The Joomla! Forum ™





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 
Author Message
PostPosted: Sun Jan 08, 2006 1:41 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Nov 11, 2005 2:32 pm
Posts: 9
  It appears based on my sites logs that someone has figured out how to harvest Joomla e-mail address via Vcards even in they are set to 'hide' in the contact properties.

I have my VCards for all contacts set to hidden in Joomla 1.0.5 and my logs showed this activity. (notice the incrementing id#):
...http://www.somesite.moc/index2.php?opti ... &no_html=1
...http://www.somesite.moc/index2.php?opti ... &no_html=1
...http://www.somesite.moc/index2.php?opti ... &no_html=1

...etc...

So I decided to try the URL the 'spam harvester' was using and guess what...
Vcards downloaded with all information and e-mail address info.... This is occurring with vcards set to hidden...

My Temporary fix to this problem was to cut the vcard information off at the source while still allowing e-mail and contact forms to work.

Here is the code I changed in the vcard.class.php file (version 732 2005-10-31 02:53:15Z stingrey)
./includes/vcard.class.php

New Code (line ~167):
Code:
    function setEmail($address) {
        $this->properties['EMAIL;INTERNET'] = 'nospam@nospam.nospam';
    }


Old Code:
Code:
    function setEmail($address) {
        $this->properties['EMAIL;INTERNET'] = $address;
    }


Last edited by stingrey on Tue Jan 10, 2006 8:07 am, edited 1 time in total.

Top
 Profile  
 
PostPosted: Sun Jan 08, 2006 1:48 pm 
User avatar
Joomla! Hero
Joomla! Hero

Joined: Thu Aug 25, 2005 5:48 pm
Posts: 2860
Location: Geneva mostly
Good eye.
Guess there should be a check on the hidden yes/no before allowing access..

_________________
Sometimes one pays most for the things one gets for nothing.
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com


Top
 Profile  
 
PostPosted: Sun Jan 08, 2006 2:32 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 7:13 am
Posts: 16555
Acknowledged the same thing, I am going to move this thread to the appropriate forum. Can you please create an artefact for Joomla 1.0.x and post that back in this thread with the artefact number for easy reference? If you don't know how, I can create an artefact for you.

_________________
Joomla forum global moderator.

Have fun


Top
 Profile  
 
PostPosted: Sun Jan 08, 2006 3:09 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Nov 11, 2005 2:32 pm
Posts: 9
The Artifact is artf2950

http://forge.joomla.org/sf/go/artf2950


Last edited by j00be on Sun Jan 08, 2006 3:50 pm, edited 1 time in total.

Top
 Profile  
 
PostPosted: Tue Jan 10, 2006 8:07 am 
User avatar
Joomla! Hero
Joomla! Hero

Joined: Mon Aug 15, 2005 4:36 pm
Posts: 2756
Location: Marikina, Metro Manila, Philippines
This threat is designated as a `Low Level Threat`

It has been fixed and will be available in the upcoming Joomla 1.0.6 Release.

_________________
Rey Gigataras
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me :)
Partner, Business Development & Project Manager, Event Manager, Sports Coach :D


Top
 Profile  
 
PostPosted: Tue Jan 10, 2006 8:27 am 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Thu Aug 18, 2005 4:08 pm
Posts: 209
Location: Austria
Hi stingrey,

glad to see back at the forum!! :)

Greets,
Kurt

_________________
Kurt Banfi

http://www.clockbit.com <- Developer of Contacts XTD
http://www.open-sef.org <- Chief Designer ;)


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 



Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group