Jan Krohn

I don't really care whether it was done by a guest, or a forum member, or a hacked forum member. The system should neither allow replacing the share message with a random message, nor tolerate sending of hundreds of identical messages per minute. This is very simple common sense.

Hi,
This morning I woke up to find that tens of thousands of spam emails were sent through the "share by email" feature.
The support's brilliant suggestion was to disabling that feature.
So instead of taking the responsibility to fix or remove a easily abusible feature, it's the customer's responsibility to disable it.
Bravo!
If the content that is to be shared can be removed and replaced by a spam message, then the feature is clearly broken. If this happens tens of thousands of times, and the system doesn't catch that, then the system is broken too.

I too had this problem, over 389,000 emails... I was only notified by my host who in turn wasn’t very happy.
However we disabled this function and it has obviously fixed this issue. But, now we have to find out if our server has been blacklisted.

Two of my forums were abused by this security hole.
Since Tuesday (March 17th) 
a spammer has sent out about 1.4 million spam mails (1,400,000) which results in a direct loss of about 800$ and counting (payment to Sendgrid) and a damaged sender reputation for my forum Now I realize that
you are aware of this problem for weeks you have a patch ready since Tuesday and you didn't tell your paying customers a word We need to talk. I am not amused.
Andreas

Invision Community Team: 
Thousands of emails are sent without control, the site email address is recorded in spam databases and your answer is "sorry, fix in 4.5"? You 've already tired us a little bit with blue message box about the new version, why don't you warn users with a red message box about this security hole?
 
 

No, it's not like a post!! A post gets distributed to all users who are subscribed to that category, who can unsubscribe from such messages as they like.
The "share by email" feature on the other hand allows submission of random content to random email addresses.
I did send two very nice messages to support. If the best they can come up with is suggesting to disable the feature, I don't see how asking nicely for a third time is getting me anywhere.
(And just a hint: disabling the feature was nothing I couldn't think of myself before getting in touch with support.)
A feature that allows spamming random email addresses without giving them the option to unsubscribe violates CAN-SPAM, GDPR and probably evey other anti spam regulation in any other legislation too. And this is a feature currently provided by InvisionCommunity.

I don't really care whether it was done by a guest, or a forum member, or a hacked forum member. The system should neither allow replacing the share message with a random message, nor tolerate sending of hundreds of identical messages per minute. This is very simple common sense.

Hi,
This morning I woke up to find that tens of thousands of spam emails were sent through the "share by email" feature.
The support's brilliant suggestion was to disabling that feature.
So instead of taking the responsibility to fix or remove a easily abusible feature, it's the customer's responsibility to disable it.
Bravo!
If the content that is to be shared can be removed and replaced by a spam message, then the feature is clearly broken. If this happens tens of thousands of times, and the system doesn't catch that, then the system is broken too.

No, it's not like a post!! A post gets distributed to all users who are subscribed to that category, who can unsubscribe from such messages as they like.
The "share by email" feature on the other hand allows submission of random content to random email addresses.
I did send two very nice messages to support. If the best they can come up with is suggesting to disable the feature, I don't see how asking nicely for a third time is getting me anywhere.
(And just a hint: disabling the feature was nothing I couldn't think of myself before getting in touch with support.)
A feature that allows spamming random email addresses without giving them the option to unsubscribe violates CAN-SPAM, GDPR and probably evey other anti spam regulation in any other legislation too. And this is a feature currently provided by InvisionCommunity.

I don't really care whether it was done by a guest, or a forum member, or a hacked forum member. The system should neither allow replacing the share message with a random message, nor tolerate sending of hundreds of identical messages per minute. This is very simple common sense.

Hi,
This morning I woke up to find that tens of thousands of spam emails were sent through the "share by email" feature.
The support's brilliant suggestion was to disabling that feature.
So instead of taking the responsibility to fix or remove a easily abusible feature, it's the customer's responsibility to disable it.
Bravo!
If the content that is to be shared can be removed and replaced by a spam message, then the feature is clearly broken. If this happens tens of thousands of times, and the system doesn't catch that, then the system is broken too.

No, it's not like a post!! A post gets distributed to all users who are subscribed to that category, who can unsubscribe from such messages as they like.
The "share by email" feature on the other hand allows submission of random content to random email addresses.
I did send two very nice messages to support. If the best they can come up with is suggesting to disable the feature, I don't see how asking nicely for a third time is getting me anywhere.
(And just a hint: disabling the feature was nothing I couldn't think of myself before getting in touch with support.)
A feature that allows spamming random email addresses without giving them the option to unsubscribe violates CAN-SPAM, GDPR and probably evey other anti spam regulation in any other legislation too. And this is a feature currently provided by InvisionCommunity.

