开云体育

Removed member keeps rejoining, even though group is restricted

Samuel Murray All Messages By This Member #23530 Hello everyone I had a member whose mailbox was hijacked and is now sending out spam. This member did receive an invitation to join the group (25 Feb) and accepted the invitation (28 May), but I removed the member on the same day. The member rejoined ("accepted invitation via email") on 12 November (and was removed by me again) and rejoined yet again today. In my tests, an invitation to join a Groups.io group can't be used to rejoin after you've been removed. But somehow this user does it. My group's membership is set to restricted, and fortunately the first two messages are moderated. But this member manages to join the group without having to be approved. What's going on here? Samuel Capture-1.png
Bruce All Messages By This Member #23544 On Thu, Nov 14, 2019 at 11:15 AM, Samuel Murray wrote: In my tests, an invitation to join a Groups.io group can't be used to rejoin after you've been removed. But somehow this user does it. Try going to Admin>Invite>Sent Invitations and deleting that invitation. Failing that, you can just ban him. Bruce
Shal Farley Member Profile All Messages By This Member #23636 Samuel, But this member manages to join the group without having to be approved. What's going on here? Your group's Activity log should contain the evidence to resolve this mystery. Shal -- Help: /static/help More Help: /g/GroupManagersForum/wiki Even More Help: Search button at the top of Messages list
Samuel Murray All Messages By This Member #23642 On 15 Nov 2019 06:37, Shal Farley wrote: Samuel wrote: But this member manages to join the group without having to be approved. What's going on here? Your group's Activity log should contain the evidence to resolve this mystery. Thanks, but: the image that I had attached to the original mail is the entire activity log for this user's e-mail address. This is how I could see that the member is joining by accepting an invitation, and the only invitation that I sent, was the very first one, and (according to my testing) the invitation link doesn't/shouldn't work a second time. Perhaps someone here can test this form me: invite me (or a dummy account) to your group, let me join, then remove me, so that we can see if I can join again using that same invitation. Samuel
Shal Farley Member Profile All Messages By This Member #23645 Samuel, Thanks, but: the image that I had attached to the original mail is the entire activity log for this user's e-mail address. Ah, sorry. I missed that there was an attached image on that message. Perhaps someone here can test this form me: invite me (or a dummy account) to your group, let me join, then remove me, so that we can see if I can join again using that same invitation. Wow. That's quite the loophole. Or feels like it. It feels like one shouldn't have to put on a ban just to guard against the re-use of a stale invitation. I removed a test address from the shalstest group, and then replied again to a year-old invitation sent from that group. Presto. I'm not sure what's encoded in that From address (of the Invitation), but clearly it could use a timeout of some kind. Maybe the same two weeks as a Pending member. I suggest sending your screen shot (unredacted) to [email protected] along with the confirmation that an old invitation can be re-used a year or more later, even after removing the member. Shal -- Help: /static/help More Help: /g/GroupManagersForum/wiki Even More Help: Search button at the top of Messages list
Samuel Murray All Messages By This Member #23647 On 15 Nov 2019 09:11, Shal Farley wrote: Samuel wrote: Perhaps someone here can test this form me: invite me (or a dummy account) to your group, let me join, then remove me, so that we can see if I can join again using that same invitation. I removed a test address from the shalstest group, and then replied again to a year-old invitation sent from that group. Presto. I'm not sure what's encoded in that From address (of the Invitation), but clearly it could use a timeout of some kind. Maybe the same two weeks as a Pending member. I would not want the invitation to expire for members who have not yet accepted the invitation -- not everyone uses their e-mail efficiently (or some people use it too efficiently, not dealing with mails that are not immediately relevant at the time, thus letting the message move up (or down) the message list for weeks or months). The best solution here is that whenever a user accepts an invitation, Groups.io should check whether that user had been a member on a date that is later than the date of the invitation, and if so, then the invitation link doesn't work (or: redirects the user to a page where they can apply to join or login). I'll post the bug. Samuel
Duane All Messages By This Member #23679 On Fri, Nov 15, 2019 at 02:13 AM, Shal Farley wrote: It feels like one shouldn't have to put on a ban just to guard against the re-use of a stale invitation Has the stale invitation been removed from the sent list?? I was under the impression that when an invitation was canceled/removed that it could no longer be accepted.? If that's not true, that could be a solution to this situation. I know that on the Trello list (which hasn't been updated in over a year) there are several items under the Invitations list, including making that system 'smarter'. Duane -- Help: /static/help GMF's Wiki: /g/GroupManagersForum/wiki Search button at the top of Messages list A few site FAQs: /static/pricing#frequently-asked-questions

Previous Topic Next Topic