Hi bascule, thanks for pointing out the regex but it's hard or impossible to concoct one that stops LAN access. Blocking numeric IP addresses isn't sufficient. I argee this plugin is dangerous by default and yet nowhere in the documentation, or during selection of this plugin, does it warn the user to consider whether their network set-up would be vulnerable. I think that's a bug that needs addressing.
Chatting on the supybot channel, I was told it should be obvious to anyone that this can happen and that's what network DMZs exist for. Well, it wasn't obvious to me since there's a lot of plugins and considering the security implementations of each of them would take hours. -- supybot !web title leaks LAN HTTP servers to the channel https://bugs.launchpad.net/bugs/234629 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
