Randy Calvert

Out of curiosity, are you using a WAF such as cloudflare or something similar? If so those are known to have limits on upload sizes outside of your hosting.

IPS has said they want to improve monetization in 5.x. It may not be in 5.0.0 but they’ve mentioned it several times as a major goal of the 5.x line. So this may be something that even happens natively. If not, I would imagine it might become easier to do over time.

This could also be an issue with the server’s image handler (imagemagik or GD). You might try switching whichever is being used to the other.

Hi @Gary! Good to see you still around! Hope all is well!

It looks like a bug with Google. Seems to be valid schema when checked elsewhere.

No, I did not write the software. I do not work for IPS. However I do work for one of it's large enterprise customers and I know for a fact that code has been subjected to some pretty serious scans before the company would allow it to be deployed outside of it's DMZ. This includes automated and manual code reviews and multiple types of pentesting. I also see these boards on a near daily basis and there is no difference of people complaining about spam following the March release than there has been literally over the last 10 years. There has not been any sort of large influx of hundreds of people saying "hey I'm seeing this now". As someone who has been around here when a "big" issue has occurred, there would be 10 pages of people posting about it. You would not be able to miss the flood. It would literally be the dominate issue of the month. The accusation you have made that attackers can just "take over" accounts is wildly huge that I don't think you fully understand what exactly you're implying here. If they can just take over random accounts, they could take over ANY account on the site including admins and that could lead to ANY and all data being able to be exfiltrated. It's not some "super annoying small hole" that you're stating. There are multiple ways of investigating this. I would start with the investigation of each account. When was it created? (New accounts vs old accounts, etc.) How many "relevant" posts have been made by the user? (Spammers can create accounts 3 months ago and post a few "oh me too" or other "AI generated" reply. I have had one spam attack that would have 5 different accounts reply to each other with ChatGPT junk promoting links on 10 year old topics that got picked up in Google.) Has there been a REAL user with a history of posting? If so, how did they get the credential? Was the associated username or email in a database of known compromised credentials? Does the user have malware installed on their device? Has the user been through a password reset to a new password that is not known to be compromised but also compromised a second time? Again... I want you to think through this. If I'm a malicious actor and I can just randomly take control of any user account on your site, why am I going to pick a random user account and post spam that can be immediately seen/blocked/stopped? If they could do that, they would instead gain access to a privileged account and do other things such as gaining access to the ACP and embedding links into older posts that are not frequently seen but would be picked up by Google. I would be editing the theme's code to have someone visiting your site trigger ad code in the background where the user never even had to click a link. I would have harvested your complete member list and email address to spam all of your users. There are literally HUNDREDS of more valuable things I could be doing if there was something in the software I could exploit to gain control of a user account. They are simply making random spam posts as an attack of opportunity where they can either create an account themselves or have a credential obtained from elsewhere and use it because it's available. Again, have you taken the advice given on here for reducing spam? For example: Are you using hCaptcha on the highest level? (To help reduce the impact of spam at time of registration?) Are you requiring user accounts to use 2FA? (This is so that if an account is compromised, the attacker would need not just the password but also access to a trusted user device for the one time code.) Do you ask questions on registration that would be difficult for spammers to figure out? (Hint... most bots can solve simple questions like "what is 1 plus one?". They need to be unique for your niche.) Are you forcing all users to reset their password if you think there is someone targeting your user base? Are you using other reputational services like CleanTalk? It can help which block registration of IPs and emails that have spammed not just forums but blogs, etc. There is no silver bullet for stopping spam. The attacks will come and go over time. There is not a single platform out there that does not deal with the problem. But you have many tools at your disposal to help you.

Are you getting other emails from your site? I’m curious if your email provider might not be delivering your mail or marking it as spam.

IPS has literally thousands of customers ranging from international brands to small hobby sites. If this was a big hole in the software that happened in the March update, there would be a