Pennock's Fiero Forum
  General Fiero Chat
  Cliff, The forum is exposing everyone's email address's to search engines.

Post New Topic  Post A Reply
Email This Page to Someone! | Printable Version


next newest topic | next oldest topic
Cliff, The forum is exposing everyone's email address's to search engines. by JohnWPB
Started on: 06-16-2016 04:00 PM
Replies: 18 (792 views)
Last post by: JohnWPB on 06-19-2016 09:55 AM
JohnWPB
Member
Posts: 5181
From: West Palm Beach, Florida
Registered: May 2009


Feedback score:    (21)
Leave feedback





Total ratings: 144
Rate this member

Report this Post06-16-2016 04:00 PM Click Here to See the Profile for JohnWPBClick Here to visit JohnWPB's HomePageSend a Private Message to JohnWPBEdit/Delete MessageReply w/QuoteDirect Link to This Post
I was doing a Google search on my email address today. I do this now and then to see if it is posted in places that it should not be ect. Also, lately I have seen the SPAM in my inbox go up quite a bit.

In my search, I came across this page:
//www.fiero.nl/cgi-bin...6313&style=printable

here on Pennock's. It seems to be a version of each of the forum threads that is formatted for printing. The problem is, that anyone who has their email address in their profile here on the forum, it exposes them to search engines to EASILY scrape to use in a database. I could write a script in about an hour to get the email addresses of everyone that has posted in the past 30 days.

Any thread can be scanned that way by simply replacing the thread number, in the link that looks like this "thread=096313" with any number from a thread.


This may explain why I am getting a ton more spam recently.

Here is an example of one of the pages:

[This message has been edited by JohnWPB (edited 06-16-2016).]

IP: Logged
PFF
System Bot
Napoleon_Tanerite
Member
Posts: 683
From: Columbus, MS
Registered: Sep 2015


Feedback score:    (10)
Leave feedback

Rate this member

Report this Post06-16-2016 04:40 PM Click Here to See the Profile for Napoleon_TaneriteSend a Private Message to Napoleon_TaneriteEdit/Delete MessageReply w/QuoteDirect Link to This Post
I reported this post, hopefully it gets immediate attention
IP: Logged
vette7584
Member
Posts: 504
From: schaghticoke ny usa
Registered: Jul 2014


Feedback score: (3)
Leave feedback

Rate this member

Report this Post06-16-2016 04:51 PM Click Here to See the Profile for vette7584Send a Private Message to vette7584Edit/Delete MessageReply w/QuoteDirect Link to This Post
now that you bring this up, i have noticed a lot more spam and crap coming into my email, i bet this could explain it! i hope it gets fixed!
IP: Logged
IMSA GT
Member
Posts: 10252
From: California
Registered: Aug 2007


Feedback score:    (8)
Leave feedback





Total ratings: 252
Rate this member

Report this Post06-16-2016 05:33 PM Click Here to See the Profile for IMSA GTSend a Private Message to IMSA GTEdit/Delete MessageReply w/QuoteDirect Link to This Post
Once again this is why EVERYTHING on my computer relating to Google is blocked. But since Google is on this website, I have no choice but let them have free reign to spy and do what they do best.

However, because that is a printable version of our pages for this forum, I don't know if Google is simply linking to those pages simply because they advertise on here. I think that if they were not part of this website, the linking would have never occured.

[This message has been edited by IMSA GT (edited 06-16-2016).]

IP: Logged
mrfred8
Member
Posts: 1719
From:
Registered: Oct 2011


Feedback score: (2)
Leave feedback

Rate this member

Report this Post06-16-2016 08:17 PM Click Here to See the Profile for mrfred8Click Here to visit mrfred8's HomePageSend a Private Message to mrfred8Edit/Delete MessageReply w/QuoteDirect Link to This Post
John,

Do you have this option in your profile turned off "Keep your email address viewable to other users when you post notes?" ?

Note my email address does not show up on //www.fiero.nl/cgi-bin...6801&style=printable because I have it turned off.

It eveyone's choice whether their email address shows up or not.

[This message has been edited by mrfred8 (edited 06-16-2016).]

