Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Spammers getting through registration

2»

Comments

  • ToddTodd Chief Product Officer Vanilla Staff

    There's a permission called Garden.Profiles.Edit that says whether or not users can upload profile pictures and edit their status.

  • That's great - all my questions answered. Happy with what I've got in place now. I'll delete the obvious spammers with dodgy email addresses, and then there's no harm in leaving others waiting verification, in case they are genuine.

    Once again, REALLY appreciate all the support here.

    Thanks

  • @tsj

    Use this suggestion and mod to fix bonk with the plugin - should cut down on things.

    http://vanillaforums.org/discussion/21349/bonk-when-trying-to-register

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • fh111fh111 Vanilla Padawan ✭✭

    we're using this now and i am sure no bot will get past our security question : )

  • peregrineperegrine MVP
    edited September 2012

    I am working on random question and mod to submit for the bot plugin - got one stumbling block.

    if you can answer this - I'll post my changes.

    http://vanillaforums.org/discussion/21357/how-do-i-set-a-computed-value-in-a-form-in-a-view-that-i-can-read-after-form-submission#latest

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • I posted my random technique for postapproval as a mod to the botstop plugin.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • interesting that the same spammer is specifically targetting multiple vanilla forum sites.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • @Todd said:
    What you are seeing is correct though. You will get a bunch of spammers sitting in the confirm email role, but they won't be able to do anything.

    One thing they can do is send messages though the conversations application, which doesn't seem to have any way to limit people in the confirm email role from using it.

  • peregrineperegrine MVP
    edited November 2012

    @Anonymoose said:
    One thing they can do is send messages though the conversations application, which doesn't seem to have any way to limit people in the confirm email role from using it.

    unfortunately I could only think of a core modification.

    • this is a core modification for vanilla 2.0.18.4

    but this mod will print the following message for role "Applicants" after they try to start a conversation - obviously you can change the role "Applicant" below to whatever role you want to block the sending of private messsages.

    "You cannot send messages as an Applicant"

    to block messages of Applicants you can modify the core in

    applications/conversations/controllers/class.messagescontroller.php

    in public function Add($Recipient = '')

    add the lines between the // comments to the top of public function Add($Recipient = '') in

    class.messagescontroller.php

     public function Add($Recipient = '') {
    
         //add to block messages of applicants
         $NewRoleModel = new RoleModel();
         $therole = $NewRoleModel->GetByUserID(Gdn::Session()->UserID)->ResultArray();
         if (($therole[0]['Name']) == "Applicant") {
    
               echo "<br /> <h2> You cannot send messages as an Applicant <h2> <br />  <br />";
               return;
               }
        //end add to block messages of applicants
    

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • ToddTodd Chief Product Officer Vanilla Staff
    via Email
    Good point. That deserves a permission lock down.
  • AnonymooseAnonymoose ✭✭
    edited December 2012

    Mod for /applications/conversations/settings/class.hooks.php to hide 'inbox' menu item from applicants.

    After this:

    /**
    * Add 'Inbox' to global menu.
    *
    * @since 2.0.0
    * @access public
    */
    public function Base_Render_Before(&$Sender) {
    

    Add this:

    //add to block display of inbox menu item to applicants
         $NewRoleModel = new RoleModel();
         $therole = $NewRoleModel->GetByUserID(Gdn::Session()->UserID)->ResultArray();
         if (($therole[0]['Name']) == "Applicant") {
               return;
               }
    //end add to block display of inbox menu item to applicants
    
  • AnonymooseAnonymoose ✭✭
    edited December 2012

    Mod for /applications/conversations/settings/class.hooks.php to hide 'send X a message' in profiles from applicants.

    After this:

     /**
     * Add 'Inbox' and 'Send Message' to profile menu.
     *
     * @since 2.0.0
     * @access public
     */
     public function ProfileController_AfterAddSideMenu_Handler(&$Sender) {
     // Add a "send X a message" link to the side menu on the profile page
    

    Add this:

     //add to block applicants from seeing "send X a message" on profile page
     $NewRoleModel = new RoleModel();
     $therole = $NewRoleModel->GetByUserID(Gdn::Session()->UserID)->ResultArray();
     if (($therole[0]['Name']) == "Applicant") {
           return;
           }
     //end add to block applicants from seeing "send X a message" on profile page
    
  • wilcoskywilcosky New
    edited September 2013

    I'm also seeing this for my forum with just a basic, no extra plugins, install. I see and get the modifications mentioned above.

Sign In or Register to comment.