email addresses are now hidden to anonymous users and visable to logged in users only. best, stefan nowak

Pages: 1

‹ Previous Topic | Next Topic ›