XF 2.0 How to hide user number?

[Dynamic]

Hi guys,

Just wondering if there is a way to hide the .x number in the url for usernames. The reason I would like to do this is so nobody knows how many members are registered at the forum. This only needs to be font end, so perhaps a .htaccess line will do the trick?

Cheers!

 

[S Thomas]

That's not gonna work because it's the user id - and this is used heavily through XF, not only in the url you see.

 

[Dynamic]

Thanks for the reply. Is there a way to randomise it or give it a strange string? For example /members/dynamic.393fisdifd9jskdj394993 or similar?

Thanks.

 

[Ozzy47]

What is the reasoning behind anyone caring (besides the site owner) how many people are registered? The thing that counts is active members.

 

[StarArmy]

He probably had a user ask to change their name but people still recognize the user because of the number.

If that's the case, create a new user account for that user and merge the old one into the new one, so the user will have a new number.

 

[Ozzy47]

He probably had a user ask to change their name but people still recognize the user because of the number.

You sure??

The reason I would like to do this is so nobody knows how many members are registered at the forum.

 

[StarArmy]

Alright. You got me, Ozzy.

Okay, another possible "solution" is to increment the user number artificially to make it higher. There's also some fake users mods out there.

 

[Ozzy47]

Then I default back to my original question. Who cares how many users are registered?

 

[Optic]

@Dynamic the number is skewed anyway, just like everyone here I am sure you are regularly getting SPAM account registrations.

I personally wouldn’t worry about it.

 

[Sim]

Or adjust the database to set the autoincrement value to some arbitrarily high number.

ALTER TABLE xf_user AUTO_INCREMENT=100000;

(backup first!)

Doesn't change existing users, but new users will have a high userid.

 

[Ozzy47]

That's just plain silly.

 

[Sim]

That's just plain silly.

You may feel it is unnecessary (and FWIW, I wouldn't do this myself), but if it's important to someone else, then you could try being constructive and actually offer a solution.

 

[Ozzy47]

You may feel it is unnecessary (and FWIW, I wouldn't do this myself), but if it's important to someone else, then you could try being constructive and actually offer a solution.

Actually , being constructive is exactly what I am trying to do. Think about it, you could have 10,000 members, 8000 have been banned as spammers, 1600 only registered and never posted, 200 posted a couple of times and have not been seen in a year. So how many members are there??

It is better to understand the situation rather then to give suggestions based on ignorance.

 

[Dynamic]

Or adjust the database to set the autoincrement value to some arbitrarily high number.

ALTER TABLE xf_user AUTO_INCREMENT=100000;

(backup first!)

Doesn't change existing users, but new users will have a high userid.

Thank you very much Sim! I will be sure to give this a go.

Actually , being constructive is exactly what I am trying to do. Think about it, you could have 10,000 members, 8000 have been banned as spammers, 1600 only registered and never posted, 200 posted a couple of times and have not been seen in a year. So how many members are there??

Thanks.

It is better to understand the situation rather then to give suggestions based on ignorance.

Hi Ozzy,

Xenforo will not be getting used as forum software for this particular project. I am unable to discuss why I don't want the user numbers to be shown, but it is important.

Thanks.

@Dynamic the number is skewed anyway, just like everyone here I am sure you are regularly getting SPAM account registrations.

I personally wouldn’t worry about it.

Hi Optic,

There will not be a single spam registration as users will need to pay for the service before they have access.

Thanks.

 

[S Thomas]

Or adjust the database to set the autoincrement value to some arbitrarily high number.

ALTER TABLE xf_user AUTO_INCREMENT=100000;

(backup first!)

Doesn't change existing users, but new users will have a high userid.

A static increment value won't change anything, though, you would simply need 2 successive accounts to break the system.

 

[Sim]

A static increment value won't change anything, though, you would simply need 2 successive accounts to break the system.

I'm not sure what your point is? How would it break the system?

The next user registering will have userid 100000, the one after that will have 100001, then 100002 and so on. The auto increment value isn't static - it's the starting point for what the next automatically assigned identifier will be. After two new registrations, the AUTO_INCREMENT value will be set to 100002 by the database server.

You can arbitrarily change it at any point - if you set it to a value lower than an existing id already in the database, it will automatically reset to use the next value higher than the existing one.

 

[S Thomas]

Let's say his last user was 1234 and his next user is 100000 - it just needs these two to break the system. What he would need is a randomized value, let's say it changes every hour or it increases randomly on every new registration. Something like this: https://forums.mysql.com/read.php?24,425424,425491

There's no real solution to this without heavy modifications unless he can perfectly kill crawlers, which is pretty much impossible.

 

[Sim]

Let's say his last user was 1234 and his next user is 100000 - it just needs these two to break the system

How does this "break the system"? Are you talking about the ability to enumerate users and show how many there actually are?

There is no way for normal users to enumerate all users to determine whether there are 1234 users or 100000 users (other than to try them all by hand). The member list does not show all users, and could be easily turned off anyway.

Making all user profiles hidden from search engines will solve the ability to enumerate using Google - and since it is a paid system, one assumes that user profiles will not be visible to unregistered users. Crawlers perfectly killed.

It's an incredibly easy fix which will be effective for the vast majority of the population who don't understand how databases work. Only technical people might see through the ruse.

 

[Dynamic]

Making all user profiles hidden from search engines will solve the ability to enumerate using Google - and since it is a paid system, one assumes that user profiles will not be visible to unregistered users. Crawlers perfectly killed.

Hi Sim,

Thanks for the info. Also, other members will not be able to see other users profiles either. It is mainly the link I want to hide completely, so users of the site can't track how many real users there are. Setting it to something like 9882902X will probably do the trick. The only other problem will be if a user starts removing numbers and sees what shows up as a 404 or if it gives a permission error. But that can be fixed in templates anyways.

Thanks.

 

[BobHarbison]

Then I default back to my original question. Who cares how many users are registered?

Typically, the guy running the forum and nobody else. I know when I started, I placed a lot of importance on that number. These days, if you haven't posted anything and haven't logged in for a year, you're gone, even though that decreases my total member numbers.

Honestly, nobody else is looking at that. Maybe page views or google rankings, but not member numbers. It doesn't mean anything.