Fixed Banned spammers still show homepage and signature links in profile

Sim

Well-known member
I created a new forum the other day. My very first user (before I had even had a chance to finish setting things up), was a signature spammer (user who registers with multiple links to drug websites in their signature).

I banned them using the spam cleaner, but they still show up in the members list (at the top since there are no other users yet!!), and what is worse, the Recent Activity list shows them setting a link to their home page (which, because they are a spammer, is a spam link). The following screenshots are from a non-logged in user.

recent_activity.webp

Also, clicking on their profile shows their signature, completely with spam links!!

member_profile.webp

This is a serious problem that needs to be addressed by the core software - if a spam user is banned, we need to remove all reference to that user - especially their home page and signature from their profile that contain the spam links!!

This is not just a regular user who has been banned - this is a spam user and as such, all traces of them need to be removed to discourage further spamming.

I realise that these links are all nofollow, so there is little (or no) search engine benefit to be had - but the fact that these clearly spam links are still visible to my other users lowers the tone of the site and may spook new members.

I believe this is a flaw in the spam cleaner.
 
I would hope there is something in 1.1 to help with this ... my CycleChat mods won't take kindly to having to go to those lengths to get rid of spam content. :(
 
Damn you, Mike, you and XenForo rock. Awesome.
Pretty simple change actually - this lives just before the return true of XenForo_Model_UserProfile::canViewFullUserProfile()
PHP:
// user profiles of permanently-banned users should be unavailable to all but privacy-bypassing users
if ($user['is_banned'])
{
	$ban = $this->getModelFromCache('XenForo_Model_Banning')->getBannedUserById($user['user_id']);

	if ($ban && $ban['end_date'] == 0 && !$userModel->canBypassUserPrivacy($null, $viewingUser))
	{
		$errorPhraseKey = 'this_users_profile_is_not_available';
		return false;
	}
}
 
Any chance profiles for unconfirmed users can be unavailable too please, if that is not already the case (since the profile spam above could be replicated on an unconfirmed account on 1.0)?
 
Top Bottom