Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Issue with permissions and roles

2»

Comments

  • also you might post a screenshot of permissions you have for Applicants.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • I would use http://vanillaforums.org/addon/registrationrestrictlogger-plugin

    applicant approval, forget about confirmation e-mail

    and approve as necessary and give Applicant the most restrictive permissions.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • @peregrine said:

    you won't see applicants in applicants area, who haven't confirmed their e-mail

    I did a test registration yesterday, and I was able to see the Applicant in the list of Applicants even before I confirmed the email. I will redo this test now and double-check this.

    I'm going to install this plugin shortly.

    @peregrine said:
    I would use http://vanillaforums.org/addon/registrationrestrictlogger-plugin

    applicant approval, forget about confirmation e-mail

    and approve as necessary and give Applicant the most restrictive permissions.

    I already installed this day before yesterday and configured it according to the readme file. It has reduced the number of spam bot registrations.

    Here are the screenshots:

  • permissions for applicant look reasonable.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • I have removed the SignIn permission also.

    Just performed a new registration test. I could immediately see the new applicant in the list without confirming the email.

  • peregrineperegrine MVP
    edited October 2014

    What do you want? is the big question.

    you said you couldn't see appplicants before?

    not sure what you want. I have to go.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • And I don't see the new user in the "Users" list (because it's not approved yet). However, those bots are managing to escape the approval somehow and directly show up under the "Users" list as Members.

    I want to solve this problem.

    Just to reiterate, I'm seeing this problem only after the upgrade. Otherwise, the forum has been online for about 2 years and I had not seen this problem before.

  • peregrineperegrine MVP
    edited October 2014

    And I don't see the new user in the "Users" list (because it's not approved yet). However, those bots are managing to escape the approval somehow and directly show up under the "Users" list as Members.

    because your confirmation email role was probably pointing to members role id.

    what do you see with the members plugin I suggested. and what role do they have.

    http://vanillaforums.org/addon/memberslistenh-plugin

    you are talking about past events yes?

    decide what you want (settings) think about it, then answer tomorrow :) after you make those settings. and make sure config.php is correct. see if you have more bot applicants or bot members.

    I personally don;t use e-mail confirm. its a waste of time and trouble if you have approval and ask a registration question and use the registration restrict logger. - my bias, of course.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

    Bleistivt
  • @‌peregrine

    Let me install the members plugin and observe the issue closely for the next couple days (for any new bots that manage to escape the Approval process). I had deleted the bot members that had escaped the Approval in the past 2-3 days. So, I'm not able to provide more details right now.

    I'll post an update on this thread later this week.

    Thanks so much for your help. Thanks to other members as well.

    vrijvlinderperegrine
  • Had another case where a bot managed to by-pass "approval" and become a member. Refer to the screenshot below:

    I think I've kinda figured out what's going on.

    My test registration was in "Approval" role because I didn't approve it, and I didn't confirm the email either. Then I went ahead and confirmed the email, but didn't approve it. Now the status of the test account changed to Member, and the approval request disappeared from my Approval queue automatically. So, it means that there are 2 ways to become a member - either the user confirms the email or the admin approves the request. I wasn't aware of this. I thought both had to be done for a user to become a member.

    I'm going to turn off the email confirmation and go just with the "Approval" part. Hopefully that will take care of the issue. I'll report back the status again in couple days.

    Thanks again.

    hgtonightvrijvlinderperegrine
  • @peregrine‌

    I have sent a small donation as a token of appreciation for your great work. Thank you so much.

    peregrine
  • @brainolution said:
    peregrine‌

    I have sent a small donation as a token of appreciation for your great work. Thank you so much.

    @brainolution

    and thank you for the donation. I always like monetary donations :) I hope the plugins help mitigate the problems with spammers.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

Sign In or Register to comment.