Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted June 25, 20231 yr I don't think it's a good idea to use the the members ID as the referrer and should be dynamically generated. it's too easy for actors to spoof this: domain.com/?&_rid=##### seeing a rise in people registering via a link without it being initiated from the member.
June 26, 20231 yr Author random people most likely spammers can see that the url is tied to a member account for what ever reason it is an annoyance to the person who never referred anyone also get notifications to the contrary.
June 27, 20231 yr You would then be giving out the unique key anyway. There isnt really anything to keep secure as such on this one
June 27, 20231 yr Author Yes this is the point the key should be unique if you intend to send someone a referral / invite the the forum that is fine. What the problem is would be spammers are using the fact the URL is static and you can manufacture the URL they are now using it as a vector and way of spamming other members for no reason it causes confusion and more explanation than it's worth as most people don't know they have referrals. I had to disable the entire referral system because of this.
June 27, 20231 yr 8 hours ago, Marc Stridgen said: You would then be giving out the unique key anyway. Yes, but it wouldn’t be incremental and easily guessable.
June 27, 20231 yr Author Base64 unique for each member which the member could reissue a new url if they wished.
