Change title and description for the "Your Drupal site" user profile field

I'll heartily agree it's a bit retarded. I was never a fan of it either.

With that said, the "account blockage" threat is, at face value, specifically for those who *don't put a Drupal site in the box that says "Your Drupal site"*. Ignoring the very-real complaint that "I have sites not built in Drupal" (hell, I do too), I see no harm in asserting harsh action if people are deliberately putting incorrect or invalid information in a form field - and if that means putting a non-Drupal site in a field that says "Your Drupal site", then so be it.

I do wish, however, that it returned to what it once was: just a regular ol' box for your website address, without any care or concern about what it was built in.

I don't see what the issue is here.

The issue with the "your Drupal site" box (which used to be a "your homepage" box) is that it is not filtered on output. That is, it does not add a rel=nofollow tag.

What that means is that it provides free google juice to anybody creating an account on drupal.org. This is totally ok for legitimate members of the Drupal community.

However, this was abused a great deal by profile spammers (you can read about them on my blog: http://association.drupal.org/blog/7).

My initial idea to stem this tide was to have an automated test which would test the site for its Drupalness. Sadly, the test was not good enough and legitimate Drupal sites were excluded.

I then introduced the text you claim to be unfriendly. Actually, the text was meant to be friendly: To inform people that their account would be blocked if it was deemed to be a profile spammer's account (based on the assumption that spammers don't use Drupal).

I was previously blocking accounts without any warning whatsoever.

So, feel free to make alternative suggestions for the text, including to remove the requirement for it to be a Drupal site.

I think we could easily theme this profile field with rel=nofollow if that is the only concern :)

Surely, the nofollow thing could be handled as part of the d.o redesign, no? Seems like just a .tpl tweak.

I deem this to be an inadequate solution.

It is totally ok to be able to allow Drupal community members to have some Google juice for their websites.

What about two fields, one for non-Drupal sites with nofollow, and one with?

That would be something for the redesign, I think. All I want to do now is to change the helptext and the header if somebody has a good suggestion. I am also ok with keeping everything "as is".

"Non-Drupal URLs may cause your account to be temporarily disabled."

And not in bold.

The use of "temporarily" doesn't stop it from becoming a permanent block if necessary (and suggests, for the accidental cases, that the situation can be positively rectified by talking about it), but it softens the blow. Similarly, "disabled" is the same thing as being "blocked", but it's roughly akin to locking the door vs. putting up a big brick wall with no door at all for "blocked".

Most people's don't even put a Drupal site in that field. My vote is a change to "Website" with a rel='nofollow'.

-1 to the nofollow. Sure some Google juice on that page is from Drupal itself but not all profile pages have the same PR so some of it is due to our own work. This is the one place on d.o where we can legitimately get a little bit of link loving for a site of our choice. If you make it nofollow, at least make it role dependent or something so people who contribute can share a bit in the massive PR machine that is drupal.org. :)

Michelle

I agree with Morbus all the way. I don't see how it's "way unfriendly" though, solely based on the fact that it's not a required profile field. I especially agree with #7. Also...

but the net effect is pretty unfriendly to people who are new to Drupal and who may not have been able to make a site in Drupal but who wish to contribute to the community (like, say, me)

... as far as that goes, that's what the Drupal contributions: textarea is for in the My account -> Edit -> Drupal area of your profile.

I agree, as I have built WordPress and Joomla! sites before switching on (full time) to Drupal.

I wrote somewhere else, that I would use,

WordPress for Blog sites.

Joomla! for Bells and whistles corporate site. And

Drupal for a site that requires "any kind of functionality" site. To put it in simple words, any site that needs any kinds of functionality that you have seen on the web!

No offence to anybody!

Thanks.

Totally something for the redesign, but what about something like "rel=nofollow" for the authenticated users role, and another role for something like "contributors" that you can get promoted to (user points, length of time, number of posts, number of comments, or some other criteria) which removes the nofollow?

My 2 cents based on Gerhard's statementin #8:

All I want to do now is to change the helptext and the header if somebody has a good suggestion.

include the word abuse and ensure no words that would single any reader out or make the reader feel it was intended for them.

"Abuse of this field can be cause for the banning of a drupal.org account."

or

"Abusing this field can result in account termination." (A little shorter)

Using the above, I would think will protect new user "feelings" as there is no personalizing with the use of "you" or "your"; leaves the door open (for discussion) by using the word "can" but still gets the point across to those who would choose to abuse as they've now been warned.

