Newbie posted a link - how come?

And another one from a new poster, full of links, but the mods. have zapped it already.
Doesn't answer the question though.
 
Another. I've reported it of course, but somehow able to join up and post four posts, two of which are just links to another site. How is this happening, and why is nobody answering?
 
What’s worse is that there are two threads which appear to be both the same, don’t make a lot of sense and have little to do with Freeview. Spam or bot?
 
Black Hole said:
Another. I've reported it of course, but somehow able to join up and post four posts, two of which are just links to another site. How is this happening, and why is nobody answering?
Click to expand...
You posted at 7:13am on a Saturday morning which I think explains why nobody is answering.
 
To be fair to BH :confused:, today's post  could be read as why no answer since November last year. I read it, probably the same as Martin, as expecting an instant answer to today's incursion. Obviously it seems moderators, even super ones, don't have the answer. Someone appears to have deleted the two offending threads though.
 
MartinLiddle said:
It needs an administrator to answer.
Click to expand...
I don’t know the answer to that one. I didn’t get to see this mornings posts before they were dealt with.

Looking at the URL in post #1, it has [URL unfurl="true"] at the beginning, I’m not sure whether that has anything to do with the ability to bypass the new user 20 posts before being able to post links setting.
 
Unfurl'ing is a XenForo feature that automatically shows previews - it is a feature that can be turned off.

Example... I posted a link as per quote below (even though I'm a 'new member')... but it won't allow me to use "Insert Link" on the message editor toolbar:-
HugeMaximum said:
Good summary here...

How Many Computers Are in My Car? - NPC Automotive Computers

Unveiling the hidden heroes of your car: explore the world of a car computer and Electronic Control Units (ECUs) that power modern vehicles.
npcautomotive.com npcautomotive.com

Funny that I can't post links using the toolbar 'insert link' (get "You are not allowed to post external links yet."), but can just paste a URL, and it's kindly shown as above!
Actually not new...

Unfurl'ing is a XenForo feature that automatically shows previews - it is a feature that can be turned off. Will add a post in the above thread!
Click to expand...
hovering over my avatar, it says messages: 9. But, I have posted well over 40 messages! Will start another issue thread for that, I suppose!
 
HugeMaximum said:
Unfurl'ing is a XenForo feature that automatically shows previews - it is a feature that can be turned off.

Example... I posted a link as per quote below (even though I'm a 'new member')... but it won't allow me to use "Insert Link" on the message editor toolbar:-
Click to expand...
This seems like a security issue.
 
Black Hole said:
This seems like a security issue.
Click to expand...
As the actual forum system is downloading content from an arbitrary URL that a newbie shoves into a post... yes, I'd say it's a potential security issue. Certainly one that a hacker would look to exploit. On the flip side, it could be said that it is providing insight into a URL - before a user clicks on it. Personally, I'd say you should protect the forum server first.
 
Server security is absolutely a priority. If that's breached, data can be stolen and/or viruses planted. Viewing of profiles is next - personal information, no matter how trivial, can be used and merged with information gleaned elsewhere to build a profile that can be used by bad actors, via many many different ways of attack. Posting links comes a rather distant runner-up, every user should be careful about clicking links and that is under the user's control.
 
You're missing the point. The main reason people try to post is to spam, and if they can't post until they are approved they can't spam. If there's a way for them to post before they are approved, they can spam. Posting links isn't a server risk, it's a means to spam.
 
Black Hole said:
You're missing the point. The main reason people try to post is to spam, and if they can't post until they are approved they can't spam. If there's a way for them to post before they are approved, they can spam.
Click to expand...
I don't think anyone in this thread made a point about unapproved users spamming? There was a mention of unapproved new users being seen on the "current visitors" list (normal behaviour and nothing to worry about!) - as mentioned in the "How do I view the forum as guest?" thread. There may have been an issue in 2021/2022 (when this thread was started) of unapproved users posting (but this is not actually called out anywhere in this thread), and no recent issue I can see mentioned anywhere of non-approved users posting or spamming.

"The main reason people try to post is to spam" - you mean "post links" not to just "post" surely? As most people try to post on a forum to try to get their message (good or bad) onto it. 🙂

Black Hole said:
Posting links isn't a server risk, it's a means to spam.
Click to expand...
In the case of the server processing the link to "unfurl" them, it's definitely a potential server security risk. A new user triggers the server to request and process a URL specified by the new user (like the example I posted in post#12). However, I think @af123 has disabled unfurling... for both reasons - 1) it's a loophole for new members to post links when they shouldn't be able to, and 2) unfurling could be a potential server security risk.
 
You must log in or register to reply here.
Back
Top