[The icons] could perhaps use better mouse hover labels?
I've noted for quite some time that PICTURE doesn't accurately describe that button's function. I offer DISPLAY WEB IMAGE as more meaningful.
I concur. Maybe "External Image Link" would be descriptive? Maybe a bit on the long side so maybe edit that down to "Image Link"? Cuz I also guess that said image link may well be to some other image already uploaded.
After learning that writing a custom script was currently the only way to sift, sort, and filter users by more than one field; and after deciding that I am not up for that right now, I dove back in to slog through my user list for pruning. To my pleasant surprise I found that when I sorted the list by POSTCOUNT it was also sorted by JOINED, automatically! Either a NodeBB angel updated the user list sort functions or I am just seeing life from a different perspective. Yay! Pruning done in no time.
@zandertrek Well, I think the big win here is to stop them before they register. Afterwards is a bit late in the game, no?
Another boon to registration queue is ... I currently have a current registered user. And three additional attempts to register again under different email addresses, i.e. sock puppet/troll accounts, from same IP address. Maybe I should okay those? Ya' think? Naw... sorry charlie. 😉
There are several nice "knobs" to tweak in NodeBB, which, cumulatively, make a fairly nice layered onion. That this stuff is modular is a boon to admins: we can pick and choose what is most appropriate for our site. One size fits all approaches suck.
@zandertrek Thank you for the kind words. Don't take the above to promote complacency. I favor "The Unix Way": Specialized tools that do one task very well over the more "Monolithic", all bundled into one approach favored by e.g. MS. Thus, I really appreciate NodeBB's "modular" approach.
Along related line of thought: I also favor a "layered onion" approach to security. Hence, preferable, imho, to endeavor to block as much nefarious crap as possible before it hits my app server.
Firewall rule sets restricting ports to those actually needed.
Web Application Firewall, a.k.a. WAF. License restrictions preclude binary distribution of Nginx's ModSecurity 3.0 module so one must compile it themselves. A bit too much of a PITA for many. Apache modules do not have such restrictions. Both utilize, the OWASP rulesets, wh/can be challenging to grok, i.e. not a quick and easy one click deployment. But boy, once set up it does an excellent job. That said, WAF's, even commercial offerings, are routinely defeated by dedicated and knowledgeable black hats. Or so I am told by some grey hat types.
Fail2Ban is simpler to deploy and hence favored by many.
Hope this helps but yeah, it is a fsck'n jungle out there.
P.S.; Oh yeah, iirc, modsec3 can also be integrated with Varnish. I've only dinked around with Varnish. Not for the feint of heart. More enterprise oriented than small hole in the wall sites but deserves a mention whilst I am at it. As an aside, I don't know what magic incantations PHK and crew have up their sleeves but it is very effective against temp email addresses.
@zandertrek Not a new feature. Been around for a while. Although less than intuitive to create. I also find many low tech users confused by group chats due to being stuck in the functional fixedness of "private chat". That said, I like 'em. 👍