Notice

The forum is in read only mode.

Support Forum

Welcome! Support Forums have been reactivated
Welcome the Technical Support section. Help us in assisting you by providing us with a concise and descriptive elaboration of your issues. Be specific and if possible, provide us with a step-by-step instruction in replicating your problem.

Severe Privacy Issue

8 years 10 months ago
Licenses:
JomSocial Expired

Hi,
we have experienced a severe privacy issues: We do not want our members to be shown to the public in any way!

Settings:
Joomsocial Main Menue is set to public (as registered won't work with regards to new registrations/redirects)
Joomsocial Toolbar Menues are all set to registered.
Joomsocial settings for member profiles are all set to members only and not public

Problem:
The community is private, non members do see the registration page - fine.
However, google did index the page:
community_path/search/browse.html

What happened is, that if you know this URL you do see all profiles, all names, all profile pictures.

We asked google to remove the paths from the index as well as disallowed it in the robots.txt.
Still, this is not supposed to happen.

How can I prevent this from happening?

Thank you,
Matt

8 years 10 months ago
Licenses:

Hi, Matthias.

I presume that you already have JomSocial frontpage menu item already (it must have lowest menu item ID than any other JomSocial related menu item outside JomScoial toolabr if they exist). Now you need to create new menu item - it may be in hidden menu, menu not displayed on your site (menu is not assigned to any menu module) - menu item should point to All Members page: prntscr.com/7kbb6x

Setting any menu item in JomSocial toolbar to "Registered" will have not use - access settings in Joomla! are set by menu item ID... and menu items in JomSocial toolbar doesn't use own menu item but parent element (in most ceases it's JomSocial frontpage menu item).

You may also search on forum as this is most common misconfiguration.

- Instead of saying: 'it's not working', explain the problem in detail.
- Screenshots with the URL visible in them and the problem marked are more than welcome.
- Tell us how to replicate the problem, we can't fix it if we can't find it.
- Make sure that your site/server meets JomSocial System Requirements
- Make sure to setup JomSocial Cron Job
- Always provide us with access details to the backend and ftp. We need it to debug problems.
- If you have a similar problem, but a solution you found isn't working, open a new thread instead of 'merging' with an existing one.

- Use the "Thank You" feature on any post that helped you
The following user(s) said Thank You: Matthias
8 years 10 months ago
Licenses:
JomSocial Expired

Dear Michal,

thank you for your message! I have done that already.
I have one main menu item for Joomsocial that is public
The toolbar is registered only.
I also have a hidden menu with an item pointing to all members set to registered.

Still, the member list is publicly viewable...
Can this be a SEF issue?
the URL that still is publicly viewable is:
Communitypath/search/browse.html
The menue item path is:
Communitypath/alle-mitglieder.html

Note that for test purpose I did set the menu item of all members to a normal menu but not a hidden one.

Thanks for any help,
Matthias

8 years 10 months ago
Licenses:
JomSocial Expired

Ps.
please note, that the ALL Member menu item is NOT publicly viewable.
/search/browse.html is...

8 years 10 months ago
Licenses:

Hi, Matthias.

You may disable that menu item ID I asked you to create.

Your issue was different - it was Joomla! caching issue. URL ware cached with public access rights.
Menu item ID of this page is 659 and has privacy set to Registered. This is fine.
But probably before it was public and it was cached by Joomla! with this setting.
I disabled caching and clearech Joomla! cache.
Now when I try to access (beeing not logged in) Communitypath/search/browse.html I'm asked to log in.

Please, test it.

- Instead of saying: 'it's not working', explain the problem in detail.
- Screenshots with the URL visible in them and the problem marked are more than welcome.
- Tell us how to replicate the problem, we can't fix it if we can't find it.
- Make sure that your site/server meets JomSocial System Requirements
- Make sure to setup JomSocial Cron Job
- Always provide us with access details to the backend and ftp. We need it to debug problems.
- If you have a similar problem, but a solution you found isn't working, open a new thread instead of 'merging' with an existing one.

- Use the "Thank You" feature on any post that helped you
The following user(s) said Thank You: Matthias
8 years 10 months ago
Licenses:
JomSocial Expired

Dear Michal,

thank you for your reply. I even tried that before (Cache emptying) without success!

If i go to the page...
/secret-lounge/search/browse.html?start=12

It still shows me all members in three different browsers (chrome/firefox/internet explorer)...

