Disabling e-mail notification of private messages due to phishing attempts

We have had a recurring problem here on the HASTAC site of people registering and then using the messaging system to send spam to other users. I thought I had configured the site to throttle this type of message, but someone slipped through again yesterday and sent hundrends of phishing messages to HASTAC members. If you received one of these from "silver baby" or "sharonlov baby" please accept my aplogies and know that we are doing all we can to prevent this.


As a temporary measure, I am disabling e-mail notifications of private user-to-user messages. This means that if you use the contact form on a HASTAC member's profile, they will not be notified until they log in to the site. If you want to check your own messages, visit your profile page at http://hastac.org/user and login. The site always notifies members of new messages with a yellow alert bar so you may need to pay more attention to that than in the past. 


Many of you have great technical backgrounds, I'd love to hear any other suggestions. I am currently researching Drupal modules such as this https://drupal.org/project/privatemsg_limits that limit the number of private messages tht a user can send in a certain period of time. 

No comments