[SOLVED] Vcards download even when set to hide. -- spam harvesting?

For Joomla! 1.0 Coding related discussions.
j00be
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Fri Nov 11, 2005 2:32 pm

[SOLVED] Vcards download even when set to hide. -- spam harvesting?

Postby j00be » Sun Jan 08, 2006 1:41 pm

  It appears based on my sites logs that someone has figured out how to harvest Joomla e-mail address via Vcards even in they are set to 'hide' in the contact properties.

I have my VCards for all contacts set to hidden in Joomla 1.0.5 and my logs showed this activity. (notice the incrementing id#):
... http://www.somesite.moc/index2.php?opti ... &no_html=1
... http://www.somesite.moc/index2.php?opti ... &no_html=1
... http://www.somesite.moc/index2.php?opti ... &no_html=1

...etc...

So I decided to try the URL the 'spam harvester' was using and guess what...
Vcards downloaded with all information and e-mail address info.... This is occurring with vcards set to hidden...

My Temporary fix to this problem was to cut the vcard information off at the source while still allowing e-mail and contact forms to work.

Here is the code I changed in the vcard.class.php file (version 732 2005-10-31 02:53:15Z stingrey)
./includes/vcard.class.php

New Code (line ~167):

Code: Select all

    function setEmail($address) {
        $this->properties['EMAIL;INTERNET'] = [email protected]';
    }


Old Code:

Code: Select all

    function setEmail($address) {
        $this->properties['EMAIL;INTERNET'] = $address;
    }
Last edited by stingrey on Tue Jan 10, 2006 8:07 am, edited 1 time in total.

User avatar
eyezberg
Joomla! Hero
Joomla! Hero
Posts: 2860
Joined: Thu Aug 25, 2005 5:48 pm
Location: Geneva mostly
Contact:

Re: Vcards download even when set to hide. -- spam harvesting?

Postby eyezberg » Sun Jan 08, 2006 1:48 pm

Good eye.
Guess there should be a check on the hidden yes/no before allowing access..
Sometimes one pays most for the things one gets for nothing.
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com

User avatar
Tonie
Joomla! Master
Joomla! Master
Posts: 16584
Joined: Thu Aug 18, 2005 7:13 am

Re: Vcards download even when set to hide. -- spam harvesting?

Postby Tonie » Sun Jan 08, 2006 2:32 pm

Acknowledged the same thing, I am going to move this thread to the appropriate forum. Can you please create an artefact for Joomla 1.0.x and post that back in this thread with the artefact number for easy reference? If you don't know how, I can create an artefact for you.

j00be
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Fri Nov 11, 2005 2:32 pm

Re: Vcards download even when set to hide. -- spam harvesting?

Postby j00be » Sun Jan 08, 2006 3:09 pm

The Artifact is artf2950

http://forge.joomla.org/sf/go/artf2950
Last edited by j00be on Sun Jan 08, 2006 3:50 pm, edited 1 time in total.

User avatar
stingrey
Joomla! Hero
Joomla! Hero
Posts: 2756
Joined: Mon Aug 15, 2005 4:36 pm
Location: Marikina, Metro Manila, Philippines
Contact:

Re: Vcards download even when set to hide. -- spam harvesting?

Postby stingrey » Tue Jan 10, 2006 8:07 am

This threat is designated as a `Low Level Threat`

It has been fixed and will be available in the upcoming Joomla 1.0.6 Release.
Rey Gigataras
http://www.wizmediateam.com <-- great team of talented Web Designers and Programmers!
http://about.me/reygigataras <-- About Me :)
Partner, Business Development & Project Manager, Event Manager, Sports Coach :D

User avatar
CubaLibre
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 209
Joined: Thu Aug 18, 2005 4:08 pm
Location: Austria
Contact:

Re: [SOLVED] Vcards download even when set to hide. -- spam harvesting?

Postby CubaLibre » Tue Jan 10, 2006 8:27 am

Hi stingrey,

glad to see back at the forum!! :)

Greets,
Kurt
Kurt Banfi

http://www.clockbit.com <- Developer of Contacts XTD
http://www.open-sef.org <- Chief Designer ;)


Return to “Joomla! 1.0 Coding”

Who is online

Users browsing this forum: No registered users and 1 guest