Close
dadaIMC Discussion List
RE: Abuse of emailto.php, dada-imc dev status
Hi Ben,
I'd like a copy of your modified emailto.php if you don't mind (I haven't
had the spammer problem you describe yet, but would prefer to head it off
preemptively).
Roch Smith, Jr.
(336) 288-2245
www.greensboro101.com
www.altmedia101.com
> -----Original Message-----
> From: dadaIMC-AT-lists.nothingness.org
> [mailto:dadaIMC-AT-lists.nothingness.org]On Behalf Of Ben
> Sent: Monday, October 30, 2006 2:22 PM
> To: dadaIMC Discussion
> Subject: Abuse of emailto.php, dada-imc dev status
>
>
> I'm trying to find time to collect my notes about errata encountered
> with current version of dadaimc. It would be good to have this
> documented, whether stlimc.org moves to another CMS or not. I'd
> recommend interested folks sign up for an account at bugs.dadaimc.org
> and file their errata.
>
> In the meantime, I've noticed that the email function provided by
> /emailto.php is being regularly and extensively exploited by spammers,
> presumably by script or some other automation. In particular, spammers
> are pasting arbitrary content into the email form's textbox and then
> sending it to everyone and his mother. The code in emailto.php uses the
> javascript function isValidEmail(str) to verify that the sender's email
> is valid format, but no verification beyond that. There is also no
> captcha field on this email form, so it easily exploitable.
>
> I've had to disable /emailto.php to keep stlimc.org from being
> blacklisted. (I can forward the edited emailto.php to you if you
> want.) Has anyone encountered this problem?
>
> data_monkey wrote:
> > I help with the DC IMC site. I would be interested in working
> on some of the bug fixes that you and we have encountered. Maybe
> we can put up a list on one of the sites and work through some of
> the problems collectively.
> >
> > -----Original Message-----
> >
> >> From: Ben <westbywest-AT-riseup.net>
> >> Sent: Oct 17, 2006 6:02 PM
> >> To: dadaIMC Discussion <dadaIMC-AT-lists.dadaimc.org>
> >> Subject: Re: dev status?
> >>
> >> Hello,
> >>
> >> I am also curious about dadaimc dev status, and I have to admit, sadly,
> >> that I find it rather telling that no one has responded yet to Rob
> >> Wolff's query from last week.
> >>
> >> I help run the St. Louis IMC, which uses dada. We have a laundry list
> >> of errata discovered in the current codebase, and someday (?) I'd love
> >> to spend time trying to fix a few of these things, so as to benefit the
> >> rest of the dada community.
> >>
> >> However, if the future of dadaimc codebase is in question, I do have to
> >> admit some doubt in the utility of this time spent fixing bugs. For
> >> example, I notice our nearest neighbor Urbana-Champaign IMC, which used
> >> to run a heavily modified instance of dadaimc, has recently switched to
> >> drupal. Is continued support of dadaimc becoming quixotic?
> >>
> >> It would be really great to see frank discussion on this from
> other dada
> >> developers, or at least acknowledgment they are involved in the CMS
> >> evaluation process going now on in Indymedia tech collective.
> >>
> >> P.S. This conversation also applies to the radicalendar service, which
> >> is based on dada, and which itself has a number of "features" probably
> >> unintended by the authors.
> >>
> >> Rob Wolff wrote:
> >>
> >>> Hi,
> >>>
> >>> What is the current status for dada development? Currently, imc techs
> >>> are discussing the possibility of moving to a different cms, and I
> >>> wonder if this is a factor in the recent hiatus for folks working on
> >>> dada. List info:
> >>>
> >>> lists.indymedia.org/pipermail/imc-cms/
> >>>
> >>> What will become of dada as this process moves forward?
> >>>
> >>> rob
> >>>
> >> --
> >> Ben West
> >> westbywest-AT-riseup.net
> >>
> >> -------------
> >> To unsubscribe, send blank email
> >> to dadaIMC-off-AT-lists.dadaimc.org
> >>
> >>
> >
> > -------------
> > To unsubscribe, send blank email
> > to dadaIMC-off-AT-lists.dadaimc.org
> >
> >
>
>
> --
> Ben West
> westbywest-AT-riseup.net
>
> -------------
> To unsubscribe, send blank email
> to dadaIMC-off-AT-lists.dadaimc.org
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date:
> 10/27/2006
>
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date: 10/27/2006
-------------
To unsubscribe, send blank email
to dadaIMC-off-AT-lists.dadaimc.org
I'd like a copy of your modified emailto.php if you don't mind (I haven't
had the spammer problem you describe yet, but would prefer to head it off
preemptively).
Roch Smith, Jr.
