Ocean West Posted June 25, 2023 Posted June 25, 2023 I don't think it's a good idea to use the the members ID as the referrer and should be dynamically generated. it's too easy for actors to spoof this: domain.com/?&_rid=##### seeing a rise in people registering via a link without it being initiated from the member.
Ocean West Posted June 26, 2023 Author Posted June 26, 2023 random people most likely spammers can see that the url is tied to a member account for what ever reason it is an annoyance to the person who never referred anyone also get notifications to the contrary.
Marc Posted June 27, 2023 Posted June 27, 2023 You would then be giving out the unique key anyway. There isnt really anything to keep secure as such on this one
Ocean West Posted June 27, 2023 Author Posted June 27, 2023 Yes this is the point the key should be unique if you intend to send someone a referral / invite the the forum that is fine. What the problem is would be spammers are using the fact the URL is static and you can manufacture the URL they are now using it as a vector and way of spamming other members for no reason it causes confusion and more explanation than it's worth as most people don't know they have referrals. I had to disable the entire referral system because of this.
Runar Posted June 27, 2023 Posted June 27, 2023 8 hours ago, Marc Stridgen said: You would then be giving out the unique key anyway. Yes, but it wouldn’t be incremental and easily guessable.
Ocean West Posted June 27, 2023 Author Posted June 27, 2023 Base64 unique for each member which the member could reissue a new url if they wished.
Recommended Posts