UBB.threads PHP Forum Software Community Forums UBB.threads 7 Version 7 Support New applicants

8oU2sT3i, mZ7cB3vW3o and fk2uhewf8u

Hello experts:

The above are the latest three display names which are the same as the username.

I HATE TO SHOUT...but I wanted to apologize ahead of time if the last display name is offensive. Please remove it or I will.

AGAIN...as you are bored to hear, I am the default admin for our admin board. Our board is unique in that it is a group of doctors representing an EMR that truly is a community and helps one other with the technical side of EMR plus a multitude of other things. It is different than any other EMR. I have been stuck administrating it and SEVERAL people on this board, some more hands on than others, have helped tremendously.

Unfortunately, I am not the only one approving new members. There are two from the company (who unfortunately are admins just to have that power). I feel like I am in a better position to decide who should be approved or not. And, due to Gizmo and SD (I am just giving credit to both) the spam forum program helps tremendously.

OK. Now back to the problem at hand. While there are many users who will have a user name of fillymdorthodoc, given they don't change their display name to Fred, it is hard to address them by an easy name or at least put it in the signature.

The problem is when we get display names such as the three at the top which already makes me suspicious of spammers.

I guess what I am getting at is how do your mods deal with that either before or after they are approved. I am not talking so much about removing them (as we don't really know), but more for educational purposes. When I applied to this incredible board as Bert, it would have been strange to hear from Ruben, you need to change your display name.

I guess I could do what I usually do and just ask them to change their display name. We do tend to start are replies with Hi so and so, which is nearly impossible with the other display names.

I wonder also if 1) not allowing the display name to be the same and, 2) having some guidelines for them such as, "Your username is for logging in and cannot be changed (without mod help), your display name is what those on the board will see you as.

Anyway sorry so long. I used to write this on the bottom of my posts automatically, but they never got read.

As we speak, one of them posted an extremely long SPAM. Using Spam Forum, can I cross reference their IP address?

If you're running the currnet build you can edit their profile and click the link on the main page and it'll show a spam check.

The sign up spam detection only detects via email address; my mod at UBBDev detected both IP and EMail address and you'd have to edit the files on server to be able to reattain that functionality.

If you had access to modding files on the server I'd just tell you to have a mod commissioned to not allow usernames and public names to be the same; but users would probably just end up being confused; you could change the language string for the public name to say something like "Please enter your real name"

Getting people to not use their cute internet names is tough.
Since most of them use it for login and display because it is easy to remember.

I have one site which is comprised of mostly professionals in the construction industry.

They first used weird stuff,then learned to use something like their AOL user name when they figured out that they could not remember their login. So that is something to let them use at there pleasure.

I also encouraged them to use real names for display names because they all know each other by real name, which confused most of them at first. They thought login and display name was to be one and the same.
Even though I explained it in the board rules but you know nobody reads them.

But then you need to remember that they don't have access to change the display name unless you enable it.
Control Panel » Feature Settings
Allow Display Name Changes?
I use:
Yes, but all changes must be approved by an Admin.
This will allow the field to appear in the MyStuff>Edit profile

I also picked this option so I don't have to deal with questions on why they failed to get their new name if there are say two John Smiths.
I can just answer back that the name is used already so they need something a little different .

BTW,
Not sure what you mean by cross reference IP.

Well, it does check the IP and email. Part of it is ignorance, the other is people who think it is cute to have a display of "mayibyourfootdr" not realizing that when I go to help him configure his router, it is courteous to say Hi mayibyourfootdr. Given their name in their profile, I am tempted to just change it. I will say that a gentle nudge in a post will get them to change their username.

Generally, while you say it is confusing for them when making their profile, it is doubly difficult to understand the difference between a display and a username.

Thanks Ruben,

I allow them to change their display name. Sorry. What I meant by cross reference IP, I was told by someone on here that if you get a red IP address, you can go to some website, and check it and it will tell you how many spams they have sent or to what site. Something like that.

I really think the best way would be to have something in the profile where they type in their username, and then after putting in their display name (what it is about display they don't get), a window pops up saying, this can't match your username AND, this is what will be seen by others on the board.

I would want to say but wouldn't "Using a username like iamadoctorwholikestospam is kind of suscpicious and I may not approve you anyway. Or at least watch.

Another thing that would be helpful, since I can click on User's Posts in their profile, would be to be able to set their monitor their username so any display would show. At least for the first 30 days or so. I really wish we didn't have two others checking for these. Why the hell we need two more admins who aren't even on the board but work in programming, development and coding is ridiculous. I think Gizmo knows a bit about my plight here.

