1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.3 Awaiting email confirmation (from edit) can post?

Discussion in 'Troubleshooting and Problems' started by GIMPER, Jul 19, 2014.


    GIMPER Member

    I have a (spam) user who registered with a non-existent email address. He changed it to another non-existent email address and was able to post in the forum.

    How can I change that behaviour? Also he is in the user group "registered" - thought that would only happen once the account is fully confirmed.
  2. Mike

    Mike XenForo Developer Staff Member

    Users that aren't confirmed have the permissions of the "unregistered / unconfirmed" group, regardless of the groups they're in. So either they made the post while they had a confirmed email and later changed it or there are permissions set such that the above named group can post.

    GIMPER Member

    neat, damn I love this forum software. Was able to see via the user changelog that (s)he did exactly that (of course I only got two bounces):

    1) reg with non-existent email
    2) changemail to valid email
    3) changemail to other non-existent email

    This might be something interesting for your Anti-Spam system (incl. StopForumSpam).

    -> he avoids his initial registration being blocked (works only with a fresh IP), as he can use any random non existent email which is not yet in StopForumSpam
    -> changes it quickly to his real email, validates his account, makes a post
    -> after posting he changes into a non-existent email again (random)
    -> if admin "anti-spams" user, only his last used email will be sent to StopForumSpam (which was not his real email) and thus avoids his real email getting blocked - less work to fake email addresses.

    1) obviously it would be better to send all email addresses to StopForumSpam
    2) maybe some option to disallow mail changes?

Share This Page