A quick update for everyone: some of you readers from outside North American may have noticed that for the past four nights our server has been conking out in the very early hours (North American time). We couldn't figure out why until today: it turns out we had a security hole in our "Email This Story" script, and someone has been using it to send spam using our server, mostly to AOL users it seems. I couldn't figure out why, for the past several days, I'd been receiving email automated messages from the AOL Postmaster program warning me about Thoughts Media sending out spam. I thought it was some AOL users who were getting the weekly newsletter, forgetting that they opted-in for it, not realizing they could turn it off in <a href="http://www.pocketpcthoughts.com/forums/profile.php?mode=editprofile">their account settings</a>...then flagging it as spam. Looks like that wasn't the case, so I'm sorry for thinking the worst of you AOL users. ;-) At any rate, we've removed this feature for now and will replace it at some point in the future. I'm curious though, how often did you use this feature? Vote in the survey below or give me a comment back.

I never even noticed it. :oops:

Jason,

I think you need to correct the story - I'm sure you didn't mean to say

someone has been using it to send our spam using our server

:D

I think you need to correct the story - I'm sure you didn't mean to say...

Hahaha...whoops! Fixed, thanks. ;-)

We can't even send our own spam? We needed someone else to do it for us? :lol:

Based on the current poll results, I'd say it would be a waste of time and resources to worry about replacing the feature.

Based on the current poll results, I'd say it would be a waste of time and resources to worry about replacing the feature.

Indeed. That's why I did the poll, because I suspected it wasn't being used much...

I didn't even know this feature existed. When I send someone a story, I send them the link.

Same here, I'd never noticed the feature.

It is one of those features that I use rarely - but find useful when I do want to share an article.

hehe Put me into the "What email this story feature" group. I never noticed it was there. I cut and past the URL if i wanna share something. :D

Put me down as another on the missing vote response: 'Never used it.' Not because I never noticed it. Saw the link. Just a matter of policy, I never use those things on any website. Too many abuse it, using such only email services as a ruse to harvest email addresses for spamming. I've taught my daughter the same thing, as early on in her membership with a few kid's sites she managed to get some hefty spam going, though most of it was because her friends used 'share this with a friend!' links to send her things.

Put me down as another on the missing vote response: 'Never used it.' Not because I never noticed it. Saw the link. Just a matter of policy, I never use those things on any website. Too many abuse it, using such only email services as a ruse to harvest email addresses for spamming. I've taught my daughter the same thing, as early on in her membership with a few kid's sites she managed to get some hefty spam going, though most of it was because her friends used 'share this with a friend!' links to send her things.

yep, those things are bad about that. Never use them.

I used it once to send one of my own articles to a friend. Every other time since then I've just emailed them the URL (to the non-paginated version).

We had this problem on our sever as well. I guess it's a big issue. I found this article online which discused the problem specifically.

http://www.securephpwiki.com/index.php/Email_Injection

We used the ModSecurity option to fix our server as we still need the ability to send email to users. If you decide to re-implement this or need some other feature to send emails you'll want to look into this.

Best of Luck,
David Devaney, Jr.
DDH Software, Inc.