http://www.local599.org/cgi-bin/t..."> http://www.local599.org/cgi-bin/t...">
Previous Thread
Next Thread
Print Thread
Hop To
#137617 09/12/2000 8:50 PM
Anonymous
Unregistered
Anonymous
Unregistered
It would be nice to have something like this
<A HREF="http://www.local599.org/cgi-bin/tell/3/tell.cgi" target="_new">http://www.local599.org/cgi-bin/tell/3/tell.cgi</A>
to inform users of your site!

#137618 09/12/2000 9:37 PM
Anonymous
Unregistered
Anonymous
Unregistered
I have three hacks that might interest you:

1. <A HREF="http://www.amdragon.com/cgi-bin/wwwthreads/showthreaded.pl?Cat=&Board=hack&Number=1444&page=2&view=collapsed&sb=5" target="_new">Tell-a-Friend</A>

2. <A HREF="http://www.amdragon.com/cgi-bin/wwwthreads/showthreaded.pl?Cat=&Board=hack&Number=1191&page=2&view=collapsed&sb=5" target="_new">Send this Post to a Friend</A>

and

3. <A HREF="http://www.amdragon.com/cgi-bin/wwwthreads/showthreaded.pl?Cat=&Board=hack&Number=1315&page=1&view=collapsed&sb=5" target="_new">Send2Friend PLUS</A>

- an enhanced version which has Send this Post to a Friend plus a Global HTML Email Option.

<img src="http://www.amdragon.com/images/eileensig.gif" alt=" - " />

#137619 09/13/2000 10:54 AM
Anonymous
Unregistered
Anonymous
Unregistered
Let me point out that, (without looking at the specific code for any of these hacks), the abuse potential on them is QUITE high, and I wouldn't (personally) recommend it to anyone.

D

#137620 09/13/2000 12:13 PM
Anonymous
Unregistered
Anonymous
Unregistered
Hi Dredd. We were thinking about implementing some sort of "tell a friend" thing but we were concerned about abuse too. We decided that once we got W3T up we would integrate it with that to have the message sent to the "friend" include the (already verified by W3T) email address of the person doing the sending (and they would be told that this would happen). The idea was that people wouldn't spam if they couldn't do it anonymously. We were also planning to notify the "friend" that they could have their email address put on a list to block such emails from our site in the future. I don't know if Eileen's hacks have such things already built in (I haven't looked). Do you think there would still be a significant risk of abuse? Any interesting stories you would like to share? Thanks.

Bill Dimm, <A HREF="http://MagPortal.com/" target="_new">MagPortal.com</A> - find magazine articles

#137621 09/13/2000 12:28 PM
Anonymous
Unregistered
Anonymous
Unregistered
Hotmail, Excite, Yahoo all offer what a spammer considers "throwaway" e-mail addresses.

e.g., they get a freemail account, register with your board, and then spam the hell out of someone.

It needs to have some rate-limiting involved. (e.g., maybe you can only invite X users per month, where X is some value calculated based on the number of posts you yourself have made. Likewise, address foo@domain.com can only RECEIVE Y invitations, to prevent someone from using you to mailbomb someone.)

It gets very cluttered and confusing, and (from my practical experience) isn't worth the effort, as the recipient almost always considers it spam and deletes it without reading.

D

#137622 09/13/2000 1:08 PM
Anonymous
Unregistered
Anonymous
Unregistered
Doesn't this sort of mail-bombing risk already exist with the "I forgot my password" feature in W3T?

Bill Dimm, <A HREF="http://MagPortal.com/" target="_new">MagPortal.com</A> - find magazine articles

#137623 09/13/2000 1:18 PM
Anonymous
Unregistered
Anonymous
Unregistered
Yes, it does. (Sadly). I haven't seen it exploited in the wild, but doesn't mean I think we should add a bunch of new "features" with the same vulnerability, either.

d

#137624 09/13/2000 2:43 PM
Anonymous
Unregistered
Anonymous
Unregistered
My hacks all include the poster's email address and they can only send to *one* recipient. I think it would take too much of their energy to keep sending over and over for them to bother. There's much easier ways to spam if that's what they're into...

<img src="http://www.amdragon.com/images/eileensig.gif" alt=" - " />

#137625 09/13/2000 2:48 PM
Anonymous
Unregistered
Anonymous
Unregistered
<blockquote><font size=1>In reply to:</font><hr>

I think it would take too much of their energy

[/quote]

Hmmm, LWP is your friend. Shouldn't be too hard to do:

foreach $victim (@bigarray)
{
my $req = new HTTP::request(GET "blahblah&address=$victim");
my $response = $ua->request($req);
}

(syntax here is intentionally boned, too lazy to look it up). Point is, it can't be that hard at ALL to use it as a nice convenient spam tool, using the web site's mail path as the source.

Muy muy bad.

D

#137626 09/14/2000 3:25 AM
Anonymous
Unregistered
Anonymous
Unregistered
Anybody who is prepared to go to those lengths is going to find a way whatever we do. I see no reason to cripple our sites in a futile attempt to thwart them.

<img src="http://www.amdragon.com/images/eileensig.gif" alt=" - " />

#137627 09/27/2001 12:35 AM
Anonymous
Unregistered
Anonymous
Unregistered
Just FWIW, we've had a "refer a friend" feature on our site for four years. We average 100K pages served per day and have our share of psychos and we've NEVER EVER had the "refer a friend" feature abused. Not one single complaint in four years.

So while I'm not saying it can't happen, there are

1. easier ways for stupid people to screw with you

and

2. easier ways for smart people to screw with you.

so it tends not to be an issue.


Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
spam issues
by ECNet - 03/19/2024 11:45 PM
Looking for a forum
by azr - 03/15/2024 11:26 PM
Editing Links in Post
by Outdoorking - 03/15/2024 9:31 AM
Question on barkrowler and the like
by Mors - 02/29/2024 6:51 PM
Member Permissions Help
by domspeak - 02/27/2024 6:31 PM
Who's Online Now
0 members (), 744 guests, and 147 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)