IP: Logged
Raydar
Member
Posts: 40686
From: Carrollton GA. Out in the... country.
Registered: Oct 1999


Feedback score:    (13)
Leave feedback





Total ratings: 460
Rate this member

Report this Post06-16-2016 08:31 PM Click Here to See the Profile for RaydarSend a Private Message to RaydarEdit/Delete MessageReply w/QuoteDirect Link to This Post
I see how that works.
With that said, I have an email addy that I use almost exclusively for this forum, and maybe a few other "online" things. (Addy is visible at the button at the top of this post.)
I have noticed more spam messages coming to this addy than the others. Nothing that I don't recognize as garbage and simply delete, though. Not a huge deal.
IP: Logged
JohnWPB
Member
Posts: 5181
From: West Palm Beach, Florida
Registered: May 2009


Feedback score:    (21)
Leave feedback





Total ratings: 144
Rate this member

Report this Post06-16-2016 11:02 PM Click Here to See the Profile for JohnWPBClick Here to visit JohnWPB's HomePageSend a Private Message to JohnWPBEdit/Delete MessageReply w/QuoteDirect Link to This Post
 
quote
Originally posted by IMSA GT:
Once again this is why EVERYTHING on my computer relating to Google is blocked.


This is NOT Google's fault. They are simply linking to a page that already exists. In fact, thanks to the Google search, I was able to find this

 
quote
Originally posted by mrfred8:
Do you have this option in your profile turned off "Keep your email address viewable to other users when you post notes?"


No I do not. That would prevent other members here from getting my email address. I do not mind getting email whatsoever from other forum members here.

Even with the options as I have them set, the only you are SUPPOSED to get to someones email address, is to log in yourself, and click the email link above someone post, or in the members list. It is then displayed on a screen for you to copy and paste. The email addresses are not available for non members to view, well except for this bug that is showing them in the printable pages.....

With the correct settings, this should be the only way email address's are displayed, and not in a "printable version" of the the site threads that any search engine can scrape.

IP: Logged
mrfred8
Member
Posts: 1719
From:
Registered: Oct 2011


Feedback score: (2)
Leave feedback

Rate this member

Report this Post06-17-2016 05:46 AM Click Here to See the Profile for mrfred8Click Here to visit mrfred8's HomePageSend a Private Message to mrfred8Edit/Delete MessageReply w/QuoteDirect Link to This Post
 
quote
Even with the options as I have them set, the only you are SUPPOSED to get to someones email address, is to log in yourself, and click the email link above someone post, or in the members list. It is then displayed on a screen for you to copy and paste. The email addresses are not available for non members to view, well except for this bug that is showing them in the printable pages.....


Really, so you provided the initial requirements coded the site and know how its SUPPOSED to work. I am guessing its working exactly as designed.

"Keep your email address viewable to other users when you post notes?" - it does not say MEMBERS or Authenticated Users, it just says "users", so that would be ALL users, whether members or not. ( I will say it might be more clear and accurate if the word "notes" was removed from the option description)

Its YOUR CHOICE to have your email address made available as part of your profile //www.fiero.nl/cgi-bin...bio&UserName=JohnWPB (available to members and non members). That is how this forum was designed, coded and works.

BOTs don't care about what they can see on the screen or hidden in html code, and non printable pages have a link to //www.fiero.nl/cgi-bin...email&ToWhom=JohnWPB (for both logged in and not logged in users) and you can bet that bots are following that link and harvesting your email address if they want to. So even Cliff made a change to meet your NEW requirements for printable format, BOTs could still harvest your email address.

Sorry John, for some reason this set me off. Reminds me too much of some emails / requests at work where people think something should work a different way than it does and call something broken. Instead of the scary thread title, something like "Hey Cliff NEW feature request" and a request of "Could you make it so email addresses from a profile are only displayed/available to authenticated users"

Personally I want to thank Cliff for giving us the option of whether to make our email address public or private.

[This message has been edited by mrfred8 (edited 06-17-2016).]

