Jump to content

Suggestion: Stop spammers posting spam links in Status updates


Washerhelp

Recommended Posts

Greetings.

I'm running ip.board & ip.content, and recently noticed 2 sets of nasty spam links displayed on my front page via the Recent Updates display.

I was bemused to see that both these status's were from "members" who had not validated. I was also surprised to find out from tech support (who give great service by the way - thanks) that by default, unvalidated members are allowed to post any rubbish in their status, which will then be displayed in all its glory on the front page.

By default, unvalidated members are not allowed to do most things and rightly so. Why are they allowed to circumvent sensible precautions by posting html links in their status?

Can this ability be turned off by default please?

Link to comment
Share on other sites

  • 1 month later...

Lol I have the opposite request/question. I can't seem to figure out how to put links in my status comments. I was trying to link a new thread I started but it just ended up as text even though I entered the url with the http:// at the beginning.

And uh... I found this thread with a search but I guess I should make my own (in support) since this is in feedback.

Link to comment
Share on other sites

Funnily enough Eric I've had exactly the same problem, tried to put a link in myself. I tried BB and HTML but neither work. When I brought the spammers to tech support's attention they sad the ability to post html in a status by unvalidated members is turned ON by default. They turned it off for me and I can't find how to turn it on for myself.

However, I'm pretty disappointed that no one has from IPS has replied to this thread because the idea that it's OK to let spam accounts post html links in their status when they can't even validate is surely a security concern that needs fixing?

Link to comment
Share on other sites

Wow, that's insane that validating members have rights which admin don't, especially since almost all of those stuck in the validating process have some kind of malicious agenda. Maybe I will have to make a member in the validating category if I ever really want to put a link in the status updates again, thanks for the tip.

Link to comment
Share on other sites

I'm not 100% sure Eric, it's possible tech support turned off the ability to use html in the status for everyone when they turned it off for unvalidated members. I can't see why they would have thou so it's possible what you say is correct.

All I know for sure is that by default, anyone, or any spambot can register as a member, they can leave their account unvalidated, but fill in their status with spam links to porn sites as they did on my ip.board (with ip.content) and if set to show status updates (as mine was) these spam links will be displayed on the home page.

Technical support confirmed to me that this is how it is set up by default, which is totally unacceptable.

Link to comment
Share on other sites

Better question is how are your spammers getting through? Or are they human spammers with legitimate emails? If they're not human spammers, as long as you have an active IPB license, the IPS Spam Service should catch them. If it's not, try configuring its actions in: ACP -> System Settings -> Members -> Spam Prevention

An idea you could do is moderate their posting (this might also moderate status updates for them - I don't use status updates personally).

Another idea is to "Remove Status Update ability" from the group(s) you so desire.

ACP -> Members -> Member Groups -> [select group] -> Global [tab] -> "Remove Status Update ability" => yes

Link to comment
Share on other sites

Thanks ZackL. I do have the spam prevention on. Thanks for the heads up on how to look at the individual settings for allowing status updates.

My point is though, why would it be considered OK to let non verified members post status updates? Surely the whole point of forcing a verification system is that by default, unless verified correctly, any new member is a suspected spammer?

Also, do you have any idea how they managed to post html links in their status but me and Eric can't? I have a full administrator account and I cannot put a link in my status yet these unverified members could.

Link to comment
Share on other sites

Only explanation I have is a possible permission oversight (it happens) when your board was originally configured. Although, out-of-box I do believe things are secured (meaning html posting is disabled for all groups).

Personally, I just pretty much setup the "Validating" group to guest permissions and restrict them from posting.

Link to comment
Share on other sites

Hi Zack. Tech support told me "I have adjusted your "validating" group permissions and removed the ability to post status updates, this was turned on for this group by default."

When I expressed my surprise that this was on by default he agreed it should probably not be...

Link to comment
Share on other sites

Hi Zack. Tech support told me "I have adjusted your "validating" group permissions and removed the ability to post status updates, this was turned on for this group by default."

When I expressed my surprise that this was on by default he agreed it should probably not be...

That still doesn't explain how that member used HTML in their status.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...