[OzzModz] Security Lock Old Accounts

[OzzModz] Security Lock Old Accounts 2.1.0

No permission to download
Overview Updates (4) History Discussion
Ozzy47 said:
They would have to come up with a new one I believe. I can’t see XF allowing reuse of a password.
Click to expand...
It's concerning that this user doesn't have access to the "Contact Us" page. Instead, they're encountering an error from this plugin that fills the entire screen. It's odd because even blocked users and guests have access to this page, yet a user who registered many years ago, whose login credentials we've verified, does not. Is this fair?
These are harsh measures... The user may not have access to their email.
 
For my part, it works fine, it's something I'd done manually with the batch update users but this add-on makes sure it's done automatically. :cool:

When you have a large community, it often happens that accounts sleep, and the spammer finds accounts that were found in data leaks given and they come to try on your forum, in my case it happened at least 50 times in 1 year.


Thanks Ozzy 👌
 
Dkf said:
It's concerning that this user doesn't have access to the "Contact Us" page. Instead, they're encountering an error from this plugin that fills the entire screen. It's odd because even blocked users and guests have access to this page, yet a user who registered many years ago, whose login credentials we've verified, does not. Is this fair?
These are harsh measures... The user may not have access to their email.
Click to expand...
The way to reset the password is the standard XF reset password function, they will get an email with the password reset.
Click to expand...
 
Dkf said:
It's concerning that this user doesn't have access to the "Contact Us" page. Instead, they're encountering an error from this plugin that fills the entire screen. It's odd because even blocked users and guests have access to this page, yet a user who registered many years ago, whose login credentials we've verified, does not. Is this fair?
These are harsh measures... The user may not have access to their email.
Click to expand...

This is default behavior from XF, not this plugin. Anyway, all the user has to do in order to use the contact us is not be logged in.
 
Ozzy47 said:
This is default behavior from XF, not this plugin.
Click to expand...
Ok

htsumer said:
The way to reset the password is the standard XF reset password function, they will get an email with the password reset.
Click to expand...
What if there's no access to email? Sometimes email services shut down. Or you lose access to them.
Prohibiting access to the contact page with administration is going too far...
 
Ozzy47 updated [OzzModz] Security Lock Old Accounts with a new update entry:

[OzzModz] Security Lock Old Accounts for XenForo 2.2+ Update 2.1.0

2.1.0
Added an option to security lock the accounts when they login or via a cron.
If you choose login, any account as old or older than the days specified in the options will be security locked upon login.
If you choose cron, any account as old or older than the days specified in the options will be security locked via a cron job. This cron runs once a day.

View attachment 298261
Click to expand...

Read the rest of this update entry...
 
I register forum members with e-mail confirmation. Those whose e-mail address is incorrect cannot benefit from the forum because they cannot verify it. For users in this situation, when they come to the forum after more than 365 days, they will not be able to reset their e-mails because they are fake. How can we find a solution to this?
 
htsumer said:
I register forum members with e-mail confirmation. Those whose e-mail address is incorrect cannot benefit from the forum because they cannot verify it. For users in this situation, when they come to the forum after more than 365 days, they will not be able to reset their e-mails because they are fake. How can we find a solution to this?
Click to expand...

htsumer said:
Therefore, we can solve this problem if there is an option to change the password or reset the password.
Click to expand...

I would ensure users have the proper email when registered.

But, they can always use the contact us form to contact you to do what is needed.
 
I was anal. A member who arrives after 365 days cannot use Contact Us due to reset, as required by XF. However, it will remain offline so that it can reach us. Anyway, it's not a big deal, I don't want people with fake emails anyway :)
 
htsumer said:
Thanks to this plugin, invalid e-mail addresses sent after password reset are revealed one by one. It's great.
Click to expand...
Scenario:

I use Amazon SES, If an old account becomes security locked and has too many bounces then the email automatically gets put on a blacklist. Given they are using an old account that is locked, limited or the email simply does not exist, does that mean the user is locked out of their account indefinite without the ability to update the password on the website?

Just thinking of some issues.

Regards.
 
SES only blocks emails for spam complaints or hard bounces. They wouldn't do anything about "too many bounces".

Either way, the user is able to email the forum admin through the contact page and you can manually change their account status. If their email gets blocked by SES you can log in to the SES console and remove it, but that's probably never something you want/have to do.

If their old email is invalid and their password doesn't work due to requiring a reset it might be hard for them to prove they're the account owner though?
 
MaximilianKohler said:
SES only blocks emails for spam complaints or hard bounces. They wouldn't do anything about "too many bounces".

Either way, the user is able to email the forum admin through the contact page and you can manually change their account status. If their email gets blocked by SES you can log in to the SES console and remove it, but that's probably never something you want/have to do.

If their old email is invalid and their password doesn't work due to requiring a reset it might be hard for them to prove they're the account owner though?
Click to expand...
Historically, I would have a special hidden field for users to insert a phrase or a word in the event of this situation. They would email , I would ask for the secret word on the account and it helps mitigate.
 
You must log in or register to reply here.
Top Bottom