On 13 Dec 2005, at 15:47, Thomas Bruederli wrote:
Jared W. Alessandroni wrote:
Couldn't we just disable the send functions (like by killing the
SMPT)? Or limit them in compose.inc by making the _to array (and bcc and cc) arrays trim to one?Thats what I intended to do but there's more: when a user tries to
enter more recipients the session should be terminated automatically and the IP needs to be blacklisted to complicate a quick re-login.I want id done right before opening the demo again. Please sorry for these circumstances but spammers are just waiting around the corner...
I'd say it was safer to completely disable sending... otherwise a
spammer could write a script to send a message one-by-one instead of
to many recipients at once. A simple page or notice saying "For
security reason, sending has been disabled in the demo" should be
sufficient. This way there's no worry about blacklisting IPs, or
people somehow getting around any sender restrictions: it's simply
impossible to send anything.
Yours, Craig -- Craig Webster | t: +44 (0)131 516 8595 | e: craig@xeriom.net Xeriom.NET | f: +44 (0)709 287 1902 | w: http://xeriom.net