phpBB2Refugees.com Logo
Not affiliated with or endorsed by the phpBB Group

Register •  Login 

Continue the legacy...

Welcome to all phpBB2 Refugees!Wave Smilie

This site is intended to continue support for the legacy 2.x line of the phpBB2 bulletin board package. If you are a fan of phpBB2, please, by all means register, post, and help us out by offering your suggestions. We are primarily a community and support network. Our secondary goal is to provide a phpBB2 MOD Author and Styles area.

Copies of my Admin E-mails
1 members found this topic helpful
Goto page 1, 2  Next
 
Search this topic... | Search General Support... | Search Box
Register or Login to Post    Index » General Support  Previous TopicPrint TopicNext Topic
Author Message
Notpil22
Board Member



Joined: 21 Jan 2009

Posts: 19



PostPosted: Fri Feb 20, 2009 5:44 pm 
Post subject: Copies of my Admin E-mails

How can I see/get copies of the e-mails that are sent out to new members comfirming their registration with their username and password?
Back to top
Jim_UK
Board Member



Joined: 19 Nov 2008

Posts: 548
Location: North West UK


flag
PostPosted: Fri Feb 20, 2009 6:25 pm 
Post subject: Re: Copies of my Admin E-mails

Notpil22 wrote:
How can I see/get copies of the e-mails that are sent out to new members comfirming their registration with their username and password?


Whoa there!!!!!!!!!!
You should not be doing that. Many people use the same password for many accounts and of course their email address is the account name by default for Paypal.
\topics asking how passwords could be read always started quite volatile discussions on phpbb.com and topics got locked.

There can be no legitimate reason for an admin wanting to know a users password. If they lose it they can get a new one issued by the software.

Jim
Back to top
dogs and things
Board Member



Joined: 18 Nov 2008

Posts: 621
Location: Spain


flag
PostPosted: Fri Feb 20, 2009 9:35 pm 
Post subject: Re: Copies of my Admin E-mails

To me this seems like hunting flies with a shotgun.

There are other ways for spotting shadow accounts that are more respectful with peopleīs privacy.

If I would be going down as far as you are going I would really pause and rethink my strategy as I feel this is one step to far.

_________________
phpBB2 will never die, I hope!
Back to top
Ptirhiik
Board Member



Joined: 19 Nov 2008

Posts: 114


flag
PostPosted: Fri Feb 20, 2009 10:10 pm 
Post subject: Re: Copies of my Admin E-mails

Indeed, this is not a really efficient strategy: you don't pinpoint the right peoples, as you could do with simply analyzing the emails domain and the delay prior the first post after registration. All you will get is a bunch of unusable emails content, with no way to analyze them without collecting their data in a file, what is prohibited in many country, including quite all Europe's and particularly France.

Frankly, I would certainly never register to a site using this kind of practices, and will be surely take it down all the ways I got. Ethic is eventually the only think that matters between users and administrators, and without this minimal trust, don't expect to deal with people crossing the line a gentle way: they will be right to do so, as you are deeply wrong wanting to catch informations they consider undisclosed as adverted. Not mentioning keeping a file of clear passwords is the best way to be hacked at your turn, and to disclose to dark areas your users informations, so threatening not only your site, but also all your users' sites. Just consider the results of the last adventure of phpbb.com disclosing password hashes to the world, and face yourself against your users: are you sure you can guarantee your email box won't be hacked, that you have to back door or trojan on your laptop, that informations they give you in perfect trust are safe on your side, not only today but also tomorrow ? I for one would certainly not make this kind of promises, and you can bet I'm well aware of quite all ways to attack a site, and how to make mine not vulnerable to those...


> Dog cow: you are since enough long in the loop to understand to whom you can give such kind of help, and our new Notpill22 friend is certainly not walking this way, for sure. I'm pretty sure you have already figure this with the help of your favorite search engine.
Back to top
Jim_UK
Board Member



Joined: 19 Nov 2008

Posts: 548
Location: North West UK


flag
PostPosted: Sat Feb 21, 2009 3:17 pm 
Post subject: Re: Copies of my Admin E-mails

Jim_UK wrote:
topics asking how passwords could be read always started quite volatile discussions on phpbb.com and topics got locked.


As predicted.
What you are seeking to do is unethical and yes some of the folks on your fishing site will be using the same password for their account as they use for their Paypal or online banking and more than likely for other sites they belong to.
There is an assumption by the user that their "private" information is just that.