I really appreciate Gizmo and Ruben for helping me. You guys are the best. Not to not mention Dunny and others.

I agree but there is a security reason for it.
say that your login name and display name is one and the same(Bert).
And it very well could be.
But only you will know.
So now I have the first part of your login.
now on to your password.
Passwords could take some time to crack but until we get some type of flood check for bad logins to discourage somebody from running a script. This just makes it more secure for the user.

FWIW I allow display name changes with the setting "Yes, but all changes must be approved by an Admin."

Well, given you have to give permission (I think), I couldn't find my display name. If it is, that is pretty funny. On the other hand (other than security), I don't care if their username and display name are the same.

But, as you say, it is a security risk. And, given if you Google the top 10, which would be something like, {password, 123, 1234, 111, passwords, letmein, etc.} a script would make it rather easy. While on the subject, so I think it is legit for me to ask this, I am always careful about writing my email address in a forum or anywhere for that matter, like:

badams AT riverviewpediatrics.org_removespam. Are the email addresses that are in form boxes (or whatever) safe from bots?

Hi Gizmo,

What is the advantage of needing an admin approval since they choose it to begin with?

When writing HTML I hide email addresses via CSS:

A browser would render it visibly but bots would generally only see the raw html.

The allure of the setting is that users can't go and choose stupid names; if they chose something inappropriate I can just purge the request, if they choose something in the beginning that is not appropriate they're asked to fix the issue or their account is terminated.

That is just too cool.

You posted this before I replied to the older one.

As far as registrations, the text for display name can be edited in the language files.
newuser.php

as far as a pop up goes in the profile there is already a warning for a few scenario. That also can be edited in the language files. One file is changebasic.php . But I believe there are a few more.
As far as iamadoctorwholikestospam
One other tool which I don't like 100% is to limit how the display name is entered.
Control Panel » Registration Settings
Allow Special Characters in Display Names?
Minimum Display Name Length:
Maximum Display Name Length:
but one field I do like but makes it more difficult for the user.
CAPTCHA verification?
While we are on the same screen.
Default Group(s) for New Members:
Usually defaults to users.
Are you aware you could cripple the user group permissions to almost nothing, so You could monitor them. Then in
Control Panel » Group Management
Create a say user2 group with normal permissions and allow them to auto promote to user 2 after x number of posts.

Now back to the ip part.
I assume you are talking Stop forum spam which is new in ubb 7.5.7.

Yes you can check the users ip depending on your settings in:
Control Panel » Primary Settings
Tab-Stop Forum Spam.
If You have not acquired a api key yet you can visit the site and just paste the ip and search.

Wow, a lot of stuff to digest.

Yes, it is a lot of stuff to digest. And, I'm impressed you recall that other issue. I do also recall the Group 1 to Group 2 thing and have it someone already under my belt as I had to add one person to a new PM group so he could post more than 200 posts.

I did work with someone on here as to the admin thing, the problem being FTP. A lot of the issue is while I am fairly good with the Control Panel, learning from here and from trial and error, there are somethings I need to be careful about.

There are really two "actual admins" me on the board side monitoring everything that goes on in the board, if that makes sense, and the admin who takes care of the server and installing new updates and backups, etc. The problem as your user here can tell (I am not sure if I should use names from here -- it is up to them) is that admin either doesn't know enough or doesn't care enough to do anything. I believe he would rather do support or development than worry about whether there are five admins or two. I gave him the code to change out the other -- sorry if I am not saying that correctly -- and I gave him the demographics of the person who made it, and my bet is he never talked to him. I also don't think I am privy to the FTP or I would pass that along.

I guess maybe I worry too much about it when I have 30 patients a day to see. But, with this last spammer, there were four PMs waiting for me this morning alerting me so it isn't that tough.

Well,
Ftp is nothing more that the ability to upload and download files with one twist chmod. Meaning file folder permissions.
Using free stuff like Filezilla works fine if you have a access account.
But I tend to agree having multiple admins that are not on the same page makes it extremely difficult for continuity for the board.

I had a similar issue with a client.
They had a admin that kept breaking the site/forum.
They had 4 admins.
well three admins had a hard decision to lock out the one.
They finally did it and it did come out well.
They segregated the site forum from web pages.
he has the site and the other three admins have the forum.
But that is just one case.

Thanks for the help Ruben. And, Gizmo.