I just received a message on our class message forum from a person whom I do not wish to have access to our forum. The person has no connection even remotely to our class or any off its members. How could the person have access to this forum at all? I cannot find any place where the person has registered with our site. Anyway, I need to completely block this person and remove all communications. How do I do this. I am completely outraged at the communication for very good and legal reasons.

In order to participate in the site forums, one must be a member. So, unless this person is a member (in which case you could simply delete them from your site), then I suspect that you received the notification as a Contact Form message from your site. The only way to completely block a person is to lock down your pages with Password protection. Of course you would still want the classmate profiles page and home page to be accessible to non members if you are still looking for missing classmates who might potentially join.

Scott's correct about accessing the Message Forum. But, if the message really did come through the Message Forum and not the Contact Form, check your statistics to see who accessed the site at the time your message came through - if you don't have pre-approval of those joining, maybe someone joined using a missing classmate profile who is really not a classmate. You could also check the "Manage Classmates" to see what classmate name most recently joined.

This issue caught my interest / concern.

1. To FIND the culprit, download your list of members and be sure and include on that list DATE JOINED and the NAME of the MEMBER... at least that is what shows on postings by members. Also, check your statistics page and see ALL whom have been on your site.

2. Question for CC, as I have not TRIED to do this test... Can visitors that have the SITE password enter a post in the message forums? Just to be on the SAFE side, I would probably change my SITE PASSWORD to a new one that has never been used, and make it difficult (more like a code than a word with letters and numbers alternating at random throughout).

Lastly, under preferences, see the "Classmate Join Options" which states... "Allow classmates to sign up, even if their name is not listed on the Classmates Profiles page. You may want to allow this if you're not sure that your class list is complete as it saves a Classmate from having to contact you if his/her name does not appear." Select the option--- "DO NOT Allow" (as opposed to -- Allow). This should prevent just anyone from signing up.

Papa, I am curious to know when you find out HOW this person gained access to your site, so please follow-up on this thread. Also, are you the Root Admin on your site? I tend to agree with Rhonda that if posing as a member, might have joined under one of your missing classmates (and even changed their name upon sign-up which would have been sent automatically (I believe automatically, that feature may be optional) to the root admin. I think for this reason, before the facebook integration app Class Connection, it would behoove me to make all classmates be verified before joining. I am just stumped on the need to come up with GOOD verification questions to confirm new members.

Scott, a quick question for you... under preferences there are three site automated emails triggered by the stated circumstances of each that can be selected to be ON or OFF by the presence of a checkmark in the box by the either Admin/Root Admin (not sure if available to regular admins) Those messages are titled: Welcome Message; Profile Update Reminder; and Missing Classmate Invitation. My question is... can a Root Admin (or even regular admin) SEE when and to whom those messages are sent? And concerning the third type 'missing classmates' what member sent such message to a potential missing classmate and to what email address did they send it? These are administrative type emails so I would assume Admins would have access to view what has been sent by the system based on the triggers for each type, but I do not remember ever seeing them. Please advise. Thanks!

I am aware of the normal administrative ways to track who is registered. Since I have never had a reason to check, I did not know that a personal email/message unrelated to our site could find it's way to my site messages without being first registered. A request to join is O.K. but a lengthy unrelated spill almost unlimited from a non-member is not what I would find acceptable. I could and will delete this but I would prefer that person does not use our platform for this type communication. We are not Facebook or Yahoo mail or such and should have some protection from such messages. I will explain next.

Would a simple check list for non-members be in order to avoid strange emails? I have had to deal with 2 such cases and hope these are the last.

"can a Root Admin (or even regular admin) SEE when and to whom those messages are sent?" ... There is not a recorded list of who these have been sent to as these are triggered emails based on new membership to the site (Welcome Email), current members of the site (Profile Updates), and people who are not confirmed as being classmates (Invitations) and therefore we would not be able to simply provide these to the admin since the email address does not belong to them.

"Question for CC, as I have not TRIED to do this test... Can visitors that have the SITE password enter a post in the message forums?" ... I am fairly certain the answer is no, although I would need to test on my test site.

I am unsure of your probe here so I will give a simple explanation of this recent problem. The person could have simply did a search of my name or my son's name (which is the same except for the addition of Jr.) whereupon clicking goes immediately to our class listing and allows a post of almost unlimited words that will trigger an email from our site to me about the post. This was a female who was stalking my son and had caused problems in the past. So far the legal problem have not erupted in to a court ordeal but nearly did so. Being in no way associated with Our class or any with Class Creator, her access should have been limited or blocked from such personal email style posts.

I see what you're saying. Doing a search of your name will show a link to the CC "Contact Us" form because you are the admin. Yes, this is how people (anyone) may contact the admins of the CC sites. It's unfortunate you have this situation. Maybe you could change your admin name to a bogus name, i.e., Site Admin and then the Contact Us form would pop up and say "Send a Message to Site Admin, Site Administrator. Your name would, then, not be disclosed.

If the Profile Visibility (at the bottom of the Edit Profile page) is set so that only logged in classmates can view the profile, no such message can be sent.

This a complicated issue. I don't think I wish to change my admin info and I want to be accessible to those who are truly interested in our site. I was hoping for a better solution. Maybe not OK.

Papa,

My guess is it was sent via the CONTACT US form on your site, as others have mentioned.

Here is my thinking...

If you receive posts from your forum via email, as I do, you may simply read the posts and move on. When I read something that 'gets my attention', I look to see where it originated. Forum posts and Contact Us messages do appear differently in our emails.

I understand your concern, I've experienced a similar situation in the past. If this message was sent via the Contact Us, no one but you can read it unless you share it. Hopefully, that is the first and last you will receive through your site.

I did not and would not share this email but the fact that the person could so easily use this tool so freely was a great concern. Right now we are having different problems that will not allow me to delete that message.

Karen - I suspect this is a case of spoofing, a common tactic by spammers to send emails to you in hopes that you will click on their links. Your domain name does not have any email addresses associated with it and you do not have any forwarding addresses set up. Therefore, it is safe to click the Report as Spam button for any of these messages that you may receive.

The only real way to cut down on the risk of receiving these emails is to pay for the ID Protect service for your domain name. This costs $6 per year and will remove your "whois" information associated with your domain name. The whois information on domain names is a source for spammers to locate email addresses that they can send email to and in this case, use your own domain name to draw you into clicking on the email. Buying this ID Protect service at this point may not stop the emails from coming to you since they already have your email address, but it might help prevent the problem growing to other spammers.

Eitherway, just remember that you do not have any email addresses associated with your domain name and that if you receive these in the future, just send them to your spam folder.

I agree with Scott.

You can buy the privacy (ID protection) at the time you pay for the domain or anytime after - at least I was able to do so. There is enough spam out there, who needs more?