Forums

WordPress › Support » Plugins and Hacks

Bad Behavior
Duh! Bad Behavior giving away e-mail address (8 posts)

  1. Inposure
    Member
    Posted 1 year ago #

    Anyone else thinks it is a really REALLY stupid idea giving away the EMAIL ADDRESS to spam bots?

    Well, that is what Bad Behavior does, and there is no way to customize it. It grabs the mandatory e-mail address used by WordPress and flings it all into the open to all nasty bots.

    I really dunno what to say… it is kinda like the most stupid thing I have ever seen.

  2. Samuel B
    moderator
    Posted 1 year ago #

    where do you get that? it doesn't do that at all

  3. Inposure
    Member
    Posted 1 year ago #

    From bad-behavior-wordpress.php:

    // Return emergency contact email address.
function bb2_email() {
	return get_bloginfo('admin_email');
}

    Then in core.php, we get the call:

    <p>Your technical support key is: <strong><?php echo $support_key; ?></strong></p>
<p>You can use this key to <a href="http://www.ioerror.us/bb2-support-key?key=<?php echo $support_key; ?>">fix this problem yourself</a>.</p>
<p>If you are unable to fix the problem yourself, please contact <a href="mailto:<?php echo htmlspecialchars(str_replace("@", "+nospam@nospam.", bb2_email())); ?>"><?php echo htmlspecialchars(str_replace("@", " at ", bb2_email())); ?></a> and be sure to provide the technical support key shown above.</p>

    So, yes, it does that. It came to my attention when someone actually used that e-mail address to inform me of a failed attempt at posting a comment.

    And now this e-mail address, which was previously hidden to the world, is in the open, and I am receiving spam messages to it.

  4. WPJohn
    Member
    Posted 1 year ago #

    Very strange... I disabled the plugin after reading this topic. I hope someone can give more information.

  5. miroslaw.baran
    Member
    Posted 1 year ago #

    @liangzai: (tone down the hysterics, please) at first sight this looks pretty harmless to me; what would be your solution for dealing with false positives?

  6. Inposure
    Member
    Posted 1 year ago #

    A solution that I have control over, like customizing the message (if any), including translating it to a proper language and providing an e-mail message of my choice (if any).

    And it is not harmless. An e-mail address out in the void WILL be picked up by harvesters and WILL result in phishing attempts, viagra spam and a lot of noise.

    This will cost me an awful lot of pain changing e-mail at various places and informing others. I never opted to get spam, I wanted a solution to get rid of it.

  7. MadtownLems
    Member
    Posted 1 year ago #

    Seems like Bad Behavior could provide a simple email form to use there rather than just displaying the email address?

  8. Ovidiu
    Member
    Posted 1 year ago #

    can someone please clarify if that message is shown to everyone that has been blocked?

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags