Closed
Bug 784377
Opened 13 years ago
Closed 12 years ago
support.mozilla.org private email spam
Categories
(support.mozilla.org :: Users and Groups, task, P3)
support.mozilla.org
Users and Groups
Tracking
(Not tracked)
RESOLVED
FIXED
2013Q2
People
(Reporter: eusebiu.blindu, Assigned: rrosario)
Details
(Whiteboard: [site:support.mozilla.org] u=contirbutors c=private-messaging p=1 s=2013.9)
Attachments
(2 files)
User Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.79 Safari/537.1
Steps to reproduce:
Spam an user with private emails
Actual results:
All the spam messages are sent
After user gets more than 1000 emails the https://support.mozilla.org/en-US/messages becomes hard to use (browser tries to load all in one page)
basically it creates a denial of service for that user
Expected results:
There should be a blocking mechanism
Also the private email is filled.
Abusing the email could affect the mozilla mail server, because you cannot sent emails forever. And this can affect other users causing a massive email denial of service
|
||
Updated•12 years ago
|
Whiteboard: [site:support.mozilla.org
|
|
||
Updated•12 years ago
|
Whiteboard: [site:support.mozilla.org → [site:support.mozilla.org]
|
Assignee | |
Comment 2•12 years ago
|
||
Seems like we need to do 2 things:
1- Add rate limiting to private messaging
2- Paginate the message list
|
|
||
Comment 3•12 years ago
|
||
(In reply to Sebi from comment #1)
> Abusing the email could affect the mozilla mail server, because you cannot
> sent emails forever. And this can affect other users causing a massive email
> denial of service
This is unlikely. We use a third party for outgoing mail.
(In reply to Ricky Rosario [:rrosario, :r1cky] from comment #2)
> Seems like we need to do 2 things:
> 1- Add rate limiting to private messaging
> 2- Paginate the message list
[wsec-low]?
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
Assignee | |
Comment 4•12 years ago
|
||
Adding this to the next sprint. Making it a 1pter to implement comment 2 which is straightforward since we have helpers/decorators for ratelimiting and pagination already.
Whiteboard: [site:support.mozilla.org] → [site:support.mozilla.org] u=contirbutors c=private-messaging p=1 s=2013.9
Target Milestone: --- → 2013Q2
|
|
Assignee | |
Updated•12 years ago
|
Assignee: nobody → rrosario
Priority: -- → P3
|
|
Assignee | |
Comment 5•12 years ago
|
||
In a pull request:
https://github.com/mozilla/kitsune/pull/1338
|
|
Assignee | |
Comment 6•12 years ago
|
||
|
|
Assignee | |
Comment 7•12 years ago
|
||
Deployed to prod now.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Comment 8•9 years ago
|
||
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•