What would help against spammer is to secure the Create Account page. I don't know if we are talking about automated spam. But I just tried the following *Created account "Big-boobs-rock" (here we can put a trigger for a indecent username) *I did not have to confirm an e-mail before I got logged in. I just got redirected to main page, logged in as Big-boos-rock. *Now I can edit main page, since it is not secured or blocked, I inserted a comment line (just for this test, hidden for the public: <!--Test: Big-boobs-rock--> and saved. You see, 3 easy steps to get spam on the main page. No hold backs, nothing. This is very easy to set up a script to do the work for you. Yes, you can block user. By script it takes maybe 2 seconds to have a new one, maybe from a different spoofed host, and spam the Main Page again. Maybe we need, as a starter, this fuzzy images with a check number, which are use widely over internet sites where you can create a user account (eg gmail). Then, block the user for as long the e-mail is not confirmed yet. Below a copy from the mail I got from Novell: <quote> Novell Login Success Van: Novell Account (webmaster@novell.com) Gemiddeld risicoDeze afzender ken je mogelijk niet.Markeren als veilig|Als ongewenst markeren Verzonden: woensdag 21 juli 2010 16:17:48 Aan: timmohlmann@hotmail.com (timmohlmann@hotmail.com) Thanks! The information you entered has been added to your Novell Login. You can change this at any time by clicking Edit My Profile from any Novell Login page. Click here to login now. http://www.novell.com/center Some portions of Novell.com and other sites sponsored by Novell require that your email be validated before you can access them. To validate your email address please do the following: 1) Click on this link https://secure-www.novell.com/selfreg/jsp/protected/validateEmail.jsp?code=x... 2) Login using your username and password. 3) Your email address will then be validated. Validation Code = xxxxxx Thank you, Novell Login Team </quote> Now, this is the part I'm interested in:
Some portions of Novell.com and other sites sponsored by Novell require that your email be validated before you can access them.
Maybe it is time we become part of this portions? Probably there is a deadline, but if there is, how much time? 24h? How much spam can an automated script produce in 24h? Just a simple test, which might improve our security ;). Off course the user can be deleted again. (and please don't block my IP ;)) Greets, Tim 2010/7/21 Rémy Marquis <remy.marquis@gmail.com>:
On Wed, Jul 21, 2010 at 3:38 PM, Marcus Meissner <meissner@suse.de> wrote:
I usually blocked spammers by username.
I'm still wondering why I didn't figure it out alone... :/
Sorry again for the trouble,
R. -- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-wiki+help@opensuse.org
-- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-wiki+help@opensuse.org