My Website:
[ Box ]
In order to prevent inappropriate URLs we request your link be a Drupal-powerd site. URLs not related to web development or Drupal may cause your account to be disabled. Please include the "http://" with your link.

And I think adding a "no Follow" would be a mistake.

Personally I don't care either way, but in the bigger picture it really doesn't matter whether or not the site was built with Drupal considering how easy it is for anyone to create a Drupal site these days. I would be more concerned that Mollom catches anyone trying to pump their URL in as many threads as possible posting "me too" several times per day.

I guess that the intent of the 'Your Drupal web site' was to avoid the user put links that are not relevant with Drupal; as minimal denominator, it has been chosen to eliminate web sites that are not made with Drupal.

That can be changed, but to say it's unfriendly to the newbies is a little too excessive, IMO.
There are other web sites that use similar restrictions on the type of links users can put in their profile page; in the moment I create a profile page hosted in a web site, I should accept the restrictions they put on the content I can write on the profile page, at least for the fact I am in somebody else's 'home'.

Dear Drupal friends,

I also do not see any issue
in this as a newbie here.

The statement or warning is
absolutely ok
and there is no problem
with it whatsoever.

There are many real
issues going blank
and crying for a few
reply posts.

Dear leisareichelt

You are completely wrong here.
As it is this is a non-issue.

I as a newbie here have
no problem with this.

It is nice to see a Drupal site
as it gives idea
what one can do with drupal.

It is not a blogging site or
social network site - so
I am not really interested
what other sites the user have.

The purpose of Drupal is
to provide more information
about Drupal.

Dating site can provide
more information about
a person but its Drupal
site.

If he has done something with Drupal
let him showcase it here.
This does not mean one must make
a site with Drupal. Personally
I am swinging between
buddypress and drupal. If one has
a site based on other cms its
fine. Nothing will break if that
is not entered in the profile
here.
One is even free to particpate
in drupal without profile.

Michelle is right at #11. This is your profile, and I have no problem with the Google goodness coming out from it.

1) To make this link a nofollow is ridiculous.

Your personal site or blog, or your can share a site that you have built, designed or administer using Drupal
(We will remove sites that are not personal sites or sites built in Drupal and user accounts that spam will be blocked)

2) This is clunky but it should be modified, committed and this issue should be closed.

I suggest:

You can share a site that you built, designed or administer using Drupal (We will remove sites that are not built in Drupal and block spam accounts)

Dear Leis,

Today I took a hard look at the profile page here.
I found there are at least there are half a dozen
field to show or display or promote
our "social" picture.

The much debated field clearly says "My Drupal site"
For example, when you login to yahoo you give your
yahoo id and not hotmail. If you give you
are denied access. Some similar systems also
locks your account.

What is this issue about ?

@Designer: There really isn't a police force going through and making sure everyone conforms to the rule. If your account wasn't spammy in any other way, no one would block you for it. It's really meant as a spam deterrent. I guess it does need to be worded better but I don't want anyone to get the impression that we're on a witch hunt blocking folks and branding them spammers because their business blog is on Wordpress. ;)

Michelle

The requirement to post a Drupal related link in the profile is fine with me; the explanation of why the restriction has been added is something objectable because spammers can put a Drupal related link in their profiles, and still be spammers.

It's not clear what would happen if somebody needs to temporary replace a Drupal site with static HTML pages. Should he be blocked?

I am against spammers, but I don't see any way to know if somebody who opens an account does it to spam, or not; the only way to know it is to wait, and see.

...the only way to know it is to wait, and see.

Hence my suggestion to figure out a method to promote users to a 'nofollow' type role ;-)

If spammers didn't get some initial link juice from their profile links (see killes' recent blogs about spammers) before we can find them and block them, perhaps they would target d.o a bit less. Unlikely perhaps, but one can always hope.

That makes sense. Only after a while, the links in the user profiles should be granted a link of free of "nofollow" attribute, and only for the users who didn't use the Drupal account to spam.

I agree on that. To have my links with the "nofollow" attribute does not bother me; after all I use my account to contribute on Drupal, not to get back something from Drupal high Google ranking.

after all I use my account to contribute on Drupal, not to get back something from Drupal high Google ranking.

So do I but getting a little of the PR juice flowing around here I think is a nice perk for contributing. And my poor little site needs every bit it can get. ;) If we can keep it without it being abused, I think we should.

