How to change the profile?

Hello,

tried to change the e-mail address today. The reason is: the forum has been hacked and the e-mail addresses are now used for sending spam mails to. I have had a unique address for this forum and I now get tons of foul meat in my inbox.

When changing the e-mail address the server returns an error that the security question and answer must be filled in (these are protected fields and are already filled!). After that, you are logged off.

BTW. My browser blocks a script from http://http! The error is located in line 276:

[code]

Although I find it hard to believe, we’ll look at your allegation that the forum has been hacked.

We will also look into your problem with changing the e-mail and thank you for pointing out the error in the script we’ll fix it ASAP.

[quote="Wilfried B

Unless you are a moderator or administrator, even if you know the display name, which is shown on the “who is logged in screen”, you cannot get the corresponding e-mail address. If you can please tell us how you did it and we will fix it so you can’t.

http://tech.forums.softwareag.com/viewonline.php

I can read my own e-mail address and the e-mail addresses of other users (if online) there…

Yes, I found this as well; the problem seems to be that if you have changed your profile then we (unfortunately) display your e-mail address. This will be fixed by tomorrow.

Yesterday around 16:00-17:00 CET I saw some “Guest”-Accounts with the entry “Watching Profile”. I thougt, this is only possible if the user is logged on…

Ergo: Maybe it’s posslible to get some e-mail-Addresses by scanning all profiles beginning with User #1. I looked at the HTML-code of some profiles and

Bingo!

For example check out your own profile:

http://tech.forums.softwareag.com/profile.php?mode=viewprofile&u=1384

There is a HTML-commentary including the E-Mail-Adress. Search for a line starting with:

<!--<td><b><span>Contact Stephen.Wild@

Of course you can’t see it in the browser, but I guess you need only 10 lines of perl-scripting to read out all profiles automatically…
[quote="Wilfried B

Thanks for letting the world know about this, but it is now no longer possible. We have already removed the feature.

If I want to be sarcastic I would say: “Obviously, the world already knows. Thanks for letting the world know my e-mail address.”

But I hope, I’m not sarcastic. And so I say: “It wasn’t my intention to blame anybody. I just wanted to help.”

[quote="Wilfried B

This should also now be fixed