Recommended addon now requires login on compo.sr

Post

Posted
Rating:
Item has a rating of 5 (Liked by Adam Edington)
#9876 (In Topic #3448)
Patrick Schmalstig
Avatar
Site director
Patrick Schmalstig is in the usergroup ‘Administrators’

A severe influx of spam attempts using the recommend addon prompted me to disable it for guests

Hello,

It has come to my attention that a bunch of spammers have been trying to use the recommend site feature to send spam links to other people's emails. Often it will get blocked by Composr / trigger a hack attack.

To prevent this, you are now required to log in to your account to use the recommend feature. Furthermore, members on probation also cannot use the addon (which includes members who failed the antispam question on registration).

Thank you for your understanding in our attempts to cut back on spam.
  • Need support for version 10? The core development team is no-longer offering it for free (unless it's a critical bug that breaks your entire site or a serious security hole). Please consider hiring me instead if you need v10 support or a non-critical bug fix. Or, ask the community in the forums!
  • Do you enjoy Composr? Please consider contributing your talent to the project or recommending Composr to others. Even small contributions make a big impact in the Composr community.
  • Do you have feedback for us? You can report bugs, suggest features, or give feedback on the Free support options page.
  • Do you need professional service with your Composr website? Please consider contracting me for your needs through my company, PDStig, LLC. Doing so will also help fund Composr development.
  • Want to watch live streams of me developing Composr CMS? Please subscribe to me on Twitch to be notified when I stream. Composr development streams are usually spontaneous / not scheduled in advance as work priorities come first.
Online now: No Back to the top

Post

Posted
Rating:
#9896
Adam Edington
Avatar
Site staff
Adam Edington is in the usergroup ‘Super-moderators’
Hi, I assume you mean they are changing the text of the email. Maybe making it so it cannot be altered (for Guests and Probation) would be a solution? I like this feature on my site so if it's open to abuse I might have to disable it myself, which would be a shame because it's quite useful.
Online now: No Back to the top

Post

Posted
Rating:
Item has a rating of 5 (Liked by Adam Edington)
#9897
Patrick Schmalstig
Avatar
Site director
Patrick Schmalstig is in the usergroup ‘Administrators’
Yes that's what I was hinting at… Guests and Probation would only be able to send the recommendation using the default message (which of course can be modified by using Translate / Rephrase Composr and finding the language string)
  • Need support for version 10? The core development team is no-longer offering it for free (unless it's a critical bug that breaks your entire site or a serious security hole). Please consider hiring me instead if you need v10 support or a non-critical bug fix. Or, ask the community in the forums!
  • Do you enjoy Composr? Please consider contributing your talent to the project or recommending Composr to others. Even small contributions make a big impact in the Composr community.
  • Do you have feedback for us? You can report bugs, suggest features, or give feedback on the Free support options page.
  • Do you need professional service with your Composr website? Please consider contracting me for your needs through my company, PDStig, LLC. Doing so will also help fund Composr development.
  • Want to watch live streams of me developing Composr CMS? Please subscribe to me on Twitch to be notified when I stream. Composr development streams are usually spontaneous / not scheduled in advance as work priorities come first.
Online now: No Back to the top

Post

Posted
Rating:
Item has a rating of 5 (Liked by Adam Edington)
#9898
Patrick Schmalstig
Avatar
Site director
Patrick Schmalstig is in the usergroup ‘Administrators’
Ohhh wait a minute you're not talking about the issue I created, my bad.

For clarification: As a quick fix, the recommended addon will require login (on compo.sr). But I also created an issue tracker for v11. Create a new privilege that allows groups to send their own custom message. Denied by default for guests and probation.

If anyone else is having issues with spammers abusing the addon, just go into the permission tree editor and restrict view access to the recommend module for both guests and probation. That's the quick fix. In v11 I'm hoping to introduce the above new privilege.

Do note: Composr seems to be doing a pretty good job at triggering hack attacks when someone tries to send spam links via the addon. But it's of course not fool-proof. Someone could still bypass the spam system by not posting a link but rather just advertisement text (or even an obfuscated "link"). People have been trying to do that on the forums in the past before we significantly locked them down.

Last edit: by Patrick Schmalstig

  • Need support for version 10? The core development team is no-longer offering it for free (unless it's a critical bug that breaks your entire site or a serious security hole). Please consider hiring me instead if you need v10 support or a non-critical bug fix. Or, ask the community in the forums!
  • Do you enjoy Composr? Please consider contributing your talent to the project or recommending Composr to others. Even small contributions make a big impact in the Composr community.
  • Do you have feedback for us? You can report bugs, suggest features, or give feedback on the Free support options page.
  • Do you need professional service with your Composr website? Please consider contracting me for your needs through my company, PDStig, LLC. Doing so will also help fund Composr development.
  • Want to watch live streams of me developing Composr CMS? Please subscribe to me on Twitch to be notified when I stream. Composr development streams are usually spontaneous / not scheduled in advance as work priorities come first.
Online now: No Back to the top

Post

Posted
Rating:
#9902
Adam Edington
Avatar
Site staff
Adam Edington is in the usergroup ‘Super-moderators’
I don't know if there's any rate limiting on Recommends, can't recall seeing that option but that may also help?
Online now: No Back to the top

Post

Posted
Rating:
#9903
Patrick Schmalstig
Avatar
Site director
Patrick Schmalstig is in the usergroup ‘Administrators’
There is an "invites per day" setting. I'll have to look and see if that applies to recommendations.

Edit: It is used by the addon but does not limit its use.
  • Need support for version 10? The core development team is no-longer offering it for free (unless it's a critical bug that breaks your entire site or a serious security hole). Please consider hiring me instead if you need v10 support or a non-critical bug fix. Or, ask the community in the forums!
  • Do you enjoy Composr? Please consider contributing your talent to the project or recommending Composr to others. Even small contributions make a big impact in the Composr community.
  • Do you have feedback for us? You can report bugs, suggest features, or give feedback on the Free support options page.
  • Do you need professional service with your Composr website? Please consider contracting me for your needs through my company, PDStig, LLC. Doing so will also help fund Composr development.
  • Want to watch live streams of me developing Composr CMS? Please subscribe to me on Twitch to be notified when I stream. Composr development streams are usually spontaneous / not scheduled in advance as work priorities come first.
Online now: No Back to the top
1 guest and 0 members have just viewed this.

Statistics

Forum statistics:
  • 2,052 topics, 7,195 posts, 10,828 members
  • Our newest member is Evelynnixon
Back to Top