Support » Plugin: Bad Behavior » Duh! Bad Behavior giving away e-mail address

  • Anyone else thinks it is a really REALLY stupid idea giving away the EMAIL ADDRESS to spam bots?

    Well, that is what Bad Behavior does, and there is no way to customize it. It grabs the mandatory e-mail address used by WordPress and flings it all into the open to all nasty bots.

    I really dunno what to say… it is kinda like the most stupid thing I have ever seen.

Viewing 7 replies - 1 through 7 (of 7 total)
  • where do you get that? it doesn’t do that at all

    From bad-behavior-wordpress.php:

    // Return emergency contact email address.
    function bb2_email() {
    	return get_bloginfo('admin_email');

    Then in core.php, we get the call:

    <p>Your technical support key is: <strong><?php echo $support_key; ?></strong></p>
    <p>You can use this key to <a href="<?php echo $support_key; ?>">fix this problem yourself</a>.</p>
    <p>If you are unable to fix the problem yourself, please contact <a href="mailto:<?php echo htmlspecialchars(str_replace("@", "+nospam@nospam.", bb2_email())); ?>"><?php echo htmlspecialchars(str_replace("@", " at ", bb2_email())); ?></a> and be sure to provide the technical support key shown above.</p>

    So, yes, it does that. It came to my attention when someone actually used that e-mail address to inform me of a failed attempt at posting a comment.

    And now this e-mail address, which was previously hidden to the world, is in the open, and I am receiving spam messages to it.



    Very strange… I disabled the plugin after reading this topic. I hope someone can give more information.

    @liangzai: (tone down the hysterics, please) at first sight this looks pretty harmless to me; what would be your solution for dealing with false positives?

    A solution that I have control over, like customizing the message (if any), including translating it to a proper language and providing an e-mail message of my choice (if any).

    And it is not harmless. An e-mail address out in the void WILL be picked up by harvesters and WILL result in phishing attempts, viagra spam and a lot of noise.

    This will cost me an awful lot of pain changing e-mail at various places and informing others. I never opted to get spam, I wanted a solution to get rid of it.

    Seems like Bad Behavior could provide a simple email form to use there rather than just displaying the email address?

    can someone please clarify if that message is shown to everyone that has been blocked?

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Duh! Bad Behavior giving away e-mail address’ is closed to new replies.