JohnDar

I have the social logos at the bottom of the board. The X logo (black circle,white X) doesn't line up with the others. It's too high. Is this just me? It's the same on the IPS Support theme.

Thank you. 😀 Yes, I have everything I need.

In order to make things as easy as possible for you to test, I just created a dummy account in the 'members' group. Having done that and logged in as that member from the sign in page, I have discovered that the odd error message has been replaced with a much more acceptable, "The page you are trying to access is not available for your account". It looks like the "Before a ticket can be added, you must create at least one department in the AdminCP" message only appears when an admin logs in 'as' a member from the ACP. I (wrongly) assumed that when logging in as a different member via the ACP, that all Board behaviour would mirror that experienced by that member. In this instance, it isn't the case. We live and learn. 🙂

I have one department in my Support configuration and that is for just sales. That's all I need. Prior to the recent update, it wasn't possible for members who had not purchased a product to contact me via the Support system. Now, the Support button seems to be available to everyone and I'm finding that members are using it to send in a broad range of queries (most of which are just questions best asked in the Forums) to attain personal, one-to-one help. Having 'Sales' as the name of the support department doesn't deter them. They just start by saying, "Sorry if this is the wrong place, but..." If I set the Sales support config to force visibility for purchased product support only, that excludes all other members, but the 'New Request' button is still visible and can still be pressed. When someone (without a purchase) presses the 'New Request' button, it produces an error message intended for the admins, "Before a ticket can be added, you must create at least one department in the AdminCP." That's not really something that should be shown to members. Is there a way to restrict access to the support system to just members who have active purchases? Failing that, can the error message be changed to something that members will understand, such as "There are no support departments currently available to you".

All good, following the update. For info, existing attachments remain inaccessible. To make them available to everyone, the posts need to be edited and the attachments removed and then re-added.

Thank you.

Done

Yes, I'll PM you the details

I have a Gallery album which is open to all members, to view and comment (on both the album and the images). I recently posted a reply to a comment on the album. My reply contains a small PDF document, which I assumed everyone would be able to access and download in the same way that they would if it were attached to a post in a topic. However, when anyone (but me) tries to download the PDF attachment, they are presented with the following error: I have looked through the ACP but I can't find any permissions settings that relate to this. Am I missing something?

You could probably prevent this for purchases using Payments > Settings > Anti Fraud Rules. Maybe set the value for the lower priced items and then a rule that rejects after one blocked payment. Another option would be to block payments from Guests altogether.

Good news. This issue is being addressed in the next update (4.7.2). It will no longer be possible for non-members to Donate.

My issue is a little more sinister. The site was being used for 'card testing' by fraudsters. They were firing thousands of £1 payments from different credit card numbers through the Stripe integration (about 10 per second) using the Donation Goals system. This killed the site completely and I had to mitigate via the host's CP, blocking the offending IPs being used by the bots. They were doing this in order to discover which of the cards weren't blocked. Of the 48,000 odd transactions, only 31 were accepted but I still have 48,000 blocked transactions in my log. I have been advised by Stripe to refund the 31 good transactions to prevent any disputes, but that means I'm still out-of-pocket for the fees. Thank goodness most of them didn't get through. IMHO we desperately need something adding in as friction to prevent this. Either captcha or the means to exclude Guests from accessing the Donation Goals block and subsequent form fields. Even the ability to exclude Cards as a payment option for Donation Goals and any other public facing products/services would be a step forward.

Similar issue here. 2000 pages of failed (blocked) card transactions.

Hi there, I have an issue with Stripe payments. However, I'm not comfortable with sharing details of the situation publicly. Could this be dealt with privately? Please let me know what I need to do to action this.

Thank you, I'll check it out.