[buddypress-trac] [BuddyPress Trac] #6049: Do not activate user accounts automatically with one click (was: When certain spam filters are installed account gets activated due to spam filters following external link in the email..)
buddypress-trac
noreply at wordpress.org
Thu Nov 27 22:00:03 UTC 2014
#6049: Do not activate user accounts automatically with one click
--------------------------+------------------------------
Reporter: vimes1984 | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Members | Version:
Severity: normal | Resolution:
Keywords: dev-feedback |
--------------------------+------------------------------
Changes (by r-a-y):
* status: closed => reopened
* component: Core => Members
* milestone: => Awaiting Review
* keywords: => dev-feedback
* type: defect (bug) => enhancement
Old description:
> Just had to fix this on a shared hosting account @
> https://www.a2hosting.com, they run a spam filter called
> https://www.barracuda.com/products/spamfirewall
> what this does it follow external links in any outgoing emails sent from
> the server in question. So when buddypress sends out it's activation link
> like so : http://example.com/activate?key=7678978978978789 it gets
> clicked on by the spam filter activating the account and rendering the
> activation link useless...
> I think this is the ongoing issue with invalid activation links that some
> users are experiencing. I suggest we move the activate link to a actual
> button on page that needs to be physically clicked?
> My temp fix was to add a deny from all into the .htaccess denying the
> server access to it's self.
New description:
Just had to fix this on a shared hosting account @
https://www.a2hosting.com, they run a spam filter called
https://www.barracuda.com/products/spamfirewall
what this does it follow external links in any outgoing emails sent from
the server in question. So when buddypress sends out it's activation link
like so : http://example.com/activate?key=7678978978978789 it gets clicked
on by the spam filter activating the account and rendering the activation
link useless...
I think this is the ongoing issue with invalid activation links that some
users are experiencing.
I suggest we move the activate link to a actual button on page that needs
to be physically clicked?
My temp fix was to add a deny from all into the .htaccess denying the
server access to it's self.
--
Comment:
> Maybe pass a var through to the onpage form via $_GET which populates a
hidden input..
That's an interesting idea. I kinda like it!
Instead of the hidden input, I would just populate the existing text field
that shows up at example.com/activate/.
Putting this back in the "Awaiting Review" milestone.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6049#comment:3>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list