Ramsesx

Thanks to you all datastore is now on 777 uploads is still processing trillions of files to 777 but this doesn't fixed the issue. More ideas? How can I clear the cache or as my host recommended session tables? Will this help? And b.t.w., there's enough free webspace available.

Thank you everyone, I'm sad to be leaving but very excited for what comes next. I'm sure you'll still see me around here, just without that Staff badge.

Many active forum members. Maybe this is of help: https://www.theadminzone.com/threads/starting-a-new-forum-in-2022.154218/

Many active forum members. Maybe this is of help: https://www.theadminzone.com/threads/starting-a-new-forum-in-2022.154218/

Hi,
We're aware of the issue and we're currently working on correcting it.

This should be indeed a default feature.

In acp support it shows a warning when IPS files have been changed. It would be nice to have an option to send an auto email alert when such things occur. Or if the forum has other health issues.
 

In acp support it shows a warning when IPS files have been changed. It would be nice to have an option to send an auto email alert when such things occur. Or if the forum has other health issues.
 

What I've done in the past was moved folders I suspected were no longer in use to another subfolder (like OLD).  If something was broken on the site, it was easy to see what object was missing and I could simply move that folder back up a level back to the original place.  
After some period of time (a few weeks to a month), I knew I could safely delete the folder.  

We don't have a list of deprecated files, though if you are cleaning up from an install of 3.x which was upgraded to 4.x there are folders which can usually be deleted. (Note that you need to make certain that you didn't use those folders in some customized way.)
For v4.x the following folders are the default, and must be present:

Any other folders you'd need to check manually to see what is there.
I'll also include a screenshot of a normal "version 3.x upgraded to version 4.x" folder structure before any old files/folders have been removed:

Between those two screenshots you should be able to figure out what can be removed.
(It should be noted as well that any left-over php files would be a very small total for disk space, but removing them is still a good security precaution.)

Yes, that is legitimate code used by Facebook Pixel. You can learn more about that here. It's harmless, and doesn't actually show on the site itself unless you specifically enable it.
Since you appear to be using template disk caching (which is why you found that in a file in the uploads directory), if you delete the file then it will simply automatically regenerate.

I didn't see in the OP if the site as self hosted on a system that can provide key authentication or not.
My advice, if it's a unix-like system (Linux, etc..) and self-hosted
1. Don't use plain text password authentication with SSH.  Use Keys.
2. Do you have shell users on your system who can come and go as they please?  If so, then re-organize your user/group permissions such that these 'guest' users cannot modify your site files. A little finesse with user/group permissions for the shell users on the site would be in order. If you don't have users crawling around your system (on your staff), disregard.  See also man pages for `chown`, `chgrp`, `chmod` and `umask`
3. You're right that it's a problem -- how someone got shell access to modify the files means you have more than an IPS access issue to deal with.  They were in the system.  I could not sleep with that situation -- someone not authorized to do so crawling around my system?  I'd nuke it from orbit, and re-image and begin to evaluate what the worst case scenario is --- is/was any thing on the system personal information?
/onsoapbox
If it was me, I'd extract the Database, save off any important data, save what you want to keep, etc..
Flea-bomb the entire machine (flatten it and reimage) reinstall the OS, etc.. and then re-install what has to go back on, re-install IPS, etc.. But this time tighten down the access.  No password authentication to the site.  Got to use keys.  That's a start.
/offsoapbox
 
 

Follow up: in the meantime on every IPS project I see a warning in Google Search Console:

This is resolved after adding this CSS in custom.css
/** * Font size for mobile */ @media screen and (max-width: 767px){ .ipsType_normal { font-size: 16px; } .ipsDataItem_title { font-size: 16px; } .ipsType_medium { font-size: 16px; } .ipsStreamItem_title { font-size: 18px; } .ipsStreamItem_titleSmall { font-size: 16px; } .cWidgetPrice { font-size: 11px; } } Probably, you have to change font-size in mobile templates generally to avoid this for ALL customers. And yes, I know, it is a suggestion and I have to post it into feature suggestions... For me, getting errors in Mobile Usability (GSC) check is a bug in IPS default theme, that should be resolved regardless any suggestions made. 🧐

If it's for cloud only, it's fine for me.

If it's for cloud only, it's fine for me.

Yes it supports most IPS applications, including the Pages app.

As a general rule of thumb, if someone has gained access to your file system, replacing all the core files with what is from our Client Area is advised and performing a detail inspection of your file system to ensure there aren’t any back doors, etc…
Of course, change your hosting/server/administrator related passwords and keys. Contact should be made to your server administrator or hosting provider as well.

If it's for cloud only, it's fine for me.

If it's for cloud only, it's fine for me.

If it's for cloud only, it's fine for me.

If it's for cloud only, it's fine for me.

If it's for cloud only, it's fine for me.

This should be indeed a default feature.