Randy Calvert

Are you using an “app specific password”? Your regular login will be rejected by Google.

You don’t download single apps. You download the full software package. When you download it, the system knows based on your license what files to include. Upload everything to your site.

By the way… this is a massive problem across the internet. It’s not an “IPB problem”. Ars Technica had a story about it yesterday and how this sort of activity is getting harder and harder to detect with compromised accounts. Check out: https://arstechnica.com/security/2024/04/everyday-devices-are-used-to-hide-ongoing-account-compromise-campaign/ Yes… this is a problem, but it’s not a flaw in the software. It’s a user issue. The only way to “fix” it is to either use 2FA or make users use unique passwords. There are technically other solutions as well, but they’re super expensive and are only really viable financially by very large sites such as tools like ThreatMetrix or Akamai Account Protector.

You need to download a full set of the IPB files and upload them to your site. Go back to you were with the applications listen and you’ll see at the bottom a button to install the ones you are missing.

The database name, database username, and database password can be found in your conf_global.php file. That will be what IPB itself uses to connect to mySQL. If the database user has full permissions, it should also include the ability to repair the tables owned by that user.

Repairing a database is not done within the IPB software. It's a server level activity. You may need to contact your hosting provider for assistance. A search of Google for repairing mySQL databases on Windows servers turned up the following which might help you: https://community.spiceworks.com/t/how-to-repair-mysql-database-using-windows-command-line/1014346 If you are unable to repair the database at all, you may need to restore it from a backup.

In addition, I would recommend asking unique questions… don’t use “what street did you grow up on?” for example. Generic questions can sometimes be figured out from looking at social media or other places.

It adds another layer an attacker must overcome. Here’s a scenario in which this defense would prevent: A rather large number of people use the same usernames and passwords across multiple sites. If I get a list of credentials from another compromised site, I could try them on other sites like yours and because you used the same credentials… I now have access to your account without actually hacking your site/server/IPB instance. However with another set of questions, it’s much more likely the attacker would not have access to those as well and would be stopped. (It’s possible they could if they were targeting you specifically and had lots of info on you but it would stop those “attacks of opportunity”.) Now… it’s not as secure as something like having a 2FA implemented, but it’s better than nothing!

Look at your Spam Prevention settings. If one of the settings is set to register but ban, this behavior would occur.

You will need to work with your hosting provider to see what those 500 errors are. Once you know what is going on, more advice can be given.

I personally had random performance issues with Wasabi and instances where my content would not display. I moved away from it after the 4th incident of it happening. The lower cost could not justify the availability for me.

You do realize that’s because literally everything that could be breaking your site such as themes or third party plugins can’t work? If you rename that file… the software is essentially useless. If you think it’s truly a DDoS attack, you need to work with your host to mitigate it. But your test for third party resources or themes is flawed because renaming that file basically disables those along with everything else by breaking the full software.

There is not a set date for release. However the software is not far away from release. It’s being tested for bugs by some members of the community here. So it will be sooner than later!

The product is real and it's coming. I've been fortunate enough to play with the early alpha version and it's chugging along very nicely. The new editor is sweet and the UI update is slick. There are certain areas still under heavy development. It's not ready for prime time yet, but I've seen many bugs squashed and lots of great polishing being done to the stuff they've already announced.

The IPB software is detected on that hostname even though it's not configured. Remove the index.php or disable access to the site long enough for the license reset to be done and THEN make the files available.

Yup. The major crawlers tend to come every so often and when they do, they might have several different spidering instances crawling the site at the same time.

You submitted basically the same post 2 months ago: Marc's response is still applicable... why are you worried about this? If you are self-hosted and are having issues with resources, your best bet is to block them using a WAF like a Cloudflare or working with your hosting provider to block them. If you're hosted on IPB's cloud platform, there should not be any impact from this in any way.

