On June 21st a complaint was received by the hosting of OCUS claiminig that the server has sent SPAM to a certain destination domain.
While the complaint is quite thin (actually only 2 messages were sent in total and given the context of the investigation one was likely a registration confirmation email), it has revealed a legitimate potential vulnerability.
The sign-up page does not have a captcha / anti-bot verification.
The object of this issue is to add a captcha type anti-bot verification to the sign-up page.
Furthermore, given the open-source nature of the project and volunteer based hosting for individual sites, I request that such protection be implemented in a standalone and independent way within the project's code, that is not to use third party service providers for it to work. (ie excluding services like reCAPTCHA and similar).
Thank you.
On June 21st a complaint was received by the hosting of OCUS claiminig that the server has sent SPAM to a certain destination domain.
While the complaint is quite thin (actually only 2 messages were sent in total and given the context of the investigation one was likely a registration confirmation email), it has revealed a legitimate potential vulnerability.
The sign-up page does not have a captcha / anti-bot verification.
The object of this issue is to add a captcha type anti-bot verification to the sign-up page.
Furthermore, given the open-source nature of the project and volunteer based hosting for individual sites, I request that such protection be implemented in a standalone and independent way within the project's code, that is not to use third party service providers for it to work. (ie excluding services like reCAPTCHA and similar).
Thank you.