(336) 288-2245
www.greensboro101.com
www.altmedia101.com
> -----Original Message-----
> From: dadaIMC-AT-lists.nothingness.org
> [mailto:dadaIMC-AT-lists.nothingness.org]On Behalf Of Ben
> Sent: Monday, October 30, 2006 2:22 PM
> To: dadaIMC Discussion
> Subject: Abuse of emailto.php, dada-imc dev status
>
>
> I'm trying to find time to collect my notes about errata encountered
> with current version of dadaimc. It would be good to have this
> documented, whether stlimc.org moves to another CMS or not. I'd
> recommend interested folks sign up for an account at bugs.dadaimc.org
> and file their errata.
>
> In the meantime, I've noticed that the email function provided by
> /emailto.php is being regularly and extensively exploited by spammers,
> presumably by script or some other automation. In particular, spammers
> are pasting arbitrary content into the email form's textbox and then
> sending it to everyone and his mother. The code in emailto.php uses the
> javascript function isValidEmail(str) to verify that the sender's email
> is valid format, but no verification beyond that. There is also no
> captcha field on this email form, so it easily exploitable.
>
> I've had to disable /emailto.php to keep stlimc.org from being
> blacklisted. (I can forward the edited emailto.php to you if you
> want.) Has anyone encountered this problem?
>
> data_monkey wrote:
> > I help with the DC IMC site. I would be interested in working
> on some of the bug fixes that you and we have encountered. Maybe
> we can put up a list on one of the sites and work through some of
> the problems collectively.
> >
> > -----Original Message-----
> >
> >> From: Ben <westbywest-AT-riseup.net>
> >> Sent: Oct 17, 2006 6:02 PM
> >> To: dadaIMC Discussion <dadaIMC-AT-lists.dadaimc.org>
> >> Subject: Re: dev status?
> >>
> >> Hello,
> >>
> >> I am also curious about dadaimc dev status, and I have to admit, sadly,
> >> that I find it rather telling that no one has responded yet to Rob
> >> Wolff's query from last week.
> >>
> >> I help run the St. Louis IMC, which uses dada. We have a laundry list
> >> of errata discovered in the current codebase, and someday (?) I'd love
> >> to spend time trying to fix a few of these things, so as to benefit the
> >> rest of the dada community.
> >>
> >> However, if the future of dadaimc codebase is in question, I do have to
> >> admit some doubt in the utility of this time spent fixing bugs. For
> >> example, I notice our nearest neighbor Urbana-Champaign IMC, which used
> >> to run a heavily modified instance of dadaimc, has recently switched to
> >> drupal. Is continued support of dadaimc becoming quixotic?
> >>
> >> It would be really great to see frank discussion on this from
> other dada
> >> developers, or at least acknowledgment they are involved in the CMS
> >> evaluation process going now on in Indymedia tech collective.
> >>
> >> P.S. This conversation also applies to the radicalendar service, which
> >> is based on dada, and which itself has a number of "features" probably
> >> unintended by the authors.
> >>
> >> Rob Wolff wrote:
> >>
> >>> Hi,
> >>>
> >>> What is the current status for dada development? Currently, imc techs
> >>> are discussing the possibility of moving to a different cms, and I
> >>> wonder if this is a factor in the recent hiatus for folks working on
> >>> dada. List info:
> >>>
> >>> lists.indymedia.org/pipermail/imc-cms/
> >>>
> >>> What will become of dada as this process moves forward?
> >>>
> >>> rob
> >>>
> >> --
> >> Ben West
> >> westbywest-AT-riseup.net
> >>
> >> -------------
> >> To unsubscribe, send blank email
> >> to dadaIMC-off-AT-lists.dadaimc.org
> >>
> >>
> >
> > -------------
> > To unsubscribe, send blank email
> > to dadaIMC-off-AT-lists.dadaimc.org
> >
> >
>
>
> --
> Ben West
> westbywest-AT-riseup.net
>
> -------------
> To unsubscribe, send blank email
> to dadaIMC-off-AT-lists.dadaimc.org
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date:
> 10/27/2006
>
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date: 10/27/2006
-------------
To unsubscribe, send blank email
to dadaIMC-off-AT-lists.dadaimc.org
Previous message in thread
Thread
Re: dev status? / data_monkey / 18 Oct 2006
Abuse of emailto.php, dada-imc dev status / Ben <westbywest-AT-riseup.net> / 30 Oct 2006
• RE: Abuse of emailto.php, dada-imc dev status / "sysop-AT-wirecom.com" <sysop-AT-wirecom.com> / 30 Oct 2006
Report Bugs
dadaIMC uses the Mantis bug-tracking system for bug reporting. Please use it! And check for existing reports of your bug before submitting a new one.
CVS
The current CVS version of dadaIMC is now browseable online. Be forewarned, though, that it is not always in a useable state as-is!
Donations
Support development!