1 Topic by Dooga

  • Dooga
  • Junior Member
  • Offline
  • Registered: 2006-03-02
  • Posts: 4

Topic: Lost password flooding

I have a user who knows my email and goes to the lost password area to flood my email by repeatedly pressing submit in the lost password form (and using my email of course). Is there a way to, for example, restrict lost password to once every hour just like the registration form? (Not for IP, but actually for EMAIL).

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: Lost password flooding

I plan on dealing with this in 1.3. For now, maybe you can just change your e-mail address.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

3 Reply by Dooga (edited by Dooga 2006-03-15 04:25)

  • Dooga
  • Junior Member
  • Offline
  • Registered: 2006-03-02
  • Posts: 4

Re: Lost password flooding

Well, I was thinking something like a "secret question" so that the user can't just request the password. But glad to know that you're aware of this problem...

Since I'm at it, do you know any invisible characters? My friend, unfortunately used numerous "invisible" characters to register clones and I had fun trying to figure out which account was the real one. One of them is "­" (HTML entitles, try that on a webpage smile)

Btw, the actual character looks can be "typed" using ALT 0173 on a Windows keyboard.

Thanks Rickard!