| Author |
 Topic Search  Topic Options
|
xeerex 
Senior Member
Joined: 19 November 2002
Location: United States
Status: Offline
Points: 601
|
 Post Options
 Thanks(0)
 Quote  Reply
 Topic: Mining Email Addresses
Posted: 21 August 2004 at 1:27am |
|
Is it possible to mine the email addresses of users from v7.x of the
forum? I suppose a program would have to be written but can anyone
think of an easy way to do it short of FTP access to the database?
|
|
|
 |
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 21 August 2004 at 5:10am |
|
Email address can be imported into the Web Wiz Mailing List application.
|
|
|
|
xeerex
Senior Member
Joined: 19 November 2002
Location: United States
Status: Offline
Points: 601
|
Post Options
Thanks(0)
Quote Reply
Posted: 21 August 2004 at 10:27am |
|
Hi -borg- and thanks for the reply.
I should have been clearer in my question. Is there a way that anyone
is aware to "maliciously" mine the email addresses? In other words just
a normal board user being able to "rob" the email addresses somehow
without FTP access to a database that is well above root and setup
properly.
|
|
|
|
dpyers
Senior Member
Joined: 12 May 2003
Status: Offline
Points: 3937
|
Post Options
Thanks(0)
Quote Reply
Posted: 21 August 2004 at 11:54am |
If it's an Access DB it's just a flatfile, so if you haven't taken the steps to secure it listed in the readme's, anyone can download it and open it in any text editor.
For a MSSQL database, they would need to get access to your DB userid and login.
Typically, the most common security breach is through social engineering - someone gets login and password info from you - or from someone you gave the information to. Always a good idea to change both periodically.
|
Lead me not into temptation... I know the short cut, follow me.
|
|
xeerex
Senior Member
Joined: 19 November 2002
Location: United States
Status: Offline
Points: 601
|
Post Options
Thanks(0)
Quote Reply
Posted: 21 August 2004 at 3:28pm |
 dypers wrote:
If it's an Access DB it's just a flatfile, so if you haven't taken the
steps to secure it listed in the readme's, anyone can download it and
open it in any text editor. |
Again, this database is setup above root and is properly secured, but
thanks for the feedback. I've setup several WWG forums and am well
aware of the flat-file, risks, and everything else on the security end.
No one has FTP access and the potential user does not have mod status.
My question is "is it possible for a normal user without the FTP
login/pass or admin access to create a script or bot and mine the email
addresses?".
Thanks again.
|
|
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 22 August 2004 at 5:11am |
|
There shouldn't be and certainly if the user selects not to have their email address shown no one can see their email address
|
|
|
|
xeerex
Senior Member
Joined: 19 November 2002
Location: United States
Status: Offline
Points: 601
|
Post Options
Thanks(0)
Quote Reply
Posted: 23 August 2004 at 10:18am |
|
Thanks -borg- and I thought so. I had run through every possible
scenario so I think this person was just blowing smoke. Thanks for the
replies!
BTW: My largest forum is over 10k users, avg's close to 800 users a day
logging in, peaks at over 100 active users, still runs fast.....And is
still powered by Access!
|
|
|
|
