1 Topic by lorax

  • Registered: 2004-04-14
  • Posts: 35

Topic: Somewhat urgent request

I was working with a client who has been using a much simpler (and less secure/more cumbersome) BB script and has been having problems with spammers dropping URLs on her Board. She wanted to upgrade so I suggested we use PunBB.

Upon a successful install I was giving her a tour of the default install and then she asked me a question that I didn't have an answer for. She wanted to know if it was possible for a spammer to use a URL as their login name. I tried it and it worked! Much to my chagrin. Not only did it work but any posts by this user will result in a live link. When I changed the Admin settings to eliminate live links it had no effect on the users NIC. Only when she deleted the user was the link broken but the URL remained in the posts.

Is it possible to tighten this up a bit and/or lock down the allowable names?  smile Could we use REGEX to look for [http|www|\.com|\.org|\.net] etc... in the censor code or does this check the user names?

  • From: Gothenburg, Sweden
  • Registered: 2002-07-03
  • Posts: 946

Re: Somewhat urgent request

I tried it, and named a user "http://punbb.org/". The posts are links yes, but they're linked to the profile as they should do. I don't see the problem here...

3 Reply by lorax

  • Registered: 2004-04-14
  • Posts: 35

Re: Somewhat urgent request

Hoo boy - egg on my face.

I didn't even think to try clicking the link because it was a fake URL to begin with. I should have realized it would point to the profile.

My apologies.

  • Frank H
  • Former PunBB Developer
  • Offline
  • Registered: 2003-03-16
  • Posts: 1,423

Re: Somewhat urgent request

I tested if an urlnick in a quote would produce a link, and it didn't. smile