Inactive members should not appear in members list

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
spellinn
Registered User
Posts: 4
Joined: Fri Apr 07, 2006 11:38 pm

Inactive members should not appear in members list

Post by spellinn »

I have a board which I moderate membership due to the large number of spam signups.

Most appear to be "google bashing" in getting their website on the members page listed in as many places as possible to increase their google ranking.

As such, phpBB shouldnt add inactive members to the members list until their account has been activated by email or an administrator. This would stop this activity dead.

Regards,


Neil
User avatar
karlsemple
Former Team Member
Posts: 39802
Joined: Mon Nov 01, 2004 8:54 am
Location: Hereford, UK
Contact:

Post by karlsemple »

erm......did i miss the support request?

open memberlist.php

Find

Code: Select all

WHERE user_id <> " . ANONYMOUS . "

After Add

Code: Select all

AND user_active <> " . ACTIVE . "

open includes/constants.php

Find

Code: Select all

define('MOD', 2);
After Add

Code: Select all

define('ACTIVE', 0);
Save and upload ;) and your done
Image
spellinn
Registered User
Posts: 4
Joined: Fri Apr 07, 2006 11:38 pm

Post by spellinn »

Thanks for the speedy reponse.

I know I can make the change myself on my board, however I think this behaviour should be by default, which will remove one of the primary causes for spammers signing up in the first place.

Apologies for not submitting the correct template, I havnt read the stickys yet.

Cheers,

Neil
User avatar
karlsemple
Former Team Member
Posts: 39802
Joined: Mon Nov 01, 2004 8:54 am
Location: Hereford, UK
Contact:

Post by karlsemple »

Alot of people do not like inactive members not showing as it makes the forum look less busy :). Plus the changes are so easy to make they assume anyone who wants to change it can.
Image
spellinn
Registered User
Posts: 4
Joined: Fri Apr 07, 2006 11:38 pm

Post by spellinn »

karlsemple wrote: Alot of people do not like inactive members not showing as it makes the forum look less busy :)


I would imagine if you gave forum admins a choice of whether they would rather stop spam signups at the expense of making their forum look less busy they would jump at the chance. Why not make the default setting to not show inactivated users, but a forum admin can re-enable if if they so wish?
karlsemple wrote: Plus the changes are so easy to make they assume anyone who wants to change it can.


I disagree - most forum admins have no idea about PHP - they just install the software and want it to work.

The fact that PHPBB has this security loophole means that spammers target it to increase their Google rankings, giving us forum admins major headaches trying to sort out the genuine users from the spammers. Security should be inbuilt, not added as an afterthought.

OK those that know PHP can make the change, however this is likely to get overwritten by the next release - its hard enough keeping up with the releases without having to modify each one as well.


Cheers,

Neil
icerabbit
Registered User
Posts: 23
Joined: Tue Feb 21, 2006 3:26 pm

Post by icerabbit »

I just want to throw in my 2c that inactive users should not appear in the memberlist and in fact their whole profile should not be visible to others users and thus not google. Only admins should see it. Plus with every attempted registration the IP should be registered, so one can then block it. The email blocking does not work as they use fake email accounts, and even legitimate ones are just a click away.

I truly believe that having this by "totally hide inactive users" by default in phpbb would stop the current spam registrations wave in one day flat.

I will also agree that many people, including the people at our boards are uncomfortable modding manually and do not have the time to keep track of which mod does what, which conflicts, updating mods after forum updates ...

I think within the development world ones gets the skewed view that everybody uses code all day long and it is just a few keystrokes of work.

An issue like this rampant spam wave that affects 100% of the users and causes so much frustration and time loss, should be tackled with the highest priority.

Holding on to inactive users in the memberlist to show a more active board?! I'm sorry but that is not an excuse not to fix the spam registrations in the memberlist. Who in the world will say: look at my board: I have 2500 users! Huray.
When there are 2000 spammers and only 500 legitimate people?!