IP: Logged
E.Furgal
Member
Posts: 11708
From: LAND OF CONFUSION
Registered: Mar 2012


Feedback score:    (23)
Leave feedback





Total ratings: 278
User Banned

Report this Post06-17-2016 06:25 AM Click Here to See the Profile for E.FurgalSend a Private Message to E.FurgalEdit/Delete MessageReply w/QuoteDirect Link to This Post
This is why I have one email that is only used for forums.. and nothing else..
IP: Logged
JohnWPB
Member
Posts: 5181
From: West Palm Beach, Florida
Registered: May 2009


Feedback score:    (21)
Leave feedback





Total ratings: 144
Rate this member

Report this Post06-17-2016 03:43 PM Click Here to See the Profile for JohnWPBClick Here to visit JohnWPB's HomePageSend a Private Message to JohnWPBEdit/Delete MessageReply w/QuoteDirect Link to This Post
 
quote
Originally posted by mrfred8:
Really, so you provided the initial requirements coded the site and know how its SUPPOSED to work.


 
quote
Originally posted by mrfred8:
That is how this forum was designed, coded and works.


Ahhh so YOU provided the initial requirements coded the site and know how its SUPPOSED to work.

WTF! Why does everyone have to attack everyone on this forum lately! I was simply bringing up something that seemed important to me, and probably 90% of the other members on here. Nothing more..... Many people code their email addresses here and other places on the net, so it can not be scraped. like my John W P B address at gmail. I was just bringing to the attention that the emails are clearly visible they way things are set up.

I also am very happy that Cliff created and maintains this board. I never suggested in any way otherwise, and have made a few small donations over the past few years to help keep things going. Take a chill pill, take a nap, have a drink or just relax a little bit

[This message has been edited by JohnWPB (edited 06-17-2016).]

IP: Logged
mrfred8
Member
Posts: 1719
From:
Registered: Oct 2011


Feedback score: (2)
Leave feedback

Rate this member

Report this Post06-17-2016 06:12 PM Click Here to See the Profile for mrfred8Click Here to visit mrfred8's HomePageSend a Private Message to mrfred8Edit/Delete MessageReply w/QuoteDirect Link to This Post
The important thing is that everyone knows that if they do not want their email address made public, they just need to go in and change their profile setting if they haven't already.

Would it be cool if Cliff saw this thread and added a 3rd option to allow only logged in users to see email addresses? Yep it would.

Now I am going to take a nap, Nyquil take me away (damn summer colds).

[This message has been edited by mrfred8 (edited 06-17-2016).]

IP: Logged
PFF
System Bot
IMSA GT
Member
Posts: 10252
From: California
Registered: Aug 2007


Feedback score:    (8)
Leave feedback





Total ratings: 252
Rate this member

Report this Post06-17-2016 06:15 PM Click Here to See the Profile for IMSA GTSend a Private Message to IMSA GTEdit/Delete MessageReply w/QuoteDirect Link to This Post
 
quote
This is NOT Google's fault. They are simply linking to a page that already exists. In fact, thanks to the Google search, I was able to find this


Yes it is Google's fault. Google cannot reference the entire worlds database just for the hell of it. When Cliff agreed to have their ad support on here, I'm pretty sure their Google bots went through this entire forum, logged it, and can now cross reference every bit of information on here.....hence the recent "keyword" search by someone on the internet that linked to this website and caused Cliff to temporarily lose their ad support/business.

Thats how it linked to this forum without any "Pennocks" keywords being searched. I typed in my email on Google and the first topic was this:


None of my wife's websites are sponsored by Google so any of her emails do not return any results if you search for them.


Edit to add, I didn't see MrFred's response above about the bots before I posted my response about the bots but I'm pretty sure thats part of the fine print when allowing Google to represent your website. It has free reign to do whatever it wants.

Also John, I'm not arguing or being nasty with my reply. It's tough to judge someones attitude when looking at text on a screen so I'm not snapping at you

[This message has been edited by IMSA GT (edited 06-17-2016).]

IP: Logged
JohnWPB
Member
Posts: 5181
From: West Palm Beach, Florida
Registered: May 2009


Feedback score:    (21)
Leave feedback





Total ratings: 144
Rate this member

Report this Post06-17-2016 08:22 PM Click Here to See the Profile for JohnWPBClick Here to visit JohnWPB's HomePageSend a Private Message to JohnWPBEdit/Delete MessageReply w/QuoteDirect Link to This Post
 
quote
Originally posted by IMSA GT:
None of my wife's websites are sponsored by Google so any of her emails do not return any results if you search for them.


