Adium

Opened 14 years ago

Closed 14 years ago

Last modified 12 years ago

#3479 closed defect (fixed)

Do not force users to respond to authorization requests

Reported by: adamw@gnome.org Owned by: evands
Milestone: Adium X 1.0 Component: Adium Core
Version: Severity: major
Keywords: Cc:
Patch Status:

Description

IM spam is on a seemingly exponential rise these past few days; I'm getting upwards of 30 authorization requests each day through ICQ. Each authorization request gives me two options: Accept and Deny.

If I choose "Deny", then the attacker client knows that I am monitoring my client. Within minutes of choosing Deny, I get inundated with other authorization requests.

If I choose Accept, the same happens: the attacker is informed that I'm paying attention to my client, and I get inundated iwth other authorization requests and IMbots (I even got 419 IM spam today :-D !)

There needs to be some way to just ignore the authorization requests. Any answer I give counts against me, and I'm being expressly barred from staying silent. The only way I've been keeping my IM spam under control is by kill -9 -ing adiumx whenever an authorization request comes through.

Please, add a Cancel or Ignore button to the authorization request dialogue!

This issue is definitely on the rise, and a solution needs to be entered before adiumx becomes a targetted tool.

I don't know what sort of data to give you. Please let me know what would help in the decision-making process here.

Attachments (2)

patch.diff (2.6 KB) - added by absinth 14 years ago.
hacky patch that should work but doesn't seem to ;-<
patchv2.diff (1.6 KB) - added by absinth 14 years ago.
hacky patch that should work but doesn't seem to ;-<

Download all attachments as: .zip

Change History (13)

comment:1 Changed 14 years ago by stevena@…

I would suggest two things:

(1) Add a "block" button so the user can be blocked immediately. NO message will be sent to the user at all. In general, the client should give no indication to the remote user that the client is present or is responding, unless explicitly told to do so.

(2) Queue authorization requests in a small modeless window where they can be reviewed. Do not interrupt what the user is doing with a modal dialog; that's the worst. In general, all things initiatied by an external user that would cause a modal dialog or a change of focus on Adium are candidates for this "activity review" window. All of them are potential avenues of denial of service or spam.

comment:2 Changed 14 years ago by anonymous

same issue.. a lot of spam fake users authorisation request with spam etc.. Adium is a wonderful software I hope you will add auto blocking fonctionnalities

comment:3 Changed 14 years ago by mmdata@…

It would be great if would be possible to block "Authorization Request" from special ICQ number or

for big group - for example - blocking Requests from users without Nicks.. or something like that.. Or how was told - Add button - Block requsts from that number.. Every day big nummber with Authorization Request.. from unknown - spamers.

comment:4 Changed 14 years ago by dwoo

I've also recently begun receiving authorization spam; and I also agree that there should be some type of ignore button.

comment:5 Changed 14 years ago by rwhiteruff@…

PLEASE address this issue. I'll be uninstalling GAIM soon due to the auth-request spam I'm being flooded with.

comment:6 Changed 14 years ago by absinth

yes this is driving me crazy too...it started about two weeks ago and is getting worse every day...the real bug here is that only messages, but not authorisation requests are blocked for contacts in the block list

Changed 14 years ago by absinth

Attachment: patch.diff added

hacky patch that should work but doesn't seem to ;-<

Changed 14 years ago by absinth

Attachment: patchv2.diff added

hacky patch that should work but doesn't seem to ;-<

comment:7 Changed 14 years ago by anonymous

I've found that clicking "Deny", and then "Cancel" on the "Reason" pop-up that pops up, spambots get no response and leave me alone. For a couple of days...

comment:8 Changed 14 years ago by Evan Schoenberg

Milestone: Adium X 1.0
Owner: changed from nobody to Evan Schoenberg

Is there any potential reason we wouldn't want to block an authorization request from a blocked contact?

In any case, please make a separate ticket for that request / issue. I'll take the original problem, which is that closing the window shouldn't send a response at all (either deny or accept).

comment:9 Changed 14 years ago by Evan Schoenberg

Resolution: fixed
Status: newclosed

(In [15547]) Closing an authorization request window now sends no response rather than sending a 'deny' response. Fixes #3479.

comment:10 Changed 14 years ago by noivad

Resolution: fixed
Status: closedreopened

I've go this guy that's requested authorization, literally, over 100 times today! I stopped responding, and I just minimized the window. Well, my dock is full now. Please make it so we can block a person from requesting authorization, or at least not have to bother seeing it anymore. You can't close the authorization window either, you can only minimize it, the close button is grayed out. the only thing you can do is hit deny and close the response box, which is a wasted click IMO. there's should be an option to just close the box, and another to put the person on block without adding him/her to your contact list then hitting block. Also, the block isn't working for authorizations if it's meant to.

comment:11 Changed 14 years ago by David Smith

Resolution: fixed
Status: reopenedclosed

Please read Evan's comments on this ticket.

Note: See TracTickets for help on using tickets.