User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7) Gecko/20040626 Firefox/0.9.1 Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7) Gecko/20040626 Firefox/0.9.1 PROBLEM: Emails of bug reporters, authors, etc. are exposed and available for SPAMbots to grab and for other forms of online abuse. SOLUTION: Upgrade to version 2.18 of Bugzilla when it's released. Contribute code to Bugzilla so future Mozilla developers and contributors emails have better protection. According to the release notes of upcoming 2.18 version of Bugzilla: http://www.bugzilla.org/releases/2.18/release-notes.html Email Address Munging --------------------- The fact that raw email addresses are displayed in Bugzilla makes it trivial for bots that spamharvest to spider through Bugzilla, in particular, through Bugzilla's buglists. This change adds HTML obfuscation of email addresses as they appear in the Bugzilla web pages. Reproducible: Always Steps to Reproduce: 1. Visit any bug report at bugzilla.mozilla.org 2. Grab bug reporter's, commenters, etc. email addresses Actual Results: Email addresses are available in plain text for anyone to copy / grab / abuse. Expected Results: An email should only be sent via an online form by default for authenticated users, if at all permitted. Sourceforge's methods could also provide inspiration for this. If custom code is created for this, perhaps it could/should be contributed to Bugzilla. This could be used to provoke a major DOS attack by mass mailing every (or selected) Mozilla developer and blocking their email accounts, potentially delaying or stopping upcoming releases.
(In reply to comment #0) > SOLUTION: Upgrade to version 2.18 of Bugzilla when it's released. Contribute > code to Bugzilla so future Mozilla developers and contributors emails have > better protection. > > According to the release notes of upcoming 2.18 version of Bugzilla: > http://www.bugzilla.org/releases/2.18/release-notes.html > > Email Address Munging bugzilla.mozilla.org is already running this code. It was introduced in 2.17.6. The HTML of the email addresses are obfuscated, and don't look like emails in the page source. This trick worked for a while, but the spammers are starting to get wise to it. There are other tricks in the works to stave them off for a while. Bug 215439 is the closest to what you're proposing here. *** This bug has been marked as a duplicate of 215439 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE
Component: Bugzilla: Other b.m.o Issues → General
Product: mozilla.org → bugzilla.mozilla.org
You need to log in before you can comment on or make changes to this bug.