Jump to content

Security Problem on the "Share this link via Email" Page

Featured Replies

Posted

The

index.php?app=forums&module=extras&section=forward&url=TOPICURL



Page (Share this link via Email) need a Captcha!

At the moment the form abused by Spambots to send Spam from the forum. Hope IPS will fix it ASAP (highly recommended at 3.1.2). :ph34r:

Here a Screenshot of a Spammail (see the message between the failure notice message):

post-145138-072825300 1278275812_thumb.p

Can't you disable it for guests/non-registred users?

  • Author

There are no option to disable it per member group.

I have temporarily disabled the "Share this link via E-Mail" Service.

Where did you disable this at?

%7Boption%7D System > Share Links > Email > %7Boption%7D > Edit

Enabled > No :thumbsup:

I think that there should be a permissions system and a CAPTCHA option for the "Share this link via Email" feature. Hopefully, these things can be implemented in IP.Board 3.1.2.


[img]

[/img] System > Share Links > Email > [img]

[/img] > Edit



Enabled > No :thumbsup:




I don't have this in my ACP, but there is a link at the bottom of each topic to share via email.
  • Management

I'll add a captcha to the page and add the ability to turn it off for guests.


I'll add a captcha to the page and add the ability to turn it off for guests.



Thank you. :happy:
  • Author

+1 Matt.

Great! :rolleyes:

Good ideas.


%7Boption%7D

System > Share Links > Email > %7Boption%7D

> Edit



Enabled > No :thumbsup:




Just a heads up, I think might still be able to send emails if you know the URL to the refer page.
  • Management

I have added a captcha for this for 3.1.2

Given the immediate abuse potential (which can get a site's emails blacklisted hurting valid registration emails) can we get a patch for this? Also if the facebook login css/skin (overflow with custom fields) error has been fixed can that be added too? :)

We are focusing heavily on getting 3.1.2 wrapped up and ready for release. That means we don't exactly have enough time write not to be releasing piece-meal patches (and I suspect this patch isn't just a couple of lines of code in one file either), but instead are trying to get the entire release ready for everyone as soon as possible. :)

:). Hoping that this comes soon. I think 3.1.2 will tighten up the boat quite a bit.

  • Author

I'll add a captcha to the page and add the ability to turn it off for guests.






I have added a captcha for this for 3.1.2




Maybe im wrong, but i think we need the ability to turn off the captcha for members (not only for guests).
  • 7 months later...

Was this change made and distributed? Because I still have the issue.

I'd rather have a choice of captcha and questions -- and certainly I'd like to shut it off for guests and other groups (e.g. banned).

I've had this actively exploited.


Was this change made and distributed? Because I still have the issue.



I'd rather have a choice of captcha and questions -- and certainly I'd like to shut it off for guests and other groups (e.g. banned).



I've had this actively exploited.



If it's a problem for you, just disable it. I'd like to know how many people actually use that button anyway. If I want to share a thread with a friend, a "real" email telling them about it is a lot more personal than some forum-generated "Look at this!" message.

Archived

This topic is now archived and is closed to further replies.

Recently Browsing 0

  • No registered users viewing this page.