Posted on: 06/27/05 05:14pm
By: Anonymous (Billy Gene)
I just realized that anyone can use GL to send spam to its members as visitors do not need to be logged in to use the internal GL e-mail system. I have anonymous submission and comments set to "1" meaning that members must be logged in yet this little exploit will still work. A small script that counts uid's could be used to automatically send spam to all members. :/ Is there a work-around?
E-mail spam fix?
Posted on: 06/27/05 05:29pm
By: Dirk
Of course you can do that - it's a
contact form after all ...
And there's an option to disable that for anonymous users (in your config.php). See
this thread[*1] .
bye, Dirk
E-mail spam fix?
Posted on: 06/27/05 10:46pm
By: vinny
There is also a "speedlimit" on the email members function to prevent (or at least slow down) spammers. In any case, as Dirk suggested you should disable anonymous access to the feature.
-Vinny