Sorry to hassle you again...
Matt

8 years 10 months ago
Licenses:

Hi, Matthias.

Ok, I know what's going on. URL that make us trouble is without menu item ID... what mean that NO privacy settings will be used to that page as any display or privacy settings are based on menu item ID. if URL lacks ID them Joomla! does nothing - no setting take effect.

Take a look this is correct URL to this page:

ROOT/secret-lounge/alle-mitglieder.html

But Google indexed:

ROOT/secret-lounge/search/browse.html

So what could be done?

First I would try htaccess 301 redirection:

Redirect 301 /secret-lounge/search/browse.html /.
Redirect 301 /secret-lounge/search/browse.html?start=12 /.

I'm not sure if this will work for your server but, please, try.

Edit .htaccess in Joomla root folder and add above lines at file beginning.

- Instead of saying: 'it's not working', explain the problem in detail.
- Screenshots with the URL visible in them and the problem marked are more than welcome.
- Tell us how to replicate the problem, we can't fix it if we can't find it.
- Make sure that your site/server meets JomSocial System Requirements
- Make sure to setup JomSocial Cron Job
- Always provide us with access details to the backend and ftp. We need it to debug problems.
- If you have a similar problem, but a solution you found isn't working, open a new thread instead of 'merging' with an existing one.

- Use the "Thank You" feature on any post that helped you
The following user(s) said Thank You: Xristoph Conrad, Matthias
8 years 10 months ago
Licenses:
JomSocial Expired

Hi Michal,

yes this makes sense! I will try it now!
I guess it would be a good idea to somehow prevent this by an core update.
Thanks,
Matt

8 years 10 months ago
Licenses:
JomSocial Expired

Hi Michal,

yes, this did the trick!

Thank you,
Matt

8 years 9 months ago
Licenses:
JomSocial Expired

Hi Michal,

sorry to bother again... While I was able to sort out, that the user list is not publicly visible, user profiles still are.

e.g.
if you know the url: /paththocommunity/321-raewyn/profile.html
you will see the name and the photo!

Google we already disallowed to crawl the path. However, crawlers do find the path and have access to this information.
In our case, we can not have names or photos visible openly, nor can we have them indexed somewhere.

How can I stop profiles to be shown publicly?
Personally I find this needs to be reported to the developers, there should be a backend option to disable public viewing at all.

Thank you for your help,
Matt

The following user(s) said Thank You: Xristoph Conrad
8 years 9 months ago
Licenses:

Hi, Matthias.

But you can't view profile - this is not a profile page that you can view when you're logged in. This page is shown when someone DOESN'T have access to profile pages. That's for notice is displayed:

Hinweis
Das Profil ist aufgrund der Privatsphären-Einstellungen des Nutzers nicht sichtbar


Many communities want to display this basic infor for non logged users.

But I understand specific of your site. Thus you may improve that applying this hack:

Copy this file:

ROOT/components/com_community/templates/jomsocial/layouts/people.browse.php

to:

ROOT/templates/your-template/html/com_community/layouts (if you don't have any of those folders, feel free to create them)

Then edit file and add this in line 14: prntscr.com/7lhhfz 
<?php $user = JFactory::getUser();
		if (!$user->guest) { ?>

and this:
<?php } ?>

at the very end of file.

From now on no information will be displayed for non-logged in users.

- Instead of saying: 'it's not working', explain the problem in detail.
- Screenshots with the URL visible in them and the problem marked are more than welcome.
- Tell us how to replicate the problem, we can't fix it if we can't find it.
- Make sure that your site/server meets JomSocial System Requirements
- Make sure to setup JomSocial Cron Job
- Always provide us with access details to the backend and ftp. We need it to debug problems.
- If you have a similar problem, but a solution you found isn't working, open a new thread instead of 'merging' with an existing one.

- Use the "Thank You" feature on any post that helped you
The following user(s) said Thank You: Xristoph Conrad, Matthias
8 years 9 months ago
Licenses:
JomSocial Expired

Perfect, I think, now we are secure!
Thanks a million,
Matt

Moderators: Piotr Garasiński
Powered by Kunena Forum

Join 180,000 websites creating Amazing communities

JomSocial is the most complete, easy-to-use addon that turns Joomla CMS into a
full -fledged, social networking site

TRY NOW BUY NOW

About Us

Our product

Support

Contact Us

Site Policies

Elsewhere

© JomSocial.com All Rights Reserved