Take a look at the following: https://community.cloudflare.com/t/how-to-block-a-particular-ip-address-in-cloudflare-thank-you/498515

The software is not the place where you would want to block/ban an IP address. If they reach the software, the request still has to be executed. You would want to block them either at the network layer with a WAF (like Cloudflare) or at the server layer with a server firewall (CSF or .htaccess blocking).

Out of curiosity, are you using a WAF such as cloudflare or something similar? If so those are known to have limits on upload sizes outside of your hosting.

IPS has said they want to improve monetization in 5.x. It may not be in 5.0.0 but they’ve mentioned it several times as a major goal of the 5.x line. So this may be something that even happens natively. If not, I would imagine it might become easier to do over time.

This could also be an issue with the server’s image handler (imagemagik or GD). You might try switching whichever is being used to the other.

Hi @Gary! Good to see you still around! Hope all is well!

It looks like a bug with Google. Seems to be valid schema when checked elsewhere.

No, I did not write the software. I do not work for IPS. However I do work for one of it's large enterprise customers and I know for a fact that code has been subjected to some pretty serious scans before the company would allow it to be deployed outside of it's DMZ. This includes automated and manual code reviews and multiple types of pentesting. I also see these boards on a near daily basis and there is no difference of people complaining about spam following the March release than there has been literally over the last 10 years. There has not been any sort of large influx of hundreds of people saying "hey I'm seeing this now". As someone who has been around here when a "big" issue has occurred, there would be 10 pages of people posting about it. You would not be able to miss the flood. It would literally be the dominate issue of the month. The accusation you have made that attackers can just "take over" accounts is wildly huge that I don't think you fully understand what exactly you're implying here. If they can just take over random accounts, they could take over ANY account on the site including admins and that could lead to ANY and all data being able to be exfiltrated. It's not some "super annoying small hole" that you're stating. There are multiple ways of investigating this. I would start with the investigation of each account. When was it created? (New accounts vs old accounts, etc.) How many "relevant" posts have been made by the user? (Spammers can create accounts 3 months ago and post a few "oh me too" or other "AI generated" reply. I have had one spam attack that would have 5 different accounts reply to each other with ChatGPT junk promoting links on 10 year old topics that got picked up in Google.) Has there been a REAL user with a history of posting? If so, how did they get the credential? Was the associated username or email in a database of known compromised credentials? Does the user have malware installed on their device? Has the user been through a password reset to a new password that is not known to be compromised but also compromised a second time? Again... I want you to think through this. If I'm a malicious actor and I can just randomly take control of any user account on your site, why am I going to pick a random user account and post spam that can be immediately seen/blocked/stopped? If they could do that, they would instead gain access to a privileged account and do other things such as gaining access to the ACP and embedding links into older posts that are not frequently seen but would be picked up by Google. I would be editing the theme's code to have someone visiting your site trigger ad code in the background where the user never even had to click a link. I would have harvested your complete member list and email address to spam all of your users. There are literally HUNDREDS of more valuable things I could be doing if there was something in the software I could exploit to gain control of a user account. They are simply making random spam posts as an attack of opportunity where they can either create an account themselves or have a credential obtained from elsewhere and use it because it's available. Again, have you taken the advice given on here for reducing spam? For example: Are you using hCaptcha on the highest level? (To help reduce the impact of spam at time of registration?) Are you requiring user accounts to use 2FA? (This is so that if an account is compromised, the attacker would need not just the password but also access to a trusted user device for the one time code.) Do you ask questions on registration that would be difficult for spammers to figure out? (Hint... most bots can solve simple questions like "what is 1 plus one?". They need to be unique for your niche.) Are you forcing all users to reset their password if you think there is someone targeting your user base? Are you using other reputational services like CleanTalk? It can help which block registration of IPs and emails that have spammed not just forums but blogs, etc. There is no silver bullet for stopping spam. The attacks will come and go over time. There is not a single platform out there that does not deal with the problem. But you have many tools at your disposal to help you.