@John Thanks, that’s good to know and a good reason to keep a link to the old forum.
@John @sim I don’t know how much control you have over the format of the forum, but I was wondering about the user pictures that show on each discussion. Depending on how many users reply to a discussion, several pictures appear for that discussion. Looks like a max of 5, but that might depend on the device.
I was wondering when there a several pictures, if the leftmost picture could always be the picture of who started the discussion. Then the pictures to the right of the first one could be in order of who made a reply, ignoring any duplicate pictures.
The pictures would go from left to right, the original poster, followed by the most recent person to reply, then the person before that, etc. . So just by looking at the pictures you could see who started the discussion and the order of who made any reply’s to it.
@dave1707 it looks like that is the order you mentioned is generally what it follows. The leftmost avatar is always the original poster, however if it is glowing, then it is also the most recent poster. Otherwise the rightmost avatar is the most recent poster.
Other avatars shown in-between the left and right ones are frequent posters for the thread
@Simeon - the previous website was based on a Vanilla design. What design is the latest one based on ?
@sim Thanks for the info on the avatars. I wasn’t sure if there was any kind of order to them. I also wondered why the leftmost avatar had a different look to it sometimes, like there was a small ring around it.
1 Like
One of the default Discourse themes with some of our Codea logos on it. We may tweak it and change it over time
Not sure if this is the right place to post this …
… just got a notification and so came over to find this bright, shiny, new forum. Clicked on the “reset password” link, but my emailer flagged it as a potential scam. The text of the link was to https://talk.codea.io/u/password-reset/some-long-code but the link itself pointed to https://05rio.mjt.lu/lnk/some-other-long-code.
I’ve just tried a reset password on another forum I’m on - a discourse forum - and that had the right links in it, so based on that I suspect the link injection (if that’s what it is) is happening before it gets to my email.
I got in by copying the actual link text. I did not click on the link!
Looks like a Luxembourg website address. Is that where this forum is based?
The IP addresses don’t match, for talk.codea.io I get:
talk.codea.io has address 45.77.153.231
whilst for the link in the email, I get:
05rio.mjt.lu has address 35.241.186.140
Can anyone check those IPs? On a UNIX system then host ABC will say what your machine resolves that hostname to.
Also, others can try the reset password link to see what happens. It doesn’t actually reset your password, so if you sign out and click forgot password then it’ll send you an email with a link. On most email clients, hovering over the link shows you what the actual link is.
Just don’t actually click on that link …
Interestingly, the original email that I got notifying me of a message on this forum also contains links to 05rio.mjt.lu. I also note that emails from this forum that I’m getting are sent from something called mailjet.
So I can think of a semi-legitimate thing happening here - the forum uses mailjet as its mail sender, and mailjet puts links through a forwarding system to count clicks. I’m not overly happy by that happening, but this post on the mailjet website suggests that they do replace links to track clicks.
So my initial reaction is now feeling a smidgeon over the top, but nevertheless link spoofing is a major vector for phishing so if this is what is happening, my recommendation would be to disable it.
The 45.77 ip shows as New Jersey in the US.
The 35.241 ip shows as Brussels in Belgium.
Don’t know how accurate those are. I use an ip locator app.
I logged out and tried to login again. I keyed in my email address that’s on file for the forum and then selected “Skip the password, email me a login link”. I got the email with the link talk.codea.io / session / email-login / a whole bunch of numbers and letters. I tapped the link and it logged me into the forum. That’s the way I always login, I don’t know why my normal ID and password don’t work.
Dave, you’re missing the point. The link in the email may look right and it takes you eventually to the forum, but it does so via what I now suspect is a tracker referrer. It’s a way for the mail sender company (mailjet) to count whether people click on links in the emails that get sent. For marketing emails, this is not a completely unreasonable idea - if you send out lots of different emails then you might be interested in which ones get people to click on links and if you only count the number of visitors then you might not be able to tell how they came to your site, so having the links go via a tracker makes it easy to keep track.
But here, that doesn’t seem like a useful thing to be doing - why should the codea devs care if you click on a link to log in? - and it’s also a bit problematic when the link is the “reset password” link since then you’re effectively giving that link over to another company out of your control.
So the fact that you can log in via a link emailed to you is irrelevant. What would be useful is if you copied the actual ink in that email (rather than just the text) and posted that here so that we can see if this tracker is being applied to all emails that this forum is sending.
Link texts can be spoofed quite easily. For example, I might post a link to the BBC website https://www.bbc.co.uk and you might click on it to find out what songs are going to feature in next week’s StRickly …
@LoopSpace You’re correct. When I tap on the link I receive it does take me to the Codea forum, but the 05rio.mjt.lu goes by so fast that if you’re not looking for it, you don’t see it. I had to do a video of an iPad as it logged into the forum and then play back the video to stop it to read the 05rio link.
Hadn’t thought of doing a video! I’m reading the emails using thunderbird on a PC, so I can right click and copy the link. Maybe long pressing on the link on the iPad will give you more options?
I’m sort-of glad that someone else has now confirmed the 05rio.mjt.lu redirect - now at least I can stop worrying that the link insertion is happening on my computer!
This is what I found when visiting the site:
We don’t intentionally track links, although we do use a mail provider so its possible that they are the ones embedding these redirect links (its probably enabled by default)
I can look further into this and see if we can’t disable it entirely
@John Thanks for the info. I normally don’t logout, so I didn’t notice the other link until @LoopSpace was asking about it.
It looks like we may need to use this on the mail templates. So sorry about the link tracking! It’s creepy and absolutely unnecessary, we weren’t aware of it so thank you @LoopSpace for bringing it to our attention