Hi,
we have experienced a severe privacy issues: We do not want our members to be shown to the public in any way!
Settings:
Joomsocial Main Menue is set to public (as registered won't work with regards to new registrations/redirects)
Joomsocial Toolbar Menues are all set to registered.
Joomsocial settings for member profiles are all set to members only and not public
Problem:
The community is private, non members do see the registration page - fine.
However, google did index the page:
community_path/search/browse.html
What happened is, that if you know this URL you do see all profiles, all names, all profile pictures.
We asked google to remove the paths from the index as well as disallowed it in the robots.txt.
Still, this is not supposed to happen.
How can I prevent this from happening?
Thank you,
Matt
Hi, Matthias.
I presume that you already have JomSocial frontpage menu item already (it must have lowest menu item ID than any other JomSocial related menu item outside JomScoial toolabr if they exist). Now you need to create new menu item - it may be in hidden menu, menu not displayed on your site (menu is not assigned to any menu module) - menu item should point to All Members page:
prntscr.com/7kbb6x
Setting any menu item in JomSocial toolbar to "Registered" will have not use - access settings in Joomla! are set by menu item ID... and menu items in JomSocial toolbar doesn't use own menu item but parent element (in most ceases it's JomSocial frontpage menu item).
You may also search on forum as this is most common misconfiguration.
Dear Michal,
thank you for your message! I have done that already.
I have one main menu item for Joomsocial that is public
The toolbar is registered only.
I also have a hidden menu with an item pointing to all members set to registered.
Still, the member list is publicly viewable...
Can this be a SEF issue?
the URL that still is publicly viewable is:
Communitypath/search/browse.html
The menue item path is:
Communitypath/alle-mitglieder.html
Note that for test purpose I did set the menu item of all members to a normal menu but not a hidden one.
Thanks for any help,
Matthias
Hi, Matthias.
You may disable that menu item ID I asked you to create.
Your issue was different - it was Joomla! caching issue. URL ware cached with public access rights.
Menu item ID of this page is 659 and has privacy set to Registered. This is fine.
But probably before it was public and it was cached by Joomla! with this setting.
I disabled caching and clearech Joomla! cache.
Now when I try to access (beeing not logged in) Communitypath/search/browse.html I'm asked to log in.
Please, test it.
Dear Michal,
thank you for your reply. I even tried that before (Cache emptying) without success!
If i go to the page...
/secret-lounge/search/browse.html?start=12
It still shows me all members in three different browsers (chrome/firefox/internet explorer)...
Sorry to hassle you again...
Matt
Hi, Matthias.
Ok, I know what's going on. URL that make us trouble is without menu item ID... what mean that NO privacy settings will be used to that page as any display or privacy settings are based on menu item ID. if URL lacks ID them Joomla! does nothing - no setting take effect.
Take a look this is correct URL to this page:
ROOT/secret-lounge/alle-mitglieder.html
But Google indexed:
ROOT/secret-lounge/search/browse.html
So what could be done?
First I would try htaccess 301 redirection:
Redirect 301 /secret-lounge/search/browse.html /.
Redirect 301 /secret-lounge/search/browse.html?start=12 /.
I'm not sure if this will work for your server but, please, try.
Edit .htaccess in Joomla root folder and add above lines at file beginning.
Hi Michal,
sorry to bother again... While I was able to sort out, that the user list is not publicly visible, user profiles still are.
e.g.
if you know the url: /paththocommunity/321-raewyn/profile.html
you will see the name and the photo!
Google we already disallowed to crawl the path. However, crawlers do find the path and have access to this information.
In our case, we can not have names or photos visible openly, nor can we have them indexed somewhere.
How can I stop profiles to be shown publicly?
Personally I find this needs to be reported to the developers, there should be a backend option to disable public viewing at all.
Thank you for your help,
Matt
Hi, Matthias.
But you can't view profile - this is not a profile page that you can view when you're logged in. This page is shown when someone DOESN'T have access to profile pages. That's for notice is displayed:
Hinweis
Das Profil ist aufgrund der Privatsphären-Einstellungen des Nutzers nicht sichtbar
<?php $user = JFactory::getUser();
if (!$user->guest) { ?>
<?php } ?>