Restricted Content Posted April 22, 2021 Posted April 22, 2021 Was that issue ever corrected? Have not used IPB in a while and was wondering....It was a pain in the ass to get my Host to change that and if I still have to go through it I will just use a free forum software.....Thanks...
Adriano Faria Posted April 22, 2021 Posted April 22, 2021 Which error? Help people without crystal ball. Linux-Is-Best 1
CoffeeCake Posted April 22, 2021 Posted April 22, 2021 Maybe this? Did you report an issue via support? What did they say? Linux-Is-Best 1
Restricted Content Posted April 22, 2021 Author Posted April 22, 2021 No e-mail error..It occurred after the install with a little message saying "fatal php" something or another....Been a while so I don't recall the exact line....
Dean_ Posted April 22, 2021 Posted April 22, 2021 2 hours ago, Adriano Faria said: Which error? Help people without crystal ball. Got that Crystal ball yet? 🤣 4 minutes ago, AlienOrigins said: No e-mail error..It occurred after the install with a little message saying "fatal php" something or another....Been a while so I don't recall the exact line.... That’s about as clear as mud, and now you only just mention this issue with absolutely no details. What on earth are meant to take from this? 😂 Adriano Faria 1
CoffeeCake Posted April 22, 2021 Posted April 22, 2021 8 minutes ago, AlienOrigins said: No e-mail error..It occurred after the install with a little message saying "fatal php" something or another....Been a while so I don't recall the exact line.... You would need to provide details from PHP's error logging to determine what went wrong and what the appropriate solution would be. The two most likely culprits are: Necessary PHP extensions that are not installed on your server Insufficient allocation of memory to PHP on your server Your server error message log will tell you which is the problem. To answer your question, neither the extensions required have been reduced, nor has the memory footprint of IPS been reduced. If your host is underpowered for IPS and you cannot change hosting providers or increase the amount of resources allocated to your site, IPS may not be the best fit for you. You may want to consider IPS' Cloud offering if server administration is something you're not interested in. Linux-Is-Best 1
Restricted Content Posted April 22, 2021 Author Posted April 22, 2021 Don't worry about it..If you have not seen it then your obviously not using the software..Thanks for the attempted help anyway..
CoffeeCake Posted April 22, 2021 Posted April 22, 2021 Sorry, just looked at your profile, @AlienOrigins. I realized I forgot a third, equally plausible factor that may be resulting in the error you're seeing. Yeti in the server. 1 minute ago, AlienOrigins said: If you have not seen it then your obviously not using the software. Busted. Adriano Faria, IveLeft... and Dean_ 3
Restricted Content Posted April 22, 2021 Author Posted April 22, 2021 (edited) 2 minutes ago, CoffeeCake said: Sorry, just looked at your profile, @AlienOrigins. I realized I forgot a third, equally plausible factor that may be resulting in the error you're seeing. Yeti in the server. Possible..Then again at my age it could be a default setting in the cerebral cortex gone haywire...I will download it and install it if the php crap is still there I will delete the software. Edited April 22, 2021 by AlienOrigins
CoffeeCake Posted April 22, 2021 Posted April 22, 2021 2 minutes ago, AlienOrigins said: if the php crap is still there It's totally still there. Good luck. Dean_, Adriano Faria and Linux-Is-Best 3
Daniel F Posted April 22, 2021 Posted April 22, 2021 Hi @AlienOrigins, could you please explain your issue? 8 minutes ago, AlienOrigins said: If you have not seen it then your obviously not using the software.. I'm using it daily, in fact I'm also handling the dev tickets so I'm aware of almost all the common issues and bugs our clients run into and I can tell you that we're not aware of any email issues in the software. It's really hard to say if your issue was fixed without knowing what it is. Are you talking about https://invisioncommunity.com/forums/topic/457795-email_test_mailfunction_disabled/?tab=comments#comment-2825231 ? Have you tried the recent IPS release?If yes, are you still experiencing the issue? Linux-Is-Best 1
CoffeeCake Posted April 22, 2021 Posted April 22, 2021 7 minutes ago, Daniel F said: I'm using it daily Look, @Daniel F..... we have to admit defeat. AlienOrigins obviously knows we're deep in the pockets with big PHP and have never touched this stuff in our lives. We are no match for his deductive reasoning skills. Dean_, SeNioR- and Linux-Is-Best 3
Restricted Content Posted April 22, 2021 Author Posted April 22, 2021 15 minutes ago, Daniel F said: Hi @AlienOrigins, could you please explain your issue? I'm using it daily, in fact I'm also handling the dev tickets so I'm aware of almost all the common issues and bugs our clients run into and I can tell you that we're not aware of any email issues in the software. It's really hard to say if your issue was fixed without knowing what it is. Are you talking about https://invisioncommunity.com/forums/topic/457795-email_test_mailfunction_disabled/?tab=comments#comment-2825231 ? Have you tried the recent IPS release?If yes, are you still experiencing the issue? Getting ready to install it..Will copy and paste the error if it's still there. Linux-Is-Best and Daniel F 2
Restricted Content Posted April 22, 2021 Author Posted April 22, 2021 Dangerous Php Functions Enabled! I knew it was something along the line.
Restricted Content Posted April 22, 2021 Author Posted April 22, 2021 42 minutes ago, CoffeeCake said: Look, @Daniel F..... we have to admit defeat. AlienOrigins obviously knows we're deep in the pockets with big PHP and have never touched this stuff in our lives. We are no match for his deductive reasoning skills. Just saw this too bad there is not a smart ass emoji you earned it.
Dean_ Posted April 22, 2021 Posted April 22, 2021 9 minutes ago, AlienOrigins said: Dangerous Php Functions Enabled! I knew it was something along the line. That’s to do with your server. Speak to your host with the errors shown and they will correct it for you. God save us.. 😂 Linux-Is-Best 1
CoffeeCake Posted April 22, 2021 Posted April 22, 2021 1 hour ago, AlienOrigins said: Dangerous Php Functions Enabled! I knew it was something along the line. Ah! Yes, this message is a warning to you that your server's PHP configuration is unnecessarily vulnerable to being used by individuals and/or organizations looking to exploit and hack your site. Why? Well, most obviously, for alien mind control purposes. It's the only conclusion that makes sense. The functions that are called out are not at all used by IPS and are incredibly dangerous to leave enabled. It is a security best practice that you should absolutely ensure you're heeding the advice of. They are commonly used to infiltrate web sites and steal data or worse. If your host does not have the ability to modify your PHP configuration for you to disable those functions, my recommendation would be that you find another host. IPS will work just fine with the functions enabled, yet the warning is there for you as an administrator to remind you that you have left unnecessary risk in your install. You may be able to disable functions using the php_value stanza in an .htaccess file, yet I would strongly advise you to disable this from your php configuration file. If you are using cPanel or the like, I'm sure there's a mechanism to do this. You want a web host where you at the very least are running in a chrooted environment and have the ability to modify the configuration of your PHP instance in a manner that does not affect others using the same web host or server. Linux-Is-Best 1
Davyc Posted April 22, 2021 Posted April 22, 2021 If you can't change your php configuration (possibly you are on shared hosting) then add the following to a Notepad file and name it php.ini disable_functions = exec, system, passthru, pcntl_exec, popen, proc_open, shell_exec display_errors = off If your host allows for recursive php.ini files then you only need to upload to your root, if not you will need to upload to all folders 🙂 Restricted Content and Linux-Is-Best 2
Restricted Content Posted April 22, 2021 Author Posted April 22, 2021 6 hours ago, Dean_ said: That’s to do with your server. Speak to your host with the errors shown and they will correct it for you. God save us.. 😂 You ever tried speaking to the non English talking help at Namecheap? I would rather try to give a Great White Shark a root canal! Linux-Is-Best 1
Restricted Content Posted April 22, 2021 Author Posted April 22, 2021 (edited) 4 hours ago, Davyc said: If you can't change your php configuration (possibly you are on shared hosting) then add the following to a Notepad file and name it php.ini disable_functions = exec, system, passthru, pcntl_exec, popen, proc_open, shell_exec display_errors = off If your host allows for recursive php.ini files then you only need to upload to your root, if not you will need to upload to all folders 🙂 I will try this if I decide to reinstall it.... Too Add: Tried it and it don't work...Basically telling me I am exposing sensitive php functions that could compromise the board... Edited April 22, 2021 by AlienOrigins
Stuart Silvester Posted April 22, 2021 Posted April 22, 2021 Changing disable_functions at your account level on a shared server (and in may PHP configurations won't work because they're core directives) is not really seeing the point of these warnings. They're there because those methods could also potentially be used by other accounts on your server to exploit your data by bypassing the typical directory protections in PHP/open_basedir. They're as much about protecting your community and your data from other sites that may get exploited on the same server. Linux-Is-Best and Restricted Content 2
Restricted Content Posted April 22, 2021 Author Posted April 22, 2021 8 minutes ago, Stuart Silvester said: Changing disable_functions at your account level on a shared server (and in may PHP configurations won't work because they're core directives) is not really seeing the point of these warnings. They're there because those methods could also potentially be used by other accounts on your server to exploit your data by bypassing the typical directory protections in PHP/open_basedir. They're as much about protecting your community and your data from other sites that may get exploited on the same server. Thanks...It don't matter I deleted the site and software off the server..Not interested in pulling the teeth out of a great white.
CoffeeCake Posted April 23, 2021 Posted April 23, 2021 (edited) Those functions are rarely needed and very dangerous. You are putting electrical tape over the check engine light on your car, and then complaining that the light is the defect instead of the oil leak. Or putting the anal probe directly into the interstellar mouth socket. One of those. Installing some other software on the same server is not resolving your problem. Other software may not do you the courtesy of warning you that there is a problem, but the problem is global to all PHP based applications. You seem to think because your other car doesn't come equipped with air bags that a new one with air bags obviously has a terrible defect that makes it crash spontaneously into walls. So you'll drive the old one because that's safer.... Edited April 23, 2021 by CoffeeCake Linux-Is-Best 1
Davyc Posted April 23, 2021 Posted April 23, 2021 This is a strange issue in that IPS warns about these dangerous functions, yet unbelievably Xenforo needs at least one of them to function. I have both IPS and Xenforo and when I applied the php.ini fix (because my host IONOS would NOT disable them) Xenforo threw a wobbler and generated loads of errors. In light of @Stuart Silvester comments it begs the question, would IPS installations be best served on a VPS with root access? I've been considering this for a while, but my lack of expertise in running a VPS is a concern to me. I could switch hosts and go with someone like Nimbus, but they are way too expensive for what I am getting out of my sites. So any further guidance would be appreciated. As an aside, adding a php.ini file to my root did not work so I had to go to the extreme measure of adding the php.ini file to all folders, which was no small task.
CoffeeCake Posted April 23, 2021 Posted April 23, 2021 5 hours ago, Davyc said: I've been considering this for a while, but my lack of expertise in running a VPS is a concern to me. I could switch hosts and go with someone like Nimbus, but they are way too expensive for what I am getting out of my sites. So any further guidance would be appreciated. You could get from New York to Los Angeles much faster if you flew a plane as compared to driving a car, however buying a plane and attempting to fly it would be a dangerous enterprise if you only know how to drive a car. First step is to get a pilots license. Educate yourself on what's needed to know about the more administrative bits of having that level of control and responsibility over a publicly accessible system compared to a managed shared hosting plan. I'd recommend to someone entering this arena today to look at the large cloud services providers. I have no idea what a Nimbus is, yet I'm certain you could provision yourself with computing and memory power in excess of their offerings at any of the large cloud services (AWS, Azure, GCP, DO, Linode, etc.) for significantly less. You will likely fair better at a cloud service once you exceed a basic local business level Wordpress type site. The other direction to look at is considering IPS' managed service. If you are someone that just wants to focus on running your community and not be bothered by the underlying technologies, this is a way to pay someone else to do it for you. 5 hours ago, Davyc said: This is a strange issue in that IPS warns about these dangerous functions, yet unbelievably Xenforo needs at least one of them to function. I cannot even begin to imagine a legitimate use for any of those functions--they all surround running server-side executables. /summon Kier. What the heck? Daniel F 1
Recommended Posts