There are other ways of dealing with folks that just come on to your site to spam. The best method is to have an efficient set of moderators that will nuke the spam the instant that it is spotted or notified.
You can install a mod that will require new users to hve been members for so long or made so mant satisfactory posts before they can post without their posting being moderated before appearing.
There are many options that you could try but one that you should never do is what you are contemplating now.
It is unethical and may even be illegal as you are harvesting data that your users will be unaware of.

My last post in this topic but had to get it off my chest.


Jim
Back to top
drathbun
Board Member



Joined: 24 Jul 2008

Posts: 656
Location: Texas


flag
PostPosted: Tue Feb 24, 2009 3:18 am 
Post subject: Re: Copies of my Admin E-mails

I absolutely do not condone capturing someone else's email, especially if it includes the password used to register on the system. In my opinion there is no reason whatsoever to do that. In fact it may very well open you to legal issues depending on the country where you are located. As such, I would never offer code that would allow someone to do that.

In fact you may have noticed that your password is not even included in the registration email that you got from this site. There is no reason for a password to be sent as "clear text" at all.

The problem is (as at least one person has observed) you are penalizing the good members along with the bad. Not only that, but having their password does nothing for you whatsoever, except invade their privacy. You can change the password for their account any time you want to from the admin panel.

Notpil22, you must certainly recognize the ethical issues involved, in fact you stated as such. What I would advise is to state your problem and ask for suggested solutions, as what you have requested is NOT a solution for the problem that you're having, in my opinion, and has far worse consequences should your "good" users ever find out what you are doing. That would have been a far better way to approach this issue, and nobody would have flamed anybody and the topic would have been much more interesting and useful to other folks.

_________________
phpBBDoctor Blog
Back to top
Jim_UK
Board Member



Joined: 19 Nov 2008

Posts: 548
Location: North West UK


flag
PostPosted: Tue Mar 03, 2009 10:26 am 
Post subject: Re: Copies of my Admin E-mails

~Cowboy~ wrote:
This thread should be moved off the public board...This is really very bad for phpbb2... icon_sad.gif


Agreed - not the sort of thing we want folks reading.

Jim
Back to top
drathbun
Board Member



Joined: 24 Jul 2008

Posts: 656
Location: Texas


flag
PostPosted: Tue Mar 03, 2009 2:15 pm 
Post subject: Re: Copies of my Admin E-mails

I will admit I have personally struggled with what to do with this topic, which is why I have not responded until now. My thoughts have been running along these lines...

Anyone with knowledge can do any of these things that are posted here. In my opinion any board owner that does any of these things will get exposed at some point or another, and their user community will react accordingly. From a technical perspective none of this is very hard. Hiding it doesn't make the issue go away. Therefore I decided to leave the topic here and let the public judge those that would apply these techniques accordingly.

This is not intended to be the "last word" on the subject so please feel free to voice your opinions otherwise. If everyone feels strongly enough about the issue then the topic can be removed.

_________________
phpBBDoctor Blog
Back to top
depablo
Board Member



Joined: 03 Mar 2009

Posts: 3



PostPosted: Tue Mar 03, 2009 2:34 pm 
Post subject: Re: Copies of my Admin E-mails

drathbun

I am pleased I came across this thread and it was not locked. How can a person educate themselves on what a person can / cannot do as a forum admin.

I am a member of many forums of different type of software and I never dreamed it was possible for anyone to receive a copy of the registration email although I was aware PM,s could be read.

In the past I used to use the same passwords for different accounts and because I was able to read about the risks involved I now keep separate passwords for different accounts. I don't see how this can effect phpBB as surely it could be done with most types of software. To hide this allows the social engineer to win and the unsuspecting public to lose out.
Back to top
dogs and things
Board Member



Joined: 18 Nov 2008

Posts: 621
Location: Spain


flag
PostPosted: Tue Mar 03, 2009 2:36 pm 
Post subject: Re: Copies of my Admin E-mails

I personally agree with you on the facts that sooner or later an admin using this kind of code will be discovered by his community and also that it is not really hard coding that's required.

But, having this code revealed here makes it that much easier that people with no knowledge at all have access to it whereas elsewise they would not be able to even know this is possible.

I feel that this topic gives a very negative dimension to this community and I would feel much better if this kind of stuff is removed and somehow is not allowed to reappear in some other kind of form.

