CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviMember (Moderator: Deepak Srivastava) »
  • Member Profiles publicly visible through google search
Pages: [1]

Author Topic: Member Profiles publicly visible through google search  (Read 360 times)

eengert

  • I’m new here
  • *
  • Posts: 8
  • Karma: 0
  • CiviCRM version: 4.4.5
  • CMS version: Joomla 3.3
  • MySQL version: 5.5.30-30.1
  • PHP version: 5.4.26
Member Profiles publicly visible through google search
November 19, 2014, 06:32:14 am
We have a problem with http://www.essp-ny.org where you can google a member's name and google will serve up a direct link to the member's profile details.  This is obviously very concerning and we need to find a way to secure this immediately.

The url that google is indexing is:  http://www.essp-ny.org/index.php?option=com_civicrm&task=civicrm/contact/view/print&reset=1&print=1&cid=xxx where "xxx" is the contact ID.  This is a Joomla website.

This displays all of the person's contact info publicly.  Can anyone tell me how to prevent this?
« Last Edit: November 19, 2014, 07:54:16 am by eengert »

petednz

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4899
  • Karma: 193
    • Fuzion
  • CiviCRM version: 3.x - 4.x
  • CMS version: Drupal 6 and 7
Re: Member Profiles publicly visible through google search
November 19, 2014, 11:37:57 am
it isn't just the profile that is exposed though is it - i can also get to http://www.essp-ny.org/index.php?option=com_civicrm&task=civicrm/dashboard&reset=1

which suggests to me that your joomla permissions are too open unless there are specific features you are trying to make open that normally are not required.
Sign up to StackExchange and get free expert advice: https://civicrm.org/blogs/colemanw/get-exclusive-access-free-expert-help

pete davis : www.fuzion.co.nz : connect + campaign + communicate

eengert

  • I’m new here
  • *
  • Posts: 8
  • Karma: 0
  • CiviCRM version: 4.4.5
  • CMS version: Joomla 3.3
  • MySQL version: 5.5.30-30.1
  • PHP version: 5.4.26
Re: Member Profiles publicly visible through google search
November 19, 2014, 11:47:49 am
Joomla permission in global configuration are set to the defaults.  I'm not sure what I would need to change there.  I tried denying access to various actions for the Public group, but it didn't seem to have any impact so I set it back to the defaults (which is "not set").

Can you be more specific about what you think I should try changing in the permissions?

eengert

  • I’m new here
  • *
  • Posts: 8
  • Karma: 0
  • CiviCRM version: 4.4.5
  • CMS version: Joomla 3.3
  • MySQL version: 5.5.30-30.1
  • PHP version: 5.4.26
Re: Member Profiles publicly visible through google search
November 19, 2014, 01:15:39 pm
Ok, I found where to set the Joomla permissions for CiviCRM components.  They were indeed too wide open.  Denying access to various actions has solved the problem. 

Thanks.

Michael McAndrew

  • Forum Godess / God
  • I live on this forum
  • *****
  • Posts: 1274
  • Karma: 55
    • Third Sector Design
  • CiviCRM version: various
  • CMS version: Nearly always Drupal
  • MySQL version: 5.5
  • PHP version: 5.3
Re: Member Profiles publicly visible through google search
November 24, 2014, 02:36:20 am
You probably want to get google and various other search engines to remove the offending search results as well.  They have a form you fill in...
Service providers: Grow your business, build your reputation and support CiviCRM. Become a partner today
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviMember (Moderator: Deepak Srivastava) »
  • Member Profiles publicly visible through google search

This forum was archived on 2017-11-26.