Zimbra

pointer · #11 (**permalink**) 08-08-2011, 08:45 AM

Quote:

Originally Posted by phoenix

That is your prerogative. If the accounts on the forums or bugzilla had been 'hacked' don't you think we'd all be getting spam?

Indeed, it is. I was not trying to assert that bugzilla has been hacked. You can scrape email addresses from bugzilla simply by creating an account and listing bugs. Once you are logged in, you can see the email addresses associated with the ticket and its comments.

bjenkins · #12 (**permalink**) 01-20-2012, 05:18 AM

Just as a data point, I'm on the Zimbra Forums and Bugzilla, I've gotten these spams for a few months. My coworker is also on the Zimbra Forums and Bugzilla, and gets the same spams. About the only thing we have in common is these two things. I would suspect a scraping rather than an outright hack, though.

phoenix · #13 (**permalink**) 01-20-2012, 05:24 AM

Quote:

Originally Posted by bjenkins

I would suspect a scraping rather than an outright hack, though.

That's not likely, the email addresses are not visible for viewing and if that were the case I'd think we'd all be getting spam from these sources.

bjenkins · #14 (**permalink**) 01-20-2012, 05:40 AM

Well, in Bugzilla they are if you log in. Maybe that's where they are coming from, rather than the forum?

pointer · #15 (**permalink**) 01-20-2012, 05:41 AM

Quote:

Originally Posted by phoenix

That's not likely, the email addresses are not visible for viewing and if that were the case I'd think we'd all be getting spam from these sources.

You're wrong on at least one point. Go to this URL and tell me if you see email addresses:

https://bugzilla.zimbra.com/show_bug.cgi?id=38631

I'm asserting that this came from bugzilla.zimbra.com. I use separate email addresses for bugzilla and these forums.

Also worthy of note:

https://bugzilla.mozilla.org/show_bug.cgi?id=261326

Bugzilla appears to allow email harvesting by spammers
- you replied to this one
- the user simply asked Zimbra to enable email address obfuscation in Zimbra's bugzilla instance like Redhat does
- the 4th result when you google 'bugzilla spam'

The email address I registered to bugzilla is behind a cluster of IronPorts with DHAP (directory harvest attack prevention) enabled. Obviously this is not bullet-proof, but it makes the address being harvested much less likely.

Thank you for taking the time to respond to this thread!

davidbrown · #16 (**permalink**) 02-05-2012, 03:57 AM

Quote:

Originally Posted by Blinkiz

I use individual email addresses for all sites I register on. Like Zimbra forum.
Today (2011-06-04) I got spam on this unique address from do-not-reply@select2gether.com. A person (nina.crowth) requesting to add me as contact on Select2gether.

Because I use individual email addresses, I suspect my email address here on Zimbra forum has been compromised.
Anyone else got spam from select2gether?

Sorry to hear this- I have actually great experience at Select2gether and have great friends, more than 40000. I sent an email to their admin so they block the person who send you this email. Thank you.
Dave

smothemh · #17 (**permalink**) 03-23-2012, 09:37 AM

Just one more data point - I've been getting Select2gether spam on my registered address here and on bugzilla from about the time the OP states. I *do* use this address elsewhere so it is not necessarily an indicator of any problem.

Not sure if this helps, but I thought I'd provide the info

Zimbra

Downloads

Product Information

Toolbox

Why Join?