View Single Post
  #8  
Old 27 Feb 2016, 00:50
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Originally Posted by edgeless View Post
I guess I didn't think of it and no one recommended it. Do you mean set the usergroup permission for Unregistered/Not logged in for the blog section to 'no' at "Can use Email to Friend"? It seems like it should work... but then they were somehow able to bypass the human verification system. So I'm not sure what they are doing or injecting, or where. Definitely something to try, though.

EDIT:
Actually I did try that and it did nothing. When I wrote my reply above I was somehow thinking there was a permission control item for the vB blog under Usergroups > Forum Permissions... but there's not. What I had already tried was setting Usergroups > Usergroup Manager > Unregistered/Not Logged In (and each of the other usergroups) > "Can Use Email to Friend" to 'no" but it had absolutely no effect on the spammer's ability to access the system and send his messages. In fact, that permissions change is one of the first things I tried. I'm sorry about my confusion there for a minute about the Forum Permissions list. So the only thing that has worked is what I have detailed above.
for Unregistered / Not Logged

Blog General Permissions
Put all settings to no

Blog Entry Permissions
Leave this setting to Yes
Follow Blog Moderation Setting
The rest put all to No

Blog Comment Permissions
Leave this setting to Yes
Follow Blog Comment Moderation Setting
The rest put all to No
Reply With Quote