Ocean West Posted June 25, 2023 Share Posted June 25, 2023 I don't think it's a good idea to use the the members ID as the referrer and should be dynamically generated. it's too easy for actors to spoof this: domain.com/?&_rid=##### seeing a rise in people registering via a link without it being initiated from the member. Link to comment Share on other sites More sharing options...
DawPi Posted June 25, 2023 Share Posted June 25, 2023 Spoofed for what? 🙂 Marc Stridgen 1 Link to comment Share on other sites More sharing options...
Ocean West Posted June 26, 2023 Author Share Posted June 26, 2023 random people most likely spammers can see that the url is tied to a member account for what ever reason it is an annoyance to the person who never referred anyone also get notifications to the contrary. Link to comment Share on other sites More sharing options...
Marc Stridgen Posted June 27, 2023 Share Posted June 27, 2023 You would then be giving out the unique key anyway. There isnt really anything to keep secure as such on this one Link to comment Share on other sites More sharing options...
Ocean West Posted June 27, 2023 Author Share Posted June 27, 2023 Yes this is the point the key should be unique if you intend to send someone a referral / invite the the forum that is fine. What the problem is would be spammers are using the fact the URL is static and you can manufacture the URL they are now using it as a vector and way of spamming other members for no reason it causes confusion and more explanation than it's worth as most people don't know they have referrals. I had to disable the entire referral system because of this. Link to comment Share on other sites More sharing options...
Runar Posted June 27, 2023 Share Posted June 27, 2023 8 hours ago, Marc Stridgen said: You would then be giving out the unique key anyway. Yes, but it wouldn’t be incremental and easily guessable. Link to comment Share on other sites More sharing options...
Ocean West Posted June 27, 2023 Author Share Posted June 27, 2023 Base64 unique for each member which the member could reissue a new url if they wished. Link to comment Share on other sites More sharing options...
Recommended Posts