Thread

Hello,

I previously posted a topic here that has apparently been deleted…

ttp://ellislab.com/forums/viewthread/159685/

We are trying to do away with the WWW field all together in public member profiles as our registration spam has gotten out of control due to the advent of a BlackHat program design to exploits the lack of NoFollow in EE member sites. In troubleshooting our problem we were told that we needed to be using Build 1.6.9 which we now are. Although the problem still remains.

When we make a change here:

CP Home ›  Admin ›  Members and Groups ›  Member Profile Templates ›  Default ›  Public Member Profile

We are not seeing any changes to the public member profile fields in our forums exampled here:

http://blog.thehumansolution.com/index.php/forums/member/444/

If it is at all possible to revive the deleted post discussed above that would be helpful as we have already done some troubleshooting?

Thanks

Hi, THS - that thread should still be there; I am not sure what happened.  I do apologize for that.

Since you are viewing the public profile via the forum, you need to modify the Member Templates in the forum module.

I don’t see how to do that… please explain?

Go to Modules > Discussion Forum Module and you should see a tab for the forum templates.  Head in there and you can edit the theme there.

It is safest to copy the forum theme to another theme and edit your copy so that you don’t accidentally over-write your modifications during an upgrade.

Thank you!

This has been very helpful… Can you please tell me if there is any way automatically remove links or apply nofollow to links posted in the Bio area as seen here:

http://blog.thehumansolution.com/index.php/forums/member/444/

Thanks again!

There is not - you would need to build a custom addon for that.

Yes this is a serious deficiency in EE.

We use the forum member profile template as the default (so as not to have to run two profile templates) and also have the member trigger word changed AND members must activate their account.

But in the last week, a ton more have arrived ...

EE should consider building their own addon, so the “known exploit” is removed and we can remove the option to have links (easily) and turn them into no-follow.

Hi Robert,

Please submit a Feature Request for this functionality.

Cheers

Greg

Yes, the spammers are annoying, there are some ideas to begin addressing this in Fighting Registration and its related discussion thread.

I know I posted this in your original thread, THS, but for others coming across this, that could help.

Thanks.

Thanks Lisa - I checked out your blog post, that is helpful for sure, I only added the rank denial, was already doing all the rest.

It seems my recent increase was from the upgrade from 2.01PB to 2.1 and re-establishing EE’s default registration forms ie /yourmembertrigger/register since I use custom forms, these are not needed (there are two - one in Member Module & one in Forum Module).

I just renamed the underlying files to prevent bot access.

As far as I can see, the spammer bots are uncovering these urls to default forms (even though I have an uncommon trigger word to replace “member”) and using them to insert a url during the registration process.

They all remained as “Pending” members so it’s obviously a ruse to try to get the link juice.

I had 60 of them I just deleted using phpmyadmin.

I’ll submit a feature request now, but it would be good to have better control (ie no manual coding/hacking) so as to turn off various aspects of member profiles, by member group eg url; bio etc. That way I could disable url & bio fields completely for Pending members for example; and also put “nofollow” into general member bio, as well as restrict whether links are even allowed.

OK enough venting - I’ve spent the last few hours configging everything and I’m over it 😉

Robert.S,

There is an add-on available which gives you some extra tools and makes fighting spam a little easier Member Utilities

Thanks for your feature request

I am closing this one out for now but if you have any further questions feel free to start a new thread.