I don't really care whether it was done by a guest, or a forum member, or a hacked forum member. The system should neither allow replacing the share message with a random message, nor tolerate sending of hundreds of identical messages per minute. This is very simple common sense.

Hi,
This morning I woke up to find that tens of thousands of spam emails were sent through the "share by email" feature.
The support's brilliant suggestion was to disabling that feature.
So instead of taking the responsibility to fix or remove a easily abusible feature, it's the customer's responsibility to disable it.
Bravo!
If the content that is to be shared can be removed and replaced by a spam message, then the feature is clearly broken. If this happens tens of thousands of times, and the system doesn't catch that, then the system is broken too.

Hi,
This morning I woke up to find that tens of thousands of spam emails were sent through the "share by email" feature.
The support's brilliant suggestion was to disabling that feature.
So instead of taking the responsibility to fix or remove a easily abusible feature, it's the customer's responsibility to disable it.
Bravo!
If the content that is to be shared can be removed and replaced by a spam message, then the feature is clearly broken. If this happens tens of thousands of times, and the system doesn't catch that, then the system is broken too.

I don't really care whether it was done by a guest, or a forum member, or a hacked forum member. The system should neither allow replacing the share message with a random message, nor tolerate sending of hundreds of identical messages per minute. This is very simple common sense.

Hi,
This morning I woke up to find that tens of thousands of spam emails were sent through the "share by email" feature.
The support's brilliant suggestion was to disabling that feature.
So instead of taking the responsibility to fix or remove a easily abusible feature, it's the customer's responsibility to disable it.
Bravo!
If the content that is to be shared can be removed and replaced by a spam message, then the feature is clearly broken. If this happens tens of thousands of times, and the system doesn't catch that, then the system is broken too.

Thanks for the move AndyF. I presumed I've posted it in the wrong section. 

As an active Lifetime License holder.

If I want to add the IP.Blog,IP.Gallery,IP.Downloads systems I pay a yearly fee for them (I have active blog/gallery licenses).

If I want to remove the footer copyright I make a one-off payment (currently considering).

If I want to use the new spam service... my "Lifetime License" is effectively ruled null and void?

I would happily pay a small additional fee (as I do with the other add-ons), but essentially I'm being asked to pay for another full license. Hello, I have one.

Am I missing something or is this a financially motivated drive to force Lifetime License holders into regular payments.

I am in total agreement with everyone else here whom has a perpetual license or lifetime license here. I have both the perpetual and the standard just for the record.

If I really wanted this on my board, I can't get because I not willing to transfer my perpetual to a standard for the mere fact that I would lose out in the benefits of the perpetual license has to offer. More specifically, I am not willing to give up on the free upgrades regardless of if I renew support or not with that license.

In order to get the extra features, we should pay an extra $20 a year without having to change the structure of our license.

Make a new "service and support" plan available to lifetime and perpetual customers and charge $50/yr ($25 / 6 months) for it. Then those who want the additional services can simply renew the more expensive plan. Why force us to give up our licenses?

Yes, you are not 'stripping features' for legacy licensed customers. Instead, you are forcing the 'legacy' customers to give up their licenses in order to use a new service. Unacceptable.

I have been an IPB customer now for about 5 years, and for me they have been brilliant, cannot praise them enough. I have no technical knowledge, And I have probably sent some very basic support tickets, but this has never been a problem, they are always answerd promptly and the situation has always been sorted quickly.

Keep up the brilliant work and the top customer support.

Kind Regards
Jack

The final version is available in Client Area. Thank you very much to the team of IPB for the surprise!

Zef :)

Regarding the subscriptions manager. I'd like to point out that all of us at IPS take it very seriously and no one here wants to see it neglected. We realise that many of you monitize your forums using the SM so we have no plans to remove it or make it a poor cousin.

Our immediate plans are:

- Refactor the subscriptions manager from 2.3.6 to 3.0.0 [Done]
- Tidy up the ACP interface [Done]
- Fix reported issues with expiring subscriptions, upgrades and PayPal [Done]
- Write hooks and add settings [To Do]
- Release to QA [To Do]
- Release Beta / RC [To Do]

I spent most of last week and identified and fixed several issues. Most of which can be back-ported to 2.3.6. More details to follow.

I'm going to switch that debug bar off. People just obsess over it.

Refresh. ooh x.xx secods.
Refresh. ooh, faster.
Refresh. Oh, a bit slower.

Etc.

Guys, we are on a VPS with other sites. We routinely have 500+ users online. We are being spidered heavily. Expecting loads of under 1 and load times of under 500ms is unrealistic on this forum.

Just wait and see how it does on your own server. And if it's 100ms slower, don't worry about it there are worse things in the world.