We're phpBB2 refugees, not phpBB2 guerrillas. icon_razz.gif

_________________
phpBB2 will never die, I hope!
Back to top
roadhog
Board Member



Joined: 19 Nov 2008

Posts: 95
Location: Central Texas


flag
PostPosted: Tue Mar 03, 2009 3:56 pm 
Post subject: Re: Copies of my Admin E-mails

I agree 100% with what ~Cowboy~, Jim_UK, and dogs and things have said. Allowing posts of this type on a board such as this, goes a long way toward distributing "the wrong kind of information", since it's mere presence here, implies that you/we condone such behavior, despite disclaimers to the contrary.

It's true that "Anyone with knowledge can do any of these things", but the problem is that you/we are propagating that knowledge into new avenues, by displaying it here. The same reasoning applies to the knowledge required to build a nuclear device. Do you feel that it is responsible behavior to post the details of how to build such a device, so that anyone/everyone can view it?
Back to top
drathbun
Board Member



Joined: 24 Jul 2008

Posts: 656
Location: Texas


flag
PostPosted: Tue Mar 03, 2009 4:18 pm 
Post subject: Re: Copies of my Admin E-mails

I figured someone would use the nuclear device analogy; thanks for not disappointing me. icon_razz.gif

In order to do that, I believe we would want to revise the rules and make it a board-wide policy that requesting or posting means to hack or otherwise expose data that is expected to remain private is prohibited, and that any such topics posted will be removed, and violators warned, and blah blah blah and so on. I'm okay with that. But...

I imagine you've heard the phrase "security by obscurity" though. That's the concept that hiding something doesn't make it more secure, it just means people aren't talking about it. Just because we don't talk about it here doesn't mean it's not being discussed elsewhere, and in my mind having it out in the open leads to more awareness of the issue for those that might not otherwise be informed. People that are informed can take action. People that are uninformed cannot.

This is, frankly, one of the many reasons why there are no PM's here. By removing the feature, there is absolutely no mistaken impression that a "private" message is, in fact, not very private at all. But that's another point. (And yes, the PMs are scheduled to return as soon as I get the chance...)

_________________
phpBBDoctor Blog
Back to top
dogs and things
Board Member



Joined: 18 Nov 2008

Posts: 621
Location: Spain


flag
PostPosted: Tue Mar 03, 2009 5:03 pm 
Post subject: Re: Copies of my Admin E-mails

Got a point there,

It might be better to show how to make nuclear bombs and at the same time explain how bad it is to nuke each other rather than act as if nuclear bombs don't exist because we donīt talk about them and simply let the poorminded nuke themselves behind the walls of obscurity.

Or something like that... icon_razz.gif

If removal isnīt the best option, canīt you make a special sub-forum for this topic named something like "Everything you always wanted to know about phpBB2 but were afraid to ask."?

_________________
phpBB2 will never die, I hope!
Back to top
dogs and things
Board Member



Joined: 18 Nov 2008

Posts: 621
Location: Spain


flag
PostPosted: Tue Mar 03, 2009 7:14 pm 
Post subject: Re: Copies of my Admin E-mails

You are justifying criminal acts (in many countries) by saying that there are other ways of committing the same crimes.

If people want to learn about those ways to commit crimes they should better go to other places, not this one.

_________________
phpBB2 will never die, I hope!
Back to top
drathbun
Board Member



Joined: 24 Jul 2008

Posts: 656
Location: Texas


flag
PostPosted: Tue Mar 03, 2009 7:42 pm 
Post subject: Re: Copies of my Admin E-mails

I think the bottom line for me is this:

Just because you can do something doesn't mean it's right.

_________________
phpBBDoctor Blog
Back to top
Display posts from previous:   
Register or Login to Post    Index » General Support  Previous TopicPrint TopicNext Topic
Page 1 of 2 All times are GMT
Goto page 1, 2  Next
 
Jump to:  

Index • About • FAQ • Rules • Privacy • Search •  Register •  Login 
Not affiliated with or endorsed by the phpBB Group
Powered by phpBB2 © phpBB Group
Generated in 0.0298 seconds using 15 queries. (SQL 0.0025 Parse 0.0010 Other 0.0264)
phpBB Customizations by the phpBBDoctor.com
Template Design by DeLFlo and MomentsOfLight.com Moments of Light Logo