I don't think it is so much a matter of using Google ad's. I am on quite a few forums, MP3Car, HomeSeer, CocoonTech to name a few. Many of them have Google Ad's embedded. The ad's alone will not expose email addresses. It seems that it is actually the forum software used here. It is open to displaying email addresses, and there seems to be nothing in place to prevent it. You can simply click on the [EMAIL] button on any post. (The button will not show if they choose in the preferences to have it hidden). As mentioned above, you do not even need to be a member, logged in, or any other restriction that I know about.

On the other forums I mentioned, you absolutely have to be logged in to be able to see someone's email address. Therefore, Google, Yahoo and any other search engine do not have access to scrape them.

This is why when I search for my email address, just like you did, Pennock's comes up in the first few Google results. I looked all the way through page 5 of my email search Google results, and none of the other forums I am on were in the results. Including my websites that I have Google ad's displayed on.

 
quote
Originally posted by IMSA GT:
Also John, I'm not arguing or being nasty with my reply. It's tough to judge someones attitude when looking at text on a screen so I'm not snapping at you



Nice! It seems everyone in general is just on such a short fuse lately.

IP: Logged
Patrick
Member
Posts: 36251
From: Vancouver, British Columbia, Canada
Registered: Apr 99


Feedback score: (1)
Leave feedback





Total ratings: 458
Rate this member

Report this Post06-18-2016 03:43 AM Click Here to See the Profile for PatrickSend a Private Message to PatrickEdit/Delete MessageReply w/QuoteDirect Link to This Post

I don't know when it started, but yeah, there's been an explosion in the number of spam emails being sent to the Yahoo email address I list in my Profile here. And interestingly enough, a lot of these spam emails are from the Netherlands... as shown in the example below.

IP: Logged
Cliff Pennock
Administrator
Posts: 11569
From: Zandvoort, The Netherlands
Registered: Jan 99


Feedback score: (2)
Leave feedback





Total ratings: 698
Rate this member

Report this Post06-18-2016 05:58 AM Click Here to See the Profile for Cliff PennockClick Here to visit Cliff Pennock's HomePageSend a Private Message to Cliff PennockEdit/Delete MessageReply w/QuoteDirect Link to This Post
That's why there is an option to hide your email address. Don't blame PFF that if you chose not to hide it, it will be picked up by spambots.

If you click at "Printable version" at the top of this thread, you will see that not everyone's email is listed. It's hidden for those that have selected that option in their profile (or did so when they signed up since it's asked then).
IP: Logged
JohnWPB
Member
Posts: 5181
From: West Palm Beach, Florida
Registered: May 2009


Feedback score:    (21)
Leave feedback





Total ratings: 144
Rate this member

Report this Post06-18-2016 11:30 AM Click Here to See the Profile for JohnWPBClick Here to visit JohnWPB's HomePageSend a Private Message to JohnWPBEdit/Delete MessageReply w/QuoteDirect Link to This Post
 
quote
Originally posted by Cliff Pennock:

Don't blame PFF that if you chose not to hide it, it will be picked up by spambots.


NOT comparing the capabilities of PFF to other forums and communities, as we know this forum is a bit older, and not as mainstream, and PFF serves it's purpose well....... However, there may be confusion when selecting the email option in the profile.

Other forums give the same option to make your email address available to others, or to hide it. The difference is when you choose to let others see it in other forums, it is not available to search engines, and you also have to be logged in as a member of the particular forum to see it in the first place. This is done intentionally, so search engine robots can not scrape every email address of a particular forum, as can be done here.

I know I always choose the option to allow people to email me on every forum I am on. That is what a community forum is, in my mind, a place to share and interact. I made the mistake when I set up my profile here, as I was not aware that it would be so openly visible. I have now corrected it.

[This message has been edited by JohnWPB (edited 06-18-2016).]

IP: Logged
Patrick
Member
Posts: 36251
From: Vancouver, British Columbia, Canada
Registered: Apr 99


Feedback score: (1)
Leave feedback





Total ratings: 458
Rate this member

Report this Post06-18-2016 02:32 PM Click Here to See the Profile for PatrickSend a Private Message to PatrickEdit/Delete MessageReply w/QuoteDirect Link to This Post
Fortunately, the spam filter employed by Yahoo works pretty good. I'd say it filters out about 90% of the 12-15 spam emails sent each day to the address I use here.

I have to admit though, I'm a little surprised to discover that our email addresses are accessible to bots (or actual people) without them being logged into PFF.

