View Full Version : Why is there a Membership list anyway?
Bluemax712
06-10-2013, 11:01 PM
Just wondering what are the expected legitimate uses for the Membership list - thinking of disabling completely on my own forum.
-and added poll question
You'd have to hide the profiles as well since it's easy enough to go through the userids and find the user names. And even if you did that, you could get the usernames of everyone who posted by reading the forum.
Lynne
06-10-2013, 11:27 PM
Is this a poll about whether vbulletin.org should have a membership list (if so, it is in the correct forum) or about whether any site should have a membership list available to guests/users/anyone (in which case, it is in the wrong forum)?
Bluemax712
06-10-2013, 11:29 PM
I know we can't avoid them making a list from posts - it just seems like making an ordered list available - so easy for everyone to access- makes little sense.
It was really meant for both Lynne
I know we can't avoid them making a list from posts - it just seems like making an ordered list available - so easy for everyone to access- makes little sense.
Yeah, I see what you're saying, and I can't really think of a use for it (except to search for a user when you can't remember the name exactly). But I kind of doubt that it would stop these kinds of attacks.
Bluemax712
06-10-2013, 11:45 PM
Yeah, I see what you're saying, and I can't really think of a use for it (except to search for a user when you can't remember the name exactly). But I kind of doubt that it would stop these kinds of attacks.
hmmm idk -having this latest attack going on alphabetically - I predict just a few more posts from the D peeps tomorrow :)
Edit: guess we are up to the E peeps by now
hmmm idk -having this latest attack is going on alphabetically - I predict just a few more emails from the D peeps tomorrow :)
Yeah, I agree that they most likely did get the names from the member list, I just think if it wasn't available and someone wanted to to look for passwords on this site, they'd just get the names another way. I could be wrong.
One thing that's interesting to me is that I've never heard of this happening on other sites (although I don't claim to have that kind of knowledge of a lot of forums), and even though it happens here every few months I haven't seen a lot of evidence of accounts being hacked.
Bluemax712
06-11-2013, 12:05 AM
Yeah, I agree that they most likely did get the names from the member list, I just think if it wasn't available and someone wanted to to look for passwords on this site, they'd just get the names another way. I could be wrong.
One thing that's interesting to me is that I've never heard of this happening on other sites (although I don't claim to have that kind of knowledge of a lot of forums), and even though it happens here every few months I haven't seen a lot of evidence of accounts being hacked.
Haven't had it happen to my site either - and it is great that vB has the built-in timeout if it does happen. I still think hiding it from guests may help to avoid some future skiddie attacks and save a few future "My account is under attack threads."
Zachery
06-11-2013, 03:15 PM
The members list doesn't really serve a grand purpose most of the time. There are some limited cases for it being useful. As long as the admin/staff can find users, I don't think its all that great.
In vB2/3/4 it can be one of the most intensive functions of the software, esp when you have a large user base.
Paul M
07-16-2013, 08:59 PM
..... and yet people complain thats its missing from vB5, so much so that we are adding it back.
As far as here is concerned, its only available to logged in members now.
TTayfun
07-17-2013, 09:26 AM
@Paul M I think calendar.php should be limited from guest ;)
Paul M
07-18-2013, 05:34 PM
For what reason ?
Simon Lloyd
07-19-2013, 04:46 AM
For what reason ?So spammers get confused and wear the wrong underwear on the wrong day :)
socialteenz
07-19-2013, 06:03 PM
So spammers get confused and wear the wrong underwear on the wrong day :)
Nuff said :D
Bryan Ex
01-01-2014, 11:43 PM
Members list is actually very useful on my website. My board caters to maple syrup producers and the added profile fields let them search for other local producers or producers with similar equipment. Given we often meet at various trade shows and tours it's a very helpful feature.
Calendar on the other hand I have tried to use on multiple boards and always seems to end up ignored and neglected in the long run.
Simon Lloyd
01-02-2014, 03:38 PM
@Paul M I think calendar.php should be limited from guest ;)If you really want to hide it from guests simply put this in a pluginif(THIS_SCRIPT == 'calendar' AND is_member_of($vbulletin->userinfo,1,3,8)){
header( 'Location: http://www.google.com' ) ;
}Use global_complete as the hook
No any person not logged in, banned or awaiting email confirmation will get redirected when trying to view the calendar, of course you dont have to redirect them you can display a message...etc
I've just added the above to show folk how they can deny any usergroup from any script :)
enjoy!
BirdOPrey5
01-03-2014, 10:36 AM
Can replace the header line above with this to show the usual vBulletin no-permission message-
print_no_permission();
vBulletin® v3.8.12 by vBS, Copyright ©2000-2024, vBulletin Solutions Inc.