Closed Bug 184456 Opened 22 years ago Closed 5 years ago

lxr.mozilla.org is a spammer's paradise

Categories

(Webtools Graveyard :: MXR, defect)

Product:
Webtools Graveyard
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: netdragon, Assigned: chase)

References

(
URL
)

Details

There are a lot of emails in the source code. This is accessible for web 
crawlers and maybe they should either be mangled or removed.
This is a tough thing. If we mangle emails, we are altering the code. Maybe we
should show a link that says [Get email] that provides a link to a CGI that asks
the user to paste a key into a form and submit. After that, the user would be
able to see the emails for the rest of his or her LXR session. The code within
CVS would not be altered, just the display on LXR.
URL to part of the code containing my email address.
URL: http://lxr.mozilla.org/seamonkey/sour...
To leaf.  Not sure if he's the right person, but he's a lot closer than I am. 

mitchell
Assignee: mitchell → leaf
QA Contact: mitchell → leaf
Depends on: bugz_anti-spam_meta
Blocks: bugz_anti-spam_meta
No longer depends on: bugz_anti-spam_meta
Assignee: leaf → cmp
Mass reassign of open bugs for chase@mozilla.org to build@mozilla-org.bugs.
Assignee: chase → build
--> Webtools :: LXR, as this would probably need to be implemented in lxr's code.
Assignee: build → chase
Component: Miscellaneous → LXR
Product: mozilla.org → Webtools
QA Contact: leaf → timeless
QA Contact: timeless → lxr
No longer blocks: bugz_anti-spam_meta
I should perhaps have put here a copy of my comments to Bug 261326 :
" Comment 8 Jean-Marie COUPRIE 2011-04-12 06:33:00 PDT

(In reply to comment #6)
"Bugzilla 3.4 is much better at preventing spam as it now hides email addresses for logged out users."
Wrong ! If I were a spam harvester, I would create a bugzilla account, log in, make some simple comments to avoid detection of inactivity, read all the bugs in pseudo random order (to avoid detection) and harvest the email addresses...

Most of the forums have a register page in which I enter a pseudo, my email address (for administrative functions as notifications of new posts, lost password, etc.) and a password. On each post that I write there is my pseudo (not the email address) and a Personal Message button (PM in short) that the reader can push to send me an email without knowing my address. Spamming with the PM button is dangerous because if I complain to the administrator the offender account will be revoked ! The pseudo is unique on the forum site because an already in data base pseudo is not accepted at registration time. I have the same pseudo on practically all the forums sites : so it is not difficult to remember it...
 Why do you not copy this coding and reinvent the wheel with a dozen of linked bugs ?"
and 
" Comment 9 Jean-Marie COUPRIE 2012-10-31 07:44:01 PDT

Slightly better :
-If I am not logged the source of " Jean-Marie COUPRIE 2011-04-12 06:33:00 PDT " does not include my email address. This is good !
-If I am logged the source of " Jean-Marie COUPRIE 2011-04-12 06:33:00 PDT " include my email address. This is very bad !
As stated in my previous post comment 8 a UN-detected logged spam harvester has access to my mail. By the way I have the knowledge needed to write a script that log to bugzilla and read a bug report obtain its source and extract the emails...
Also "CC List:" shows emails in clear text ! and can be extracted ! "

mxr is gone, mass closing.
https://searchfox.org/ is a much better alternative.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
Product: Webtools → Webtools Graveyard
You need to log in before you can comment on or make changes to this bug.