[Resolved] trouble reporting to website

[soulman]

I have been a supporting member for over a year. I recently changed computers and am unable to get the "one click" web reporting to work. It returns a web page not found error. Email reporting works OK. The web reporting worked well on my old computer. I have followed the setup directions using"%40" (without the quotes) instead of the [at] symbol in thwe reporting web site address. Please help, what am I doing wrong? Thanks Jeff

[StevenUnderwood]

I have been a supporting member for over a year. I recently changed computers and am unable to get the "one click" web reporting to work. It returns a web page not found error. Email reporting works OK. The web reporting worked well on my old computer. I have followed the setup directions using"%40" (without the quotes) instead of the [at] symbol in thwe reporting web site address. Please help, what am I doing wrong? Thanks Jeff

32017[/snapback]

1. You have registered in this application with your email address meaning it is likely to be scraped by spammers. You may want to PM Wazoo here to see about getting that changed.

2. If you are talking about a Favorite with your username/password embedded in it, that function was removed from IE at least a year ago due to security concerns. There was a security patch at that time that should have removed the functionality. There was a registry fix posted in these forums somewhere to get around that, but assuming you are now running WinXP, that fix may no longer be relevant, you may be aout of luck.

[soulman]

What is meant by "You may want to PM Wazoo here to see about getting that changed."

The web reporting was working untill last week when I changed over. Jeff

[StevenUnderwood]

What is meant by "You may want to PM Wazoo here to see about getting that changed."

32025[/snapback]

Wazoo is the "administrator" of the forum application (long story, don't ask him ) and I think he can change your username here. There is a Personal Message function within this application in order to contact him. This link MAY work for you. Otherwise, find his name somewhere, click the link and look for "Send a Personal Message". Having your email address as your login here may be convienient, but it is also likely to be picked up by the spammers and added to even more lists, resulting in more spam than you currently receive. The damage may already be done, I don't know.

http://forum.spamcop.net/forums/index.php?...g&CODE=4&MID=18

The web reporting was working untill last week when I changed over.

32025[/snapback]

Correct, when you "changed over" you are likely using a slightly different version of the application, with different patches loaded. One of those patches broke the capability of having the username/password within a URL. If you were keeping up to date with security patches, this would have broken a long time ago on your old computer.

As I mentioned, there was a fix to override this security, but I don't know if it works on your new system (which you have yet to identify...OS, ver, applications, etc.)

You also did not answer whether my assumption that you are actually trying to embed your username/password into the spamcop URL is correct.

All of this could be completely off base.

[Wazoo]

I have been a supporting member for over a year. I recently changed computers and am unable to get the "one click" web reporting to work.

I've used the SpamCop Reporting service for years, but I am not familiar with a "one-click" reporting function. Would you please better explain exactly what it is that you're talking about? StevenUnderwood has guessed at a Favorites Link, I'll ask about Quick-Reporting ..???

It returns a web page not found error. Email reporting works OK. The web reporting worked well on my old computer. I have followed the setup directions using"%40" (without the quotes) instead of the [at] symbol in thwe reporting web site address. Please help, what am I doing wrong? Thanks Jeff

32017[/snapback]

You say "e-mail reporting works" but then talk about inserting an "%40 instead of the [at]" .. which appears to be talking about an e-mail address.

1. You have registered in this application with your email address meaning it is likely to be scraped by spammers.  You may want to PM Wazoo here to see about getting that changed.

32022[/snapback]

The Forum FAQ includes SECTION 7 - Change of Username

[soulman]

Thanks for your patience with me. Yes I was trying to imbed my email into the reply URL, I will try to get that changed and see if it will work. Thanks, Jeff

[Wazoo]

Per PM:

Name Change: << old name>> | << soulman>>

Done

Is it possible to change my username in the SpamCop main site, also, as I am having problems reporting spam through the website with my email as user ID. Thanks, Jeff

No powers there, but ... your "account" there is based an e-mail address. Your reference to problems "reporting though the web-site" doesn't make sense to me. Continuation of this taken back to the Forum.

The "web-site" being www.spamcop.net, which when logged in offers up a web-form to paste your spam into the box. The only place your e-mail address enters that picture is while logging into that page. Your previous remark of "embedding your e-mail as part of the URL" doesn't quite match logging into that page, unless you are trying to do an HTTP authorization, at which point you've not stated whether Internet Explorer was part of that scenario (already pointed out that Microsoft changed that capability ages ago) ... Much easier to do the "accept cookies" for the login process.

