:o a bit concerned with that one....
noticed that it says they are sending emails to another user in the who's online
as well as reporting a topic to moderator
both of which bots can not do
emails aren't even displayed (except on their profile, which bots and guests can not access)
2.0.17 heavily modified with custom theme based off of default curve
Just because it's reporting them doing it doesn't mean it was successful. No record is added of error messages shown to these people (fixed in 2.1)
hm...ok....
it's still a bit strange
as bots do not have access to users emails or the report functions
guests do not either other than to send topic to friend, but they do have access to the report function
so how they even came across that is odd
I've removed the email code from everywhere but the profile template
but thank you for curbing my concern there
last thing I need is some bot scrapping user's emails or using the site to spam members
and this dang bot in particular practically lives on my site
in the past 2 hours alone i've had 200 bot visits and it's all this one (except for maybe 20)
i've put a Crawl-Delay: 40 into my robots.txt trying to at least slow them down a bit, but doesn't seem to help
Maybe robots.txt, but some trash bots does not respect it.
Try out this in htaccess, add or delete sites, keep the lot if many hits from cn.
Have used it for a long time, miraclecure against many plagues.
RewriteEngine On
RewriteCond %{QUERY_STRING} .
RewriteCond %{HTTP_USER_AGENT} Ahrefs|Baiduspider|bingbot|BLEXBot|Grapeshot|heritrix|Kinza|LieBaoFast|Linguee|Mb2345Browser|MegaIndex|MicroMessenger|MJ12bot|PiplBot|Riddler|Seekport|SemanticScholarBot|SemrushBot|serpstatbot|Siteimprove.com|trendictionbot|UCBrowser|MQQBrowser|Vagabondo|AspiegelBot|zh_CN|OPPO\sA33|zh-CN|YandexBot [NC]
RewriteRule ^.* - [F,L]
You have "Send this topic" enabled for spammmers guests.
yeah I allow guests to use that but not bots, but maybe I'll remove that permission....lmfao who really uses the send to friend button anymore instead of using social network sharing buttons....
Um, bots show up as guests as far as the system is generally concerned... and even if you tweaked the search engine settings appropriately (bad idea), they still have it indexed from before you did it and just try it anyway.
Even if it doesn't succeed, the attempt is still recorded.
Try it yourself: open an incognito browser, go to a topic that is private that a guest couldn't go to. See what the online kit then says - it says the user went there, because it only logs the attempt, not whether it was successful or not.
Is that mod that displays bot name on Who's Online and can it be control who can see it (I mean administrator and maybe others with permission to see it and not everyone)?
fairly sure that's a built in smf function
I see 2 different who's online results for guests\bots accessing links.
Directed to a login\reg page like
"You are not allowed to moderate this forum. Please login below or register an account"
"Only registered members are allowed to access this section. Please login below or register an account"
Who's online shows these as "Viewing the board index"
Or a detailed who's entry like
"Sending email to another member"
while guests\bots gets:
"An Error Has Occurred! You are not allowed to access this section"
yes, and that is based on the URL they are calling.
The Who's Online will show the URL that they have attempted to reach as the action.
period.
that's it.
If your permissions are correct, they won't SEE any data at that URL... but if it's called, that's what you see.
I'm not sure what's so confusing about this that the conversation is still going on.
This has been the case for 10 years, I made a mod to fix it 10 years ago and a variation of it made it into 2.1 to report that 'the user tried to go here but they see an error message while trying.'
(I may have been motivated by the then-lead developer telling me it was 'impossible' to do this. I did it in an afternoon. No I don't still have the mod, even if I did it would need updating.)
of course it's POSSIBLE... heck, I can think of the code logic off the top of my head (even if I couldn't necessarily WRITE the mod)
Personally, I don't think it's worth the time to implement (even if it was just an afternoon for you) - LOL
It's done in 2.1 ;)
yup, I saw that part of the comment.... :)
I stand by my statement. :P
::) :-X
How many times has this confused people over the years? Instead of having to explain it every time, make the software better!
yeah it was a bit confusing....i mean it makes sense i guess....kind of would have figured it'd say something more around the lines of attempted to or denied said action bla bla bla due to permissions....
but as long as they aren't actually doing it, it's all good :P
i'm just leary of the "send email to user" bit was all....ug I hate spam, don't need some rogue bot collecting user info to spam them
:laugh: funnier part is stupid idiots that sell my info online or had a "breach"....yeah shadav isn't my legal name dumb### :laugh: but sure go ahead and give shadav up to $2,000 credit card :laugh: 8)
on that note, i can guarantee you that citibank sells people's information (it's the only place I listed someone as living at my address and now I get junk mail for them)
Even when someone sends an email to another user from the forum, the target user's email is not exposed