Any person with half a brain wants a spam free forum. Wants to focus on bringing content and supporting their product. Not spending half an hour each day checking 3x times for spam registrations and dealing with them. That is reality. And like most simple phpbb users, who are uncomfortable with modding and don't have the time to keep track of all things phpbb and mod wise, we just want a worry free solid product that can't get abused by spam bots and what not.

Sure there will always be manual spammers. We have maybe 1 in 100 of those.

Again, if the phpbb team is against hiding inactive users by default, let's have it this way. Make it an option via the admin panel. Lets have the users / admins / moderators decide what they want to use via the admin panel. Give them a checkmark option whether or not to include inactive members in the memberlist. Whether or not to publicly show inactive people's profile. To make the submit thing customizable. Make it a variable in the three forms and give a textbox in the control panel to make it a different little agreed text. It could not be any simpler.

Of course not hiding inactive users by default will not void the purpose of spam bots, but it will at least solve the maintenance headache that we all have.

I sincerely hope that the phpbb development team can be swayed to understand the importance of "hiding inactive users" by default. Holding on to that for historical reasons or whatever, is not what the users want. One has to face the facts & reality and make a change for the greater good.
User avatar
jwunderly
Registered User
Posts: 5740
Joined: Sun Mar 30, 2003 2:18 pm
Location: Easton, PA (in the groove)

Post by jwunderly »

spellinn wrote: The fact that PHPBB has this security loophole means that spammers target it to increase their Google rankings, giving us forum admins major headaches trying to sort out the genuine users from the spammers. Security should be inbuilt, not added as an afterthought.


Bad choice of wording. This is NOT a security issue, but rather a dislike of the functionality on your part.

As the phpBB 2.0.x tree is feature-frozen, other than true security fixes, it requires a mod to make the change you desire.
John (A cranky old man. "Looking for an echo ...")
using any control-panel install/update is like shooting yourself in the foot. It won't kill you, but you're really going to hobble around until it heals.
Using the wrong tools (Front Page, DreamWeaver) gives the same results
Do not PM me for Support!
mrhandicapper
Registered User
Posts: 45
Joined: Tue Aug 30, 2005 9:00 am

Post by mrhandicapper »

Bahh you sure do have alot of pages to scroll through!

Ok so i am wanting to stop spamming but didnt want to post a ticket! Soo any help would be apreciated tried finding the post as no doubt answers are already here but hell my eyes are tired.

I have used the code changes above to stop inactive members been shown on the memberlist. I have also found that i can take the www. off most of the pages ie. memberlist user profile etc. what i am wishing to do is take it of the register form all togeather.

I removed all traces i could find in the register.php file of www. but to no avail. can this be removed so that new sign ups do not have a choice of posting a website?

Thanks in advance
schwazzah
Registered User
Posts: 12
Joined: Thu Jun 15, 2006 9:40 pm

Post by schwazzah »

jwunderly wrote:
spellinn wrote:The fact that PHPBB has this security loophole means that spammers target it to increase their Google rankings, giving us forum admins major headaches trying to sort out the genuine users from the spammers. Security should be inbuilt, not added as an afterthought.


Bad choice of wording. This is NOT a security issue, but rather a dislike of the functionality on your part.
a mod to make the change you desire.


So how do you define a security issue? Sounds like the PHP developers define it as: if we dont feel like fixing it, then its not security related.

I agree with icerabbit. Failing to protect the forums from being an easy target for fraudulent registrations *is* a security issue. It is an utter act of denial to claim otherwise.
User avatar
karlsemple
Former Team Member
Posts: 39802
Joined: Mon Nov 01, 2004 8:54 am
Location: Hereford, UK
Contact:

Post by karlsemple »

This is no longer a support issue and has turned into a discussion which is in danger of becoming an argument so i am going to close it for now :)


Locked
Image
Locked

Return to “2.0.x Support Forum”