[Dangerman]

Well, I think I am having the same problem as described here. To do my spam reporting I have always logged on using the URL:

mailsc.spamcop.net/reportheld?action=heldlog]http://myusername%40spamcop.net:mypassword...?action=heldlog

As was stated above, this stopped working on IE many moons ago when it was patched, but I have continued doing this quite happily using Firefox ever since. Am I right in my reading of the situation that this facility has now been "switched off" on the Spamcop server? If so does anyone know if there is a particular reason for this please?

The reason this is an issue for my is that I have four separate mail accounts, and so the cookie login doesn't work for me as I have to constantly log in and out to deal with the different accounts. The URL method has been working perfectly for me, as I have four tabs on my Firefox homepage which take me straight into the held mail for all my accounts.

Many thanks.

[soulman]

thanks, all cleared up. I was using teh submit to website option but was using the usernane%40domainname:password setup, not the cookie setup. Thanks again

[StevenUnderwood]

Am I right in my reading of the situation that this facility has now been "switched off" on the Spamcop server?  If so does anyone know if there is a particular reason for this please?

32054[/snapback]

That is a possiblity but has not been explored here.

Here, the problem showed up when a new, presumably patched, computer started being used so the old link would not work any longer.

You are stating that the change of the server modified the behavior for you. My recollection of that patch was that other applications (firefox presumably being one of them) turned off that security hole by default. It is not secure to have a password embedded into a link because the spammers can use a trick like spammer.doamin.tld]http://known.domain.tld%40domain.tld:mypas...mmer.doamin.tld where on first glance, it seems you are going to a specific location of known.domain.tld

We could guess the update included installing a new, more secure web server which performed the same type of security patch on the server.

I also seem to remember a statement a while back saying that type of login could go away in the future when they started asking everyone to use cookie login. I can say that HTTP authentication does still work, possibly just with the popup, however.

[Wazoo]

Query kicked up to ask if this may be fallout from the upgrade, though would think thay there'd be many, many more complaints here and in the newsgroups by now.

[Jeff G.]

I also seem to remember a statement a while back saying that type of login could go away in the future when they started asking everyone to use cookie login.  I can say that HTTP authentication does still work, possibly just with the popup, however.

32058[/snapback]

AIUI, the username%domainname[at]hostname.domainname convention is just convenient shorthand to instruct the browser to do an HTTP Auth (.htaccess) login with all that info in cleartext. Such logins either do work or don't work at a particular hostname.domainname; currently in SpamCop.Net domain, they work with the www, members, and mailsc hostnames (although they are not required with the www hostname due to its cookie and drive-by capabilities), but they don't work with the webmail hostname (although Firefox can save the password for the webmail hostname). This situation has been in effect for years (with the exception of the newcomer Firefox, which I didn't start really using until approx. v1.01).

Whether or not a particular browser on a particular computer and its "security enhancements" combine to allow logins using that convention is a different matter from whether or not such logins do or don't work on a particular hostname.domainname for the vast majority of users.

[StevenUnderwood]

currently in SpamCop.Net domain, they work with the www, members, and mailsc hostnames (although they are not required with the www hostname due to its cookie and drive-by capabilities)

32081[/snapback]

I assume you confirmed this because that is the current question. Dangerman claims it worked until the recent service.

[Jeff G.]

I assume you confirmed this because that is the current question.  Dangerman claims it worked until the recent service.

32085[/snapback]

Yes, I confirmed this (that www, members, and mailsc still work with HTTP Auth (.htaccess)) yesterday morning with all three servers, ca. 11:00 EDT, and again while composing that reply with mailsc (I'm not sitting at the computer that knows my www and mailsc email addresses and passwords at present).

[Richard W]

I have been a supporting member for over a year. I recently changed computers and am unable to get the "one click" web reporting to work. It returns a web page not found error. Email reporting works OK. The web reporting worked well on my old computer. I have followed the setup directions using"%40" (without the quotes) instead of the [at] symbol in thwe reporting web site address. Please help, what am I doing wrong? Thanks Jeff

32017[/snapback]

There have been no changes to the servers that remove this functionality. I have just confirmed it still works using Mozilla and Firefox.

As another user has already mentioned, you cannot log in using this method with Internet Explorer, as Microsoft removed this function from IE some time ago as part of a security update.

I suspect your old computer had an older, unpatched version of IE, whereas your new computer is using a current version.

Richard

SpamCop Deputy

[Dangerman]

Sorry for causing the confusion here, it has now started working for me again!! It was certainly not working for me all yesterday afternoon (UK time), which was why I came on here to see if anyone else was having similar problems, but whatever was causing that must have resolved itself in the meantime.

But in any case many thanks for the help, and for pointing out the security implications of doing it that way.

[soulman]

Thanks to all. It now functions properly. I had been using SpamDeputy and it had been logging on with the cookie method, and I had forgotten how I had set it up. All is well.