Forum OpenACS Q&A: Re: reply-to forum feature a security problem

Collapse
2: Re: reply-to forum feature a security problem (response to 1)
Posted by Malte Sussdorff on 05/11/04 08:56 AM
  • Add a "last posted via email to thread x" record to the user. If it is less than y minutes ago, assume it is spam and bounce the mail back to the user. Downside: If the user is answering to a thread multiple times and sends it at the same time, then the last emails would bounce.
  • Alternatively you could look at the send/written information contained in the email and use that one (if the account is hijacked, all the mails are send within seconds, my assumption).
  • Another idea would be to use a one time hash key in the email address. This way the user could only reply *once* to a given thread via email. This does in no way solve the problem of starting *new* threads.
  • Run spam assassin in front of your webserver. It should be able to detect if the user is trying to spam (which would mean the user got hijacked).
Personally I'd favour the one time hash solution and force people to start a new thread using the web forum as this still opens the possibility to reply to a posting as you would in any normal email conversation, but prevents spamming (intentional or not).
Collapse
3: Re: reply-to forum feature a security problem (response to 2)
Posted by Jeff Davis on 05/11/04 09:21 AM
Add a "last posted via email to thread x" record to the user. If it is less than y minutes ago, assume it is spam and bounce the mail back to the user. Downside: If the user is answering to a thread multiple times and sends it at the same time, then the last emails would bounce.
Most things that scrounge addresses from the address book tend not to send lots of messages to the same address in a short period of time so this is sort of limited in it's usefulness.

Rather than a hash key for one time use I think it would be better to expire the reply address and after some period and if there was a reply you could do tdma style validation of the sent message.

The way the things that allow emailed blog posts work is to either use a secret email address (has the same problem we have now), require a keyword in the subject or message body which authenticates the user, or use cryptographically signed email (mail2blog does this).