I have choosed a different approach to handle this.
In my website I have choosed to allow anonymous users to access posts, but login is needed to create new posts. That allows anonymous users to see posts AND to access memberlist.php. I think that file should not be allowed to anonymous users because someway the spambots "see" the Email form button and then try to email every user in the list.
Like honey to bees.
The approach I applied was to deny access to memberlist.php to anonymous users.
I edited memberslist.php. Removed/commented the following:
Text Formatted Code
//Check is anonymous users can access
forum_chkUsercanAccess();
$display = '';
Replaced with:
Text Formatted Code
//Check is anonymous users can see memberslist.php.
// Appplying the same policy as if anonymous can post.
if ($CONF_FORUM['registered_to_post'] && $_USER['uid'] < 2) {
$url = $_CONF['site_url']. '/users.php?mode=new';
$display = COM_siteHeader();
$display .= COM_startBlock($LANG_GF00['access_denied']);
$display .= '<br' . XHTML . '>' .$LANG_GF01['loginreqpost']. '<p>';
// $display .= '<meta http-equiv="refresh" content="5; URL=' .$url. '">';
$display .= COM_endBlock();
$display .= COM_siteFooter();
COM_output($display);
exit;
}
If a spambot access memberlist.php, it shows an access denied to anonymous users page. You may optionallly refresh after 5 seconds to a users.php?mode=new with a captcha. I chose touse a plain access denied page. That means spambots do not even try to register.
Since there is no more a huge list of +4700 users with "Email" buttons, it stopped being attractive to spambots. I don't think the registered users have ever used memberlist.php. As far as I can see, my registered do not even know memberlist.php do exist.
If I wanted to create a "honey pot" trap, memberlist.php would be the perfect target.
--
https://www.AlcanceLibre.org/https://blog.AlcanceLibre.org/La libertad del conocimiento al alcance de quien la busca.