[This message has been edited by Patrick (edited 06-18-2016).]

IP: Logged
E.Furgal
Member
Posts: 11708
From: LAND OF CONFUSION
Registered: Mar 2012


Feedback score:    (23)
Leave feedback





Total ratings: 278
User Banned

Report this Post06-19-2016 04:02 AM Click Here to See the Profile for E.FurgalSend a Private Message to E.FurgalEdit/Delete MessageReply w/QuoteDirect Link to This Post
 
quote
Originally posted by Patrick:

Fortunately, the spam filter employed by Yahoo works pretty good. I'd say it filters out about 90% of the 12-15 spam emails sent each day to the address I use here.

I have to admit though, I'm a little surprised to discover that our email addresses are accessible to bots (or actual people) without them being logged into PFF.



Did it not ring a bell, that the forum asked if you wanted the email public or not..??
public doesn't mean forum members only.. as there is no need to have it that way, as the forum has an internal mail service P.M.'S AND you have the option to get an email when you get a P.M.
so you can use the option of a hidden email.. and not public

The forum, does allow only members to contact you through email..
It requires using the option of non public email and clicking/checking yes to wanting emails when you get a P.M.
not Cliffs fault, that members don't use the options handed to them..
IP: Logged
JohnWPB
Member
Posts: 5181
From: West Palm Beach, Florida
Registered: May 2009


Feedback score:    (21)
Leave feedback





Total ratings: 144
Rate this member

Report this Post06-19-2016 09:55 AM Click Here to See the Profile for JohnWPBClick Here to visit JohnWPB's HomePageSend a Private Message to JohnWPBEdit/Delete MessageReply w/QuoteDirect Link to This Post
 
quote
Originally posted by E.Furgal:

public doesn't mean forum members only..


That is where some of the confusion lies.... In every other forum that I use, and am registered with, public does indeed mean forum members only.

 
quote
Originally posted by E.Furgal:
so you can use the option of a hidden email.. and not public


Actually, here is the way that it is worded:

"Keep your email address viewable to other users when you post notes?"

Yes, it is a choice to make your email address not viewable when posting a "note", and I have now done so.

I started this post honestly thinking it was an error in the forum, and to let Cliff & others know. I had not idea that it was intentionally designed in the way that anyone who did not specifically hide their email, would have it open to all search engines, bots, hackers and such, with no restriction what so ever.

I just wrote a small script in AutoIt, that took 15 minutes to create, here are the email addresses it was able to scrape in just over .00001 seconds from this thread. I edited them slightly, so they are not viable emails. I don't know why, as you can just click the [PRINTABLE] button at the top to see the real ones.

With a tiny bit more code, it could be turned loose on each forum title, and every thread, and get all the email addresses from here. I will NOT do this, but I bet there are a lot of companies that would pay for a database targeted to Car Enthusiasts / DIY'ers. I would bet that this has been done already, as a lot of SPAM that I have received lately seems to be coming from the Netherlands, all trying to sell me something... other than the occasional notification that I have won the Nigerian Lottery (again!)

Here is one from this morning, using my PFF screen name:
johnwpb,

Je hebt een bericht ontvangen
Je hebt een berichtje van fabiixo ontvangen
Klik op de onderstaande link om jouw bericht te lezen


I just tried to do something similar on the other forums I am on, and there is no way that I can seem to do it. First, you have to be a member of the forum, and logged in. Even then the email is encoded and displayed on a separate page with a coded link. There just is no way to get multiple emails.

vXXXX584@yahoo.com
drXXXzrd@comcast.net
rayXXXero@comcast.net
onlineforums6872@comcast.net
druXXXd@comcast.net
mnXXXy@yahoo.com
moXXXor@fieroforum.com
mnXXXy@yahoo.com
onXXXrums6872@comcast.net

[This message has been edited by JohnWPB (edited 06-19-2016).]

IP: Logged

next newest topic | next oldest topic

All times are ET (US)

Post New Topic  Post A Reply
Hop to:

Contact Us | Back To Main Page

Advertizing on PFF | Fiero Parts Vendors
PFF Merchandise | Fiero Gallery | Ogre's Cave
Real-Time Chat | Fiero Related Auctions on eBay



Copyright (c) 1999, C. Pennock