Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Spammers hitting my "Report to Administrator" Hard!  (Read 4502 times)

0 Members and 1 Guest are viewing this topic.

HardDriver

  • Coppermine newbie
  • Offline Offline
  • Posts: 9
Spammers hitting my "Report to Administrator" Hard!
« on: January 27, 2007, 05:47:47 am »

About two days ago, spammers realized that they could report photos without being logged into an account - and since then, I've been getting hammered.  Is there any way to restrict photo reports to registered users only?  If not, this is a very serious issue and should definitely be considered in a future version of Coppermine.  Right now my only option is to disable the feature completely (if I can do that, I'm going to have to consult the documentation).  Regardless, it will not take long before other Coppermine installations start getting hit as hard as I am...
« Last Edit: January 27, 2007, 08:39:14 am by GauGau »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Spammers hitting my "Report to Administrator" Hard!
« Reply #1 on: January 27, 2007, 08:38:57 am »

Moving to feature requests.
Logged

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 6006
    • Bettis Wollwelt
Re: Spammers hitting my "Report to Administrator" Hard!
« Reply #2 on: January 27, 2007, 09:01:30 am »

in some way it's already implemented. It's connected to the ecards feature. If you disable sending ecards for guests (group control panel), then they also can't send reports to admins

HardDriver

  • Coppermine newbie
  • Offline Offline
  • Posts: 9
Re: Spammers hitting my "Report to Administrator" Hard!
« Reply #3 on: January 27, 2007, 05:55:13 pm »

Thanks, Stramm, I wasn't aware of that!  This should definitely be made a little more clear - this could cause serious problems for other people who might not investigate the issue (or have their spam filter block all reported photos).
Logged

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: Spammers hitting my "Report to Administrator" Hard!
« Reply #4 on: January 28, 2007, 07:14:07 am »

I think we talked about this when the feature was first implemented. The decision was to keep it simple for users by minimizing the options. Thus, have the option linked to the ecards permissions.

This is also in the documentation:
Quote
Enable reports

Enable reports. When set to "yes," this feature will allow users to report on uploaded files or comments to the site admin.

This setting is dependant on e-cards being enabled. Only users who have permission to send e-cards in the 'groups' settings are able to send reports. The report icon is hidden from those not allowed to do so.
Logged

lamama

  • Contributor
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 404
Re: Spammers hitting my "Report to Administrator" Hard!
« Reply #5 on: January 30, 2007, 11:58:21 am »

I wasn't aware of that. IMO it's no good idea to link ecards and report permissions. I maybe want to avoid guests sending ecards with my galleries pics to the whole wide world, but I may want guests to report without having to register first.

Quote
The decision was to keep it simple for users
it makes the configuration more intransparent and confusing.

But perhaps it makes no sense to discuss that topic here?
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Spammers hitting my "Report to Administrator" Hard!
« Reply #6 on: January 31, 2007, 08:44:47 am »

All features that result in emails being sent by the server should be reviewed extra carefully (applies both to ecards as well as reports), as they may be abused by spammers. Maybe we should re-design the feature to not send emails in the first place, but just show a link in the admin menu instead (similar to the upload approval link) if there are new reports and store/display the reports on the site (storing them inside the db only)?
Logged
Pages: [1]   Go Up
 

Page created in 0.021 seconds with 19 queries.