Guest "sending email to another member" even though email page is hidden

Started by Wolpo, May 04, 2019, 01:34:15 PM

Previous topic - Next topic

Wolpo

Hello,

I have SMF 2.0.15.

Under Admin > Configuration > Security and Moderation > General
my checkbox "Do not reveal contact details of members to guests" is selected.

This works. When I log off and view the threads as a guest, the email functions are invisible.

Also, when I am guest and paste a member's "Send Email" URL (copied while I was logged in) in my browser's adress bar, the forum software correctly denies the access with the message "An error has occurred! You are not allowed to access this section".

And when I immediately log in again, the "Who's Online" list (which refers to the last 3 minutes) doesn't indicate "guest ... ... sending email to another member" although I just tried to access the "Send Email" as a guest. I think it's correct that it doesn't indicate it.

But sometimes the "Who's Online" list still includes one or more of these indications (of other guests):

"Guest ... ... sending email to another member"

I understand that a guest probably cannot fill any "Send Email" forms.

But why can a guest even trigger this indication if the access to the "Send Email" form is denied? It's not even visible.

Could it be that just the text of this indication is not exact enough because the logic doesn't provide the required conditions to implement a more specific text like, for example:

"Guest ... ... trying to send email to another member"


Thank you all for your fine support!

Arantor

Yeah, who's online doesn't verify the user actually got to the page, merely what page it was that they were trying to get to. 2.1 is better about this by indicating that they saw an error.

Wolpo

Thank you for the confirmation. I feel safer now :-)


But one question remains:

Could it be that some bot systems have stored the "Send email" URLs of all members during the time when the URLs were not hidden? And now they keep using their stored URLs to try accessing the "Send email" pages while they are hidden? If that is the case, the bot certainly comes from a spammer rather than from a search engine. Why should a search engine store outdated URLs just to try to access them later?

I selected the checkbox "Do not reveal contact details of members to guests" only today after 4 years not knowing that this checkbox exists. I think it should be selected by default.

Advertisement: