Adding and deleting users

I have been inundated by spammers so I tried to ensure that I validate all users. Unfortunately, yesterday I deleted someone who is legitimately trying to join. Well this user sent me an email telling me he had not got a validation email; so I tried adding him from the admin area. At first I kept getting a message saying that the user existed; so I added and exclamation mark to his user name - now he can login but can do nothing else; when I try to go to his page it tells me the page does not exist or I do not have permission to view it. Am not sure what to do about this!

Secondly I have a user that says every time he tries to login the login box disappears.

I would appreciate any help you can provide to sort this out.

Thirdly, I get so many spammers trying to join; I have added a captcha and the plugin that is supposed to keep out spammers but am unsure what to do so I still manually validate. I have on average 200 spammers trying to join every single day. Is there anyway I can ban a domain or create questions that must be answered before letting someone in?

I am using V.3.2.1

Thanks,

Melo The Prog Goddess

 

  • A captcha plugin alone won't help much anymore to reduce the number of spammers registering.

    I would suggest to use the Spam Login Filter plugin to check the user credentials (IP address, username, email address) on account registration against the StopForumSpam.com database and block the account creation for known spammers/bots. Unfortunately, the version of the Spam Login Filter plugin offered here on the site (https://elgg.org/plugins/774755) is not for Elgg 3. But you can install version 3.0.1 from https://github.com/beck24/spam_login_filter/releases which should work on Elgg 3.2. The plugin also has the option to report spammers to the StopForumSpam site (instead of just deleting an account you get the admin option on profile pages to report+delete an account). To be able to report a spammer you need to register at the StopForumSpam.com site and create an API key. But it's worth the effort. It should at least reduce the number of spammers registering significantly over time.

    I'm not sure what might causing the other two problems you mentioned. When managing users manually you should always check the Unvalidated users page in the admin area. If an account has been created but not yet validated it shows up there. And the username of an unvalidated account can also not be used for another account. For the account with the exclamation mark do you see this acount in the list of new users? If yes, do you get to the profile page when clicking on the corresponding entry? Maybe it makes sense to delete this account with the exclamation mark again (always bad in my opinion to have any special characters in a username) and if it still exists also delete the account originally created by this user himself (or activate it in case it still shows up on the unvalidated users page). So, the user could then either use his original account (now activated) or you can create a new account with the original username.

    Can you tell in more details what happens with the login box when this users tries to log in? When you say "it disappears" it would show up in the first place and the user can enter username and password, right? Is he sure that he's not logged in then? Has he disabled saving of cookies (session cookie is necessary or the user can't stay logged in)? Has the user tried another browser to see if this helps?

  • Thank you for your response. This is what the user says happens in his words: "every time I attempt to log in.... Okay, so when I click on 'log in', two boxes appear, (1) user name/e-mail address & (2) password. As soon as I click on the user name box, both boxes immediately disappear. I have tried to log in on both my iPhone & my desktop computer...same thing happens every single time."

    As for the other user, I do not get a profile page for him... so I guess I will try deleting him. Then add him again!

  • Have you any 3rd party installed plugins/themes?

  • If it's only the one user who has a problem I suggest you ask him which operating system and browser he uses and maybe also if he uses a mobile or desktop browser. Then you can try to reproduce the issue. You could also ask him if it's possible for him to try it with a different browser and/or operating system (e.g. on smartphone instead of desktop or vice-versa).

    The only possibility that might cause the issue would be a matter of using www (or the opposite: non including www) in the site url. In the past this caused an error sometimes (see http://learn.elgg.org/en/stable/appendix/faqs.html#login-token-mismatch) and on Internet Explorer people sometimes had to login twice. It's not the same problem described by the user but it won't hurt to add the suitable rewrite to your .htaccess file ("suitable" depends if your site url - as entered during installation and shown on the settings page in the admin area of your site - contains www or not). You would have to add the rule below the line

    # If you must add RewriteRules to change hostname, add them directly below (above all the others)

    in your .htaccess file.

    In case your site uses https a slightly different approach is necessary to also take into account the rewrite from non-https to https. A google search should help in this case