Moodle

add info concerning spam dangers of open profiles

Details

  • Type: Improvement Improvement
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 1.9
  • Fix Version/s: 1.9.2
  • Component/s: Administration
  • Labels:
    None
  • Affected Branches:
    MOODLE_19_STABLE
  • Fixed Branches:
    MOODLE_19_STABLE

Description

Some people I do not want to name complain loudly about spamming on moodle sites which is caused by various configuration issues:

1/ lang/en_utf8/admin.php
$string['configforceloginforprofiles'] = 'Enable this setting to force people to login as a real (non-guest) account before being allowed to see the user profile pages. By default this is enabled (\"true\")';

this should explain the dangers of user profile spam

2/ $string['selfregistration_help'] = 'Choose which auth plugin will handle user self-registration.';

this should explain possibility that spammers might create accounts and spam in forums/blogs, etc.

Issue Links

This issue has been marked as being related by:
MDL-15544 Disable email signup in new installation - add danger warning Major Closed
MDL-15390 improve subscribe me option when posting to forum Minor Closed

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Petr Škoda (skodak) added a comment -

proposals from Nicolas and me:
1/ Enable this setting to force people to login as a real (non-guest) account before being allowed to see the user profile pages. If this setting is disabled, profiles do not require login and anybody may read them, which may encourage users to use their profile for spamming (that's bad).
(If you do not understand, then just keep this enabled :-P)

Show
Petr Škoda (skodak) added a comment - proposals from Nicolas and me: 1/ Enable this setting to force people to login as a real (non-guest) account before being allowed to see the user profile pages. If this setting is disabled, profiles do not require login and anybody may read them, which may encourage users to use their profile for spamming (that's bad). (If you do not understand, then just keep this enabled :-P)
Hide
Permalink
Tim Hunt added a comment -

My attempt:

This setting forces people to login as a real (non-guest) account before viewing any user's profile. If you disabled this setting, you may find that some users post advertising (spam) or other inappropriate content in their profiles, which is then visible to the whole world.

Show
Tim Hunt added a comment - My attempt: This setting forces people to login as a real (non-guest) account before viewing any user's profile. If you disabled this setting, you may find that some users post advertising (spam) or other inappropriate content in their profiles, which is then visible to the whole world.
Hide
Permalink
Martin Dougiamas added a comment -

+1 for tim's version.

Show
Martin Dougiamas added a comment - +1 for tim's version.
Hide
Permalink
Petr Škoda (skodak) added a comment -

2/ Choose which auth plugin will handle user self-registration. If enabled anybody might create account and depending on other settings might post advertising (spam) or other inappropriate content which might be visible to the whole world.

hmm, sounds vague, bet there are many settings that affect this, maybe we should better disable it by default - what do you think Martin?

Show
Petr Škoda (skodak) added a comment - 2/ Choose which auth plugin will handle user self-registration. If enabled anybody might create account and depending on other settings might post advertising (spam) or other inappropriate content which might be visible to the whole world. hmm, sounds vague, bet there are many settings that affect this, maybe we should better disable it by default - what do you think Martin?
Hide
Permalink
Petr Škoda (skodak) added a comment -

thanks Tim, your version is in cvs

Show
Petr Škoda (skodak) added a comment - thanks Tim, your version is in cvs
Hide
Permalink
Helen Foster added a comment -

Thanks for everyone's suggestions Here are mine:

configforceloginforprofiles:

This setting forces users to login using their account in order to be able to view the personal profiles of other users. If this setting is disabled, it results in the possibility of spammers using personal profiles for posting spam, since they are visible to the whole world.

selfregistration_help:

If an authentication plugin, such as email-based self-registration, is selected, then it enables potential users to register themselves and create accounts. This results in the possibility of spammers creating accounts in order to use forum posts, blog entries etc. for spam. To avoid this risk, self-registration should be disabled.

Show
Helen Foster added a comment - Thanks for everyone's suggestions Here are mine: configforceloginforprofiles: This setting forces users to login using their account in order to be able to view the personal profiles of other users. If this setting is disabled, it results in the possibility of spammers using personal profiles for posting spam, since they are visible to the whole world. selfregistration_help: If an authentication plugin, such as email-based self-registration, is selected, then it enables potential users to register themselves and create accounts. This results in the possibility of spammers creating accounts in order to use forum posts, blog entries etc. for spam. To avoid this risk, self-registration should be disabled.
Hide
Permalink
Petr Škoda (skodak) added a comment -

#2 moved to separate bug

Show
Petr Škoda (skodak) added a comment - #2 moved to separate bug
Hide
Permalink
Petr Škoda (skodak) added a comment -

thanks everybody

Show
Petr Škoda (skodak) added a comment - thanks everybody
Hide
Permalink
Helen Foster added a comment -

Advice on reducing the risk of spam in Moodle available here: http://docs.moodle.org/en/Reducing_spam_in_Moodle

Show
Helen Foster added a comment - Advice on reducing the risk of spam in Moodle available here: http://docs.moodle.org/en/Reducing_spam_in_Moodle

People

Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.