Read this first! > Announcements and site development
We were hacked.
IFireflyl:
Thanks for the heads up, but I think this note should be mass-emailed to users if possible. I don't allow users to email me, but I would hope that this would be something that administrators could bypass, especially in regards to user security. I use 1Password, and every site has its own password so there is no harm done to me now that I changed my site password. However, I know that most users don't have their email/password setup that way, and I wouldn't want a user to have a compromised email/password on other sites that they aren't aware of because they don't check this site enough. This is just food for thought.
Thanks for getting everything taken care of though!
Koby:
--- Quote from: IFireflyl on 2021-07-15 00:33:48 ---Thanks for the heads up, but I think this note should be mass-emailed to users if possible. I don't allow users to email me, but I would hope that this would be something that administrators could bypass, especially in regards to user security. I use 1Password, and every site has its own password so there is no harm done to me now that I changed my site password. However, I know that most users don't have their email/password setup that way, and I wouldn't want a user to have a compromised email/password on other sites that they aren't aware of because they don't check this site enough. This is just food for thought.
Thanks for getting everything taken care of though!
--- End quote ---
Problem with that is the way these kinds of forums are setup in terms of the email capabilities... Sending a mass email to all users tends to send out so many at once that most mail servers automatically end up flagging the server as spam and either don't deliver the email to the address or places it into spam and then future emails also automatically get flagged from the server.
So mass emailing users on large forums tends to require a separate mail server setup so that it can send say x amount of emails per x amount of time, until it's sent out to all users.
On top of this, users can opt out of admin emails too, so this doesn't even guarantee that everyone gets notified. On top of this many users have likely abandoned such account here and no longer care about it at all... and getting an email about the site they'll just opt to flag it as spam or contact admins to delete their account.
In any event, mass emailing a few dozen thousand users can open a can of worms of it's own.
IFireflyl:
--- Quote from: Koby on 2021-07-15 02:48:28 ---Problem with that is the way these kinds of forums are setup in terms of the email capabilities... Sending a mass email to all users tends to send out so many at once that most mail servers automatically end up flagging the server as spam and either don't deliver the email to the address or places it into spam and then future emails also automatically get flagged from the server.
So mass emailing users on large forums tends to require a separate mail server setup so that it can send say x amount of emails per x amount of time, until it's sent out to all users.
On top of this, users can opt out of admin emails too, so this doesn't even guarantee that everyone gets notified. On top of this many users have likely abandoned such account here and no longer care about it at all... and getting an email about the site they'll just opt to flag it as spam or contact admins to delete their account.
In any event, mass emailing a few dozen thousand users can open a can of worms of it's own.
--- End quote ---
SMF has a built-in Mail Queue system which allows the admin to restrict the total number of emails sent per hour. This just needs to be set to something that is less than the hosting provider's hourly email limit, and then there is no issue. Forums generally allow admins to bypass the user-enabled email opt-out specifically because the admins may need to contact users for things like a security breach. I'm fairly certain that SMF also allows this, although the admins or someone more familiar with SMF would need to confirm this.
Additionally, this is just a recommendation I had. If the people running this forum don't agree then that's fine. I just thought I'd throw my two cents in for how something like this should be handled going forward.
Koby:
--- Quote from: IFireflyl on 2021-07-16 00:21:03 ---SMF has a built-in Mail Queue system which allows the admin to restrict the total number of emails sent per hour.
--- End quote ---
Ah, last time I used SMF it didn't have that ability. Shoot even licensed IPS, which I currently maintain a forum running on, doesn't have the option to limit it, so I assumed SMF still hadn't included it.
sithlord48:
Great to see https finally!
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version