We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

Keeping Them Out of edit_profile

March 22, 2012 3:09pm

Subscribe [3]

  • #1 / Mar 22, 2012 3:09pm

    M-Hickcox

    36 posts

    (I’ve just moved this question to Technical Support - I think this is a better place for it.)

    There has to be others dealing with this one ...

    My site requires registration and login in order to listen to audio. I intentionally have no link to the “edit_profile” page.

    Yet, myriads of forum spammers are intent on getting to the bio field to drop in gibberish copy spiked with URLs of sites that apparently pay them to do this. They find the form, and they drop their “stuff” into it.

    I assume they get there by adding “member/edit_profile” to the address line in their browsers.

    I’m thinking of re-directing the edit_profile page to the home page - is that a good way to handle it?

    What’s really the best way to deal with this? Or should I just let them go at it? Is there wisdom around this?

    (I’m using 2.4.0.)

    Thanks!

      - Mike Hickcox

  • #2 / Mar 22, 2012 8:54pm

    KeyCreative

    1 posts

    Please delete me. Sorry.

  • #3 / Mar 22, 2012 8:56pm

    Man With A Peg

    124 posts

    I saw your other post and tracked you over here. I may be too much the hacker but I would use a .htaccess rule to kill this:

    RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} edit_profile [NC]
RewriteRule .* /index.php [L]

  • #4 / Mar 23, 2012 8:30am

    M-Hickcox

    36 posts

    Wow, Chris - this appears to be a very efficient code-demon approach.

    But I don’t know what you take for granted - that is, where would I put this code?

    - Mike

  • #5 / Mar 23, 2012 10:49am

    Man With A Peg

    124 posts

    Oops. Open or create a file called “.htaccess” in your document root. That is, the same folder that contains your main “index.php” file. Note that the period is at the beginning of the file name.

    Guess I should explain what this code does? It instructs Apache (your web server) to redirect any request that contains “edit_profile” within the address before EE begins to load.

  • #6 / Mar 23, 2012 2:52pm

    Dan Decker

    7338 posts

    Hi Mike,

    I’m sorry you are dealing with Forum/Member Spam.

    Chris offers a very elegant solution via .htaccess

    Keep in mind that this will prevent anyone from accessing the edit_profile template. If you don’t need that functionality, then this is a fantastic option.

    Let me know if you have any other questions.

    Thanks for the hand Chris!

    Cheers,

  • #7 / Aug 03, 2012 11:38am

    M-Hickcox

    36 posts

    Thank you for the great advice!

    BTW - Chris - I saw you signed up on the site and tried to email you, but it bounced.

    - Mike

  • #8 / Aug 03, 2012 4:37pm

    Dan Decker

    7338 posts

    Hi Mike,

    It’s our pleasure to help.

    If you need anything else, just let us know!

    Cheers,

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register