(Totally OT: does anyone else think it's downright sickening how much linkjuice Drupal.org is sitting on unused? It's like a dragon's hoarde. LOL!)

I agree with dropping the "Drupal only" requirement, as it's definitely off-putting to new users and people who may use other CMS's as well. Drupal.org is not just a Drupal developer community anymore, it's a place for people of all stripes who may be interested in Drupal for a wide variety of reasons.

If it's technically feasible to have a nofollow that expires after a certain amount of time for active accounts only as a spam-prevention measure, that makes sense to me. Otherwise, the expiration doesn't prevent people from creating accounts just for the "Google juice", even if it takes six months or whatever for that juice to kick in. If it's not feasible, then I would agree with just putting the nofollow on all links.

A lot of things are technically feasible if some volunteer codes them. :)

So I was talking to farriss about this on the car ride home, and she had a very clever idea: After asking people for the URL of their site, why don't we just have a check box that says, "This is a Drupal site". If people check the checkbox, they get the Google juice, if they don't, then the nofollow is added. We could even have a little "Why are we asking this?" tooltip that says something to the effect of, "We like to promote the use of Drupal whenever possible, and knowing how many members of Drupal.org are have Drupal sites is an important part of that" or something like that.

so basically there is nothing stopping an alleged spammer from checking the checkbox?

Just as there's nothing preventing someone from entering a non-Drupal site as part of their account information right now. Obviously anyone caught trying to game the system would be subject to having their account blocked, just as they are right now.

I think the point is to try and come up with a better method and code for that method. Inserting an easily worked around idea for what is already in place and can be worked around doesn't seem to be of benefit.

Of all the ideas, I think I like the elevated role idea. Those already in elevated roles can have the permission ie: lack of no follow. All other authenticated users get the no follow. Once a user is elevated for community contribution they are awarded with google juice.

Of all the ideas presented, the above is the only one that can't be worked around.

another method would be to use field permissions on the url fields where sites can be entered, or spam can be entered. Standard autenticated users get few fields. elevated roles get more fields. New users don't know what they can't see. Thus they wouldn't feel penalized when registering.

The field permission is actually a good idea, although there could be somebody who asks why he cannot set his web site address while a friend of him is able to set it.

and that reason would be one user has been put in an elevated role based on their contributions to drupal and it's community. View it as a reward program/incentive program.

This is spiraling out of control.

As soon as you create 'haves' and 'have nots' with regard to nofollow links the webmasters queue is going to see 1000 emails a day asking why their profile has nofollow and profile x doesn't.

The issue of spammers getting linked to from their user page is a non issue. When a user page is created it has zero significance and therefore the initial flow on from drupal to the spammer is not significant. It takes time to build significance in the eyes of search engines. Which means a spammer needs to go undetected for a long time for them to reap any benefit from having a link to their site on their profile.

Spammers don't think, they just output content.. Please take a minute to think why we need to do this.

the webmasters queue is going to see 1000 emails a day asking why their profile has nofollow and profile x doesn't.

I think that is an overstatment as I don't see users viewing the source of everyones profile though explanation can be added to the registration form.

I don't see a problem with what is in place now, however obviously others do.

I think that is an overstatment as I don't see users viewing the source of everyones profile though explanation can be added to the registration form.

Sure it is an exaggeration but my point was that any time wasted looking at this sort of email is unnecessary.

My real point was that spammers get nothing from this link unless they remain undetected for a very long time which never happens.

My real point was that spammers get nothing from this link unless they remain undetected for a very long time which never happens.

That is true too. It's difficult that spammers who just edited their profile will get any Google ranking; that would happen from the moment they post many posts, and Google is getting the link to their profiles from the comments they leave in the Drupal pages.

Maybe I am missing something, and the links to the user profiles already have the "nofollow" attribute.

EDIT: It doesn't seem the links to the user profiles shown in a Drupal page have the "nofollow" attribute; if this is really the case, why don't we apply the proposal to add the "nofollow" attribute to the users who just opened an account on Drupal to the links to user profiles? Only after they have contributed, a webmaster can remove the restriction on the user.

one would have to read Gerhard's entire blog (in #3) to understand what prompted the changes and the research that was done with regards to the original change.

Yes, read killles' blog-- unless I'm misunderstanding it, spammers do not have to "go undetected for a long time" to get some link juice. It appears to be happening quite quickly. That's the crux of the problem in the first place and probably part of why there's been an uptick in spammer activity lately. If we fall off the radar of "quick link juice sites", perhaps they'll move on and target some place else.

"If we fall off the radar of "quick link juice sites", perhaps they'll move on and target some place else."

Or just keep doing it here and somewhere else.

Using nofollow is not a solution to the problem.

My question is: why are we talking only of the web site URL placed in the profile page?
Every page with comments have a link to the user profile for each user who commented in that page. I would guess that a link in a page has more probability to be caught if the page containing the link is referred in more pages. That should be the way the Google ranking is calculated: the more links point to a page, the higher ranking the page has; if the page of my site is referenced by more web sites, it should be more probable that Google will assign it a higher ranking (and I guess it's what should happen if a web site has many pages that point to my web site page).

If to add the "nofollow" attribute is not the solution, maybe it's enough to not make the users name a link to their user profiles, and to disable the links users would put in their signature. Only users who made some contributions in the Drupal pages should have these limitations taken off.

maybe it's enough to not make the users name a link to their user profiles

Ok, let's not throw the baby out with the bathwater here. Names linking to the profiles is a very important feature.

Links in peoples' signatures are already nofollow'd.

Michelle

I like the elevated idea: somebody contributing getting link juice. Otherwise somebody could pose as a valid contributor, get lots of link juice, and then install a spam website instead of a Drupal or other website.

A more likely situation: A valid contributor is a couple hours late re-registering his or her domain name, and a domain bot snags it up, sets it up as a bullet-proof domain, and spams away.

Anyway, my opinions: I do NOT like the idea of "google juice" only for l33t luzers. You will always get people complaining about elitism, and they might be right. Many (if not most) users come here for help setting up their Drupal sites, so they won't have one to link to.

I DO like the idea of non-Drupal sites having rel=nofollow, applied to all sites equally. It is a Drupal-oriented website, after all.

I DO think at the very least that the wording should be changed. "To prevent spam" should be in there somewhere, that way people will know and understand exactly why you have your policy.

another: http://drupal.org/node/770818

Can we get agreement that the help text needs to be changed? Having a rel="nofollow" attribute is fine with me since I have plenty of links pointing to my website, but this issue started with the wording of the help text. Let's deal with that first and change it from the head on a stake it is now to something more friendly like, "My website", and have the help text, "Note that accounts with links to spam sites will be blocked." Simple.

Seriously, when did we start discriminating against people who don't use Drupal? I know of several well known Drupal developers who use WordPress, for example. The way the help text is currently worded comes across as an ambiguous threat and implies that Drupal.org has a "Not Invented Here" mentality.

@ronia, this clearly is an issue or the 50+ comments here wouldn't exist. And all those carriage returns in your posts make them hard to read. Please stop that.

+1

Baby steps. Let's fix the text first as Christifano suggests. Later we can add elaborate plans to block spam links. This issue was first brought up in June 2009.

The assumption is that web site not using Drupal would be spam sites, which is clearly not true. Then, spammers have other places in the user profile where they can add spam links; not allowing them to use the space thought to report the user web site didn't stop the spammers.

Let us remove the current description for that profile field, and change its title.

Yes, please. Anything we can do to increase the friendliness of d.o. for newbies is a big win, even if it's a small change.

+1

+1 let's kill this

"Note that accounts with links to spam sites will be blocked" sums it up. +1 and over to the next one. I can change this but do the webmasters agree?

I am pro changing both the description and the title. I am pro with removing the restriction, and allow the website to be any site owned by the user (Your website).

We have now other fields that should contain links to social network profiles (and which could be used to report a link to a spam site). Are we worried for that single field that could contain a link to a not Drupal site?

Like Christefano said in #55:

Something more friendly like, "My website", and have the help text, "Note that accounts with links to spam sites will be blocked." Simple.

The consensus is clearly there. Now we just need someone with the power to make it so.

I'd do it but I don't want to implement my own words. :) Marking as RTBC instead.

The RTBC status is used also for issues without a patch, though; it simply means there is a consensus about what to do. I am not sure it's true in this case, as we should agree on how to change the title and the description.

I can't believe this issue is still open after almost two years.

+1 to what kiam said. (As well as #61, #60...)

@bertboerland: +1 on #62... I say go for it. Either that, or let me borrow the keys real quick and I'll do it. ;)

http://drupal.org/admin/user/profile/edit/13

Changed label to "My website"

Explanation is: Add the URL of your website, prefixed with http://. <strong>Note that accounts with links to spam sites will be blocked</strong>.