All Activity

Regarding this, They demanded money to avoid leaking my website's ID and password information. To test their capabilities, I asked if they could obtain the ID and password for three other random IPS-based websites. Within 10 minutes, they sent me the credentials for these sites, involving thousands of accounts for each. What's most alarming is that these ID and password combinations were indeed functional on other IPS websites. Even though it's not IPS's fault, there needs to be better login protection. The current 2FA system is insufficient for securing all accounts. Currently, members must manually register 2FA after logging into our website. Implementing email code verification at login would be a more effective method to protect all accounts.

Yes, I am aware that ID and passwords are not stored as plaintext in the database but are encrypted. It's possible that the hacker found various IPS sites using a different ID/PW saving tool and organized this information to send to me. However, there is a major flaw in the IPS login system. I know that 2-Factor Authentication (2FA) is available and can be enforced, but this is useless for people who have already left the website. A hacker could log in using the leaked ID and password and then register their own 2FA key. Like many other websites, why doesn't IPS require email-based code verification when logging in? If this were possible, it could securely protect all accounts, including those of people who no longer use the website.

Okay, thanks @Marc Stridgen. That's what I thought. Cheers.

I don't have anything to add for tech help except to agree with the sentiment of the title. I moved my attachments folder overnight, too. It finished completely and I see no errors... ...... only it left behind a lot of files on my server, didn't move them to S3, and then updated the image URLs anyway. This was the second attempt at a move because the first attempt didn't respect the folder inside of the bucket in the URL, but did move the files to the proper folder in the bucket. The file move process has always been a huge headache with IPS4, I hope IPS5 can be better.

@TDBF, if you like, you can upload your free files to invisionify.com. Reach out to me, if this is an option for you. 😉

A while back, we created a notifications area in for ACP items like this. You will want to check your configuration in ACP -> Notification bell -> Notification Settings. Please note that these settings are independent for each administrator so everyone will need to configure them how they would like.

My forum is set up so that it requires manual approval of all new registrations. I think I used to get an email when somebody registered but I'm I'm. not getting them now. If I don't check in the admin panel very regularly, I miss them. I have looked and I[m sure it's there somewhere but can't find where to turn it on.

Please see what I have quoted from Marc, who posted above you, in response to the individual replying to your topic here. Again, it does not sound like our application was compromised but if you have specific details, please send them in a response to the accounts inbox at the Contact Us form at the bottom of each page.

As a result of my post, I received the following messages from fellow IPS users: Surely IPS should check our case thoroughly. As I have been a customer of IPS for over 10 years, and I am sure there is a problem.

I am curious as to how you have "notices this can happen on many IPS websites"? Could you perhaps elaborate on that? There isn't any way in which to actually get password from the database (for example, even from the database, I couldn't tell you what your password is). So if someone is sending you usernames and passwords that are genuine, its very likely they have gotten it from another source. We often find that users using the same password across multiple platforms are the ones that get targeted. Of course, if you have more specific information, please do feel free to contact our accounts department on the contact us link below (or pm me, that's not a problem). But a list of usernames and passwords being sent to you won't have come from your IPS database, as they simply aren't stored in a manner that is readable and would allow that, even with full access to a sites database. If you have many customer accounts that have been compromised, I would advise you force all users to change passwords on your site, which you can do from the members section of your admin CP

My forum experienced the same issue. In my case, they weren't spamming articles (since only specific member groups can write articles on my forum), but they attempted to purchase products using the "saved credit card" information of genuine users. I've noticed that this can happen on many IPS websites. A few days ago, a hacker sent me a leaked list of IDs and passwords for my website, and I asked if they could obtain similar information for other IPS websites. They sent me leaked IDs and passwords for other IPS sites within 10 minutes. For me, this has been happening since March. Not sure whether this is the security problem related with IPS or not (I'm using the latest version of IPS now), but just want to report a similar issue with the above.

I can see the issue. Your code rounds the average rating to an integer. That's why there is no difference for the first 4 items and then the next two. You can see they have the same record_rating in the database. This is how you save it. The rating_average (rating_value/rating_hits) with decimal would make a difference.

I've just asked about this, and it does indeed show the last 5. So it seems the others are records from prior to us having that limit

Thank you for bringing this issue to our attention! I can confirm this should be further reviewed and I have logged an internal bug report for our development team to investigate and address as necessary, in a future maintenance release.

Yes and yes.

I assume any tables installed by the plugin will remain in place? And you are just speaking about the table listing the plugins?

ImageMagick appears to be supported?

Yes, but the alternative would be to uninstall and have data loss. I figured the best solution is to leave everything in place so that when you create your application to replace the plugin, your installation can transfer those settings, etc to your app.

I have a Pages database. It uses star rating (not reviews!). I have set sorting by rating in descending order: The sorting is weird, though: Item with 15x5 stars and 1x1 star. Item with 17x5 stars only. Item with 25x5 stars and 3x1 star. Item with 23x5 stars only. Item with 6x5 stars and 1x1 star. Item with 16x5 stars and 1x6 stars. Item with 7x7 stars and 7x7 stars. Does it make sense? Obviously, the item #4 should be placed at the very top, following by item #2. Should it not be sorted by average as total rating divided by number of votes? Or what is meant with Sort by Rating?

I assume templates are wiped (since they're completely different?), but this will leave a lot of unused settings, tasks, widgets, etc, around in the database then. 🤨

Just dropped.

Will plugins be "uninstalled" (deleting all settings, templates, etc) or is the table simply dropped in the upgrade step?

Ah I found a problem. I just miss typed on captcha setting. I thought captcha key can be used for different domains. Didn't know it was a unique for each domain.

Enter "captcha" in the ACP search bar and.. you're done! 🙂

Hello, I'm building a new forum using IPS, but I forgot how to add a "security check" to the sign-up page. My old forum had it, as does invisioncommunity.com, but the new forum does not have a sign-up captcha. I tried to check the options in ACP, but there was only an option to use a Captcha for spam post prevention. This is my new forum, and this is my old forum and https://invisioncommunity.com/ 's setting for Sign up Captcha It would be great if anyone recall my memory for this captcha setting.. Thanks!!