We closed this forum 18 June 2010. It has served us well since 2005 as the ALPHA forum did before it from 2002 to 2005. New discussions are ongoing at the new URL http://forum.processing.org. You'll need to sign up and get a new user account. We're sorry about that inconvenience, but we think it's better in the long run. The content on this forum will remain online.
IndexSuggestions & BugsWebsite,  Documentation,  Book Bugs › bug tracking system: emailaddress exposed to bots
Page Index Toggle Pages: 1
bug tracking system: emailaddress exposed to bots (Read 2467 times)
bug tracking system: emailaddress exposed to bots
Oct 10th, 2006, 5:19pm
 
hello fry and reas!

if one submits a bug, her/his email adress is shown.
please let the submitter decide wheter to only show the email adress to "signed in users" or "even completely hide the email adress" to avoid users getting spammed by bots.

greetings

stefan nowak

P.S.: when posting to yabb, it says: "shortcuts (IE and NS6 only): hit alt+s to send, alt+p to preview, or alt+r to reset". this is also true for safari, just use the ctrl-key instead of the alt-key
Re: bug tracking system: emailaddress exposed to b
Reply #1 - Oct 10th, 2006, 10:42pm
 
have you actually been spammed by this? bugzilla claims it uses some kind of obfuscation to prevent bots.
Re: bug tracking system: emailaddress exposed to b
Reply #2 - Oct 11th, 2006, 11:49am
 
hello fry!

cant't tell if i already have been spammed because of this entry. spam is hard to track (only chance to track back is if u use a unique name or email adress which you only give at a specific site, and you receive spam for this specific name or email adress, but at the bugtracker i gave my main email adress and real name)

what i can tell you is that bugzilla DEFINETELY NOT obfuscates - in the contrary, it provides Name and emailadress in the readable text, and a mailto: link. perfect for spambots.

just have a look at my bug #409 (i delibereatly don t link to the site via an URL, which would even increase spambots to get there) then you can see it.

please do something about it, otherwise all welldoing contributors will be punished for their efforts by emails from Doctor thingy Enlarger.
Re: bug tracking system: emailaddress exposed to b
Reply #3 - Oct 11th, 2006, 12:31pm
 
I've put numerous bugs into the database, with an email address that is only used for these forums and processing's bugzilla, and I've never recieved a single piece of spam to that address.
Re: bug tracking system: emailaddress exposed to b
Reply #4 - Oct 11th, 2006, 12:42pm
 
it is just a question of time and probability.
processing.org is linked to from many sites.
on the processing sites their are links to the bugtracker.
and there are links to the specific bugsites.

therefore a bot, who jumps from link to link and parses for emailaddresses, CAN fetch the emailadresses.

i propose that emailadresses are hidden in public-mode, and might be shown in loged-in mode. then a spammer would at least have to create an account, and then set his bot to the insidearea.

right now any bot, coming from ANYWHERE can get the emailadress.
Re: bug tracking system: emailaddress exposed to b
Reply #5 - Oct 11th, 2006, 5:37pm
 
again, bugzilla claims to use obfuscation, and i've never been spammed from that address, please see:
https://bugzilla.mozilla.org/show_bug.cgi?id=120030
https://bugzilla.mozilla.org/show_bug.cgi?id=219216
for the discussion of adding the obfuscation feature to bugzilla 2.18 (which is what we use).

i understand the concern, i get plenty of spam, but if it's already fixed, then we should be ok.
Re: bug tracking system: emailaddress exposed to b
Reply #6 - Oct 11th, 2006, 7:27pm
 
bugzilla is actually not really obfuscating the address. it just uses the html-entity instead of the @.  .. so this is not really super spam-safe.

since i'm familiar with the bugzilla templates (...) i can have a look and change the email-address to be visible only to bugzilla-admins (so ben can get in touch). others will only see the name there ...

best,
F
Re: bug tracking system: emailaddress exposed to b
Reply #7 - Oct 16th, 2006, 3:55pm
 
ben, have you read my email? i can't make changes to the template files because of the owner-settings of my account. i prepared a file .../bugs/template/en/custom/bug/edit.html.tmpl.f2 ... maybe you can give that a run (can't test here).

(i changed the template to only show email-addresses to the "maintainers group" of bugzilla (you))

best,
F
Re: bug tracking system: emailaddress exposed to b
Reply #8 - Oct 16th, 2006, 6:05pm
 
hello fjen,

thank you for taking my fears and my evidence that it isn t obfuscated seriously and fixing the problem.

right now the adress is still there in clear text, but i guess as soon as your template file is compiled into the bugzilla system the email adresses will finally be readable to the competent people only.

i already received spam adressed to MY CORRECT PASTNAME, which i never published before, therefore it must have come from the bug-site.

greetings

stefan nowak
Re: bug tracking system: emailaddress exposed to b
Reply #9 - Oct 29th, 2006, 7:09pm
 
should be fixed now.

best,
F
Re: bug tracking system: emailaddress exposed to b
Reply #10 - Oct 29th, 2006, 7:23pm
 
confirmed: email addresses are now hidden to anonymous users and visable to logged in users only.

best, stefan nowak
Page Index Toggle Pages: 1