Close
dadaIMC Discussion List
Abuse of emailto.php, dada-imc dev status
I'm trying to find time to collect my notes about errata encountered
with current version of dadaimc. It would be good to have this
documented, whether stlimc.org moves to another CMS or not. I'd
recommend interested folks sign up for an account at bugs.dadaimc.org
and file their errata.
In the meantime, I've noticed that the email function provided by
/emailto.php is being regularly and extensively exploited by spammers,
presumably by script or some other automation. In particular, spammers
are pasting arbitrary content into the email form's textbox and then
sending it to everyone and his mother. The code in emailto.php uses the
javascript function isValidEmail(str) to verify that the sender's email
is valid format, but no verification beyond that. There is also no
captcha field on this email form, so it easily exploitable.
I've had to disable /emailto.php to keep stlimc.org from being
blacklisted. (I can forward the edited emailto.php to you if you
want.) Has anyone encountered this problem?
data_monkey wrote:
> I help with the DC IMC site. I would be interested in working on some of the bug fixes that you and we have encountered. Maybe we can put up a list on one of the sites and work through some of the problems collectively.
>
> -----Original Message-----
>
>> From: Ben <westbywest-AT-riseup.net>
>> Sent: Oct 17, 2006 6:02 PM
>> To: dadaIMC Discussion <dadaIMC-AT-lists.dadaimc.org>
>> Subject: Re: dev status?
>>
>> Hello,
>>
>> I am also curious about dadaimc dev status, and I have to admit, sadly,
>> that I find it rather telling that no one has responded yet to Rob
>> Wolff's query from last week.
>>
>> I help run the St. Louis IMC, which uses dada. We have a laundry list
>> of errata discovered in the current codebase, and someday (?) I'd love
>> to spend time trying to fix a few of these things, so as to benefit the
>> rest of the dada community.
>>
>> However, if the future of dadaimc codebase is in question, I do have to
>> admit some doubt in the utility of this time spent fixing bugs. For
>> example, I notice our nearest neighbor Urbana-Champaign IMC, which used
>> to run a heavily modified instance of dadaimc, has recently switched to
>> drupal. Is continued support of dadaimc becoming quixotic?
>>
>> It would be really great to see frank discussion on this from other dada
>> developers, or at least acknowledgment they are involved in the CMS
>> evaluation process going now on in Indymedia tech collective.
>>
>> P.S. This conversation also applies to the radicalendar service, which
>> is based on dada, and which itself has a number of "features" probably
>> unintended by the authors.
>>
>> Rob Wolff wrote:
>>
>>> Hi,
>>>
>>> What is the current status for dada development? Currently, imc techs
>>> are discussing the possibility of moving to a different cms, and I
>>> wonder if this is a factor in the recent hiatus for folks working on
>>> dada. List info:
>>>
>>> lists.indymedia.org/pipermail/imc-cms/
>>>
>>> What will become of dada as this process moves forward?
>>>
>>> rob
>>>
>> --
>> Ben West
>> westbywest-AT-riseup.net
>>
>> -------------
>> To unsubscribe, send blank email
>> to dadaIMC-off-AT-lists.dadaimc.org
>>
>>
>
> -------------
> To unsubscribe, send blank email
> to dadaIMC-off-AT-lists.dadaimc.org
>
>
--
Ben West
westbywest-AT-riseup.net
-------------
To unsubscribe, send blank email
to dadaIMC-off-AT-lists.dadaimc.org
with current version of dadaimc. It would be good to have this
documented, whether stlimc.org moves to another CMS or not. I'd
recommend interested folks sign up for an account at bugs.dadaimc.org
and file their errata.
In the meantime, I've noticed that the email function provided by
/emailto.php is being regularly and extensively exploited by spammers,
presumably by script or some other automation. In particular, spammers
are pasting arbitrary content into the email form's textbox and then
sending it to everyone and his mother. The code in emailto.php uses the
javascript function isValidEmail(str) to verify that the sender's email
is valid format, but no verification beyond that. There is also no
captcha field on this email form, so it easily exploitable.
I've had to disable /emailto.php to keep stlimc.org from being
blacklisted. (I can forward the edited emailto.php to you if you
want.) Has anyone encountered this problem?
data_monkey wrote:
> I help with the DC IMC site. I would be interested in working on some of the bug fixes that you and we have encountered. Maybe we can put up a list on one of the sites and work through some of the problems collectively.
>
> -----Original Message-----
>
>> From: Ben <westbywest-AT-riseup.net>
>> Sent: Oct 17, 2006 6:02 PM
>> To: dadaIMC Discussion <dadaIMC-AT-lists.dadaimc.org>
>> Subject: Re: dev status?
>>
>> Hello,
>>
>> I am also curious about dadaimc dev status, and I have to admit, sadly,
>> that I find it rather telling that no one has responded yet to Rob
>> Wolff's query from last week.
>>
>> I help run the St. Louis IMC, which uses dada. We have a laundry list
>> of errata discovered in the current codebase, and someday (?) I'd love
>> to spend time trying to fix a few of these things, so as to benefit the
>> rest of the dada community.
>>
>> However, if the future of dadaimc codebase is in question, I do have to
>> admit some doubt in the utility of this time spent fixing bugs. For
>> example, I notice our nearest neighbor Urbana-Champaign IMC, which used
>> to run a heavily modified instance of dadaimc, has recently switched to
>> drupal. Is continued support of dadaimc becoming quixotic?
>>
>> It would be really great to see frank discussion on this from other dada
>> developers, or at least acknowledgment they are involved in the CMS
>> evaluation process going now on in Indymedia tech collective.
>>
>> P.S. This conversation also applies to the radicalendar service, which
>> is based on dada, and which itself has a number of "features" probably
>> unintended by the authors.
>>
>> Rob Wolff wrote:
>>
>>> Hi,
>>>
>>> What is the current status for dada development? Currently, imc techs
>>> are discussing the possibility of moving to a different cms, and I
>>> wonder if this is a factor in the recent hiatus for folks working on
>>> dada. List info:
>>>
>>> lists.indymedia.org/pipermail/imc-cms/
>>>
>>> What will become of dada as this process moves forward?
>>>
>>> rob
>>>
>> --
>> Ben West
>> westbywest-AT-riseup.net
>>
>> -------------
>> To unsubscribe, send blank email
>> to dadaIMC-off-AT-lists.dadaimc.org
>>
>>
>
> -------------
> To unsubscribe, send blank email
> to dadaIMC-off-AT-lists.dadaimc.org
>
>
--
Ben West
westbywest-AT-riseup.net
-------------
To unsubscribe, send blank email
to dadaIMC-off-AT-lists.dadaimc.org
Previous message in thread | Next message in thread
Thread
Re: dev status? / data_monkey / 18 Oct 2006
• Abuse of emailto.php, dada-imc dev status / Ben <westbywest-AT-riseup.net> / 30 Oct 2006
RE: Abuse of emailto.php, dada-imc dev status / "sysop-AT-wirecom.com" <sysop-AT-wirecom.com> / 30 Oct 2006
Report Bugs
dadaIMC uses the Mantis bug-tracking system for bug reporting. Please use it! And check for existing reports of your bug before submitting a new one.
CVS
The current CVS version of dadaIMC is now browseable online. Be forewarned, though, that it is not always in a useable state as-is!
Donations
Support development!