faf
commented
3 years ago Yes, in some circumstances that feature could be abused. I'll see what could be done about that.
Closed ajl199 closed 3 years ago
faf
commented
3 years ago Yes, in some circumstances that feature could be abused. I'll see what could be done about that.
Environment
Expected behavior
n/a
Actual behavior
n/a
Enhancement request
It would be really nice to have the option to require a captcha on the copy of history by email form, as can be done for leaving messages. Without this, Mibew is able to be used as a spam relay.
This morning, some charming spammer decided to use our Mibew installation as a scripted open relay by initiating chats, putting their spam into the message, and then sending the history by email to whomsoever they pleased.
A captcha on the send by email form would stop this nonsense without inconveniencing genuine users at the start of a chat.
Steps to reproduce the behavior
Open chat, bash out a couple of messages in quick succession, go to history by email form, enter any email address, submit.
Now script that and run it against a Mibew site of your choosing.