We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

Keeping Them Out of edit_profile

March 21, 2012 7:49pm

Subscribe [3]

  • #1 / Mar 21, 2012 7:49pm

    M-Hickcox

    36 posts

    There has to be others dealing with this one ...

    My site requires registration and login in order to listen to audio. I intentionally have no link to the “edit_profile” page.

    Yet, myriads of forum spammers are intent on getting to the bio field to drop in gibberish copy spiked with URLs of sites that apparently pay them to do this. They find the form, and they drop their “stuff” into it.

    I assume they get there by adding “member/edit_profile” to the address line in their browsers.

    What’s the best way to block this activity? I might just edit that page so it re-directs to the home page, but where is it? I don’t find a member profile template called edit_profile. Is it the “Member Profile Form”?

    What’s the best way to deal with this? Or should I just let them go at it?

    (I’m using 2.4.0.)

    Thanks!

      - Mike Hickcox

  • #2 / Mar 26, 2012 11:22am

    e-man

    1816 posts

    Is your profile triggering word still the standard “member”?
    If so, change it something hard to trace. (use a hash or something).
    Be sure to check out http://devot-ee.com/add-ons/project-cerberus in the fight against member spam. Hope this helps!

  • #3 / Mar 27, 2012 10:35am

    kevin332

    50 posts

    They’re definitely appending the member/edit_profile url in manually. Changing the “member” keyword is worth a shot, but they’ll see the new name when they register.

    Don’t ever leave it be. They’ll just automate the process further and make hundreds of accounts. Spammers are specifically looking for unattended sites, so they’ll keep coming back and they’ll even start posting your site url on the shadiest of shady “SEO” forums if they think nobody is paying attention. Worse yet, they might start adding those profile urls to comment spam in an attempt to generate some pagerank and the site owners they’re spamming will think you’re the one doing it.

    It is “Member Profile Form”. I just 301 redirect /member to / but you could try wrapping that form with {if member_group == 1}{/if} to keep members other than you from seeing it.

  • #4 / Aug 03, 2012 11:33am

    M-Hickcox

    36 posts

    Thank you both—I’m just back in here and found your answers.

    I just added StatCounter to the site and can see these spammers aren’t even hitting my homepage - just going around it.

    I definitely need to keep them off the member area - I appreciate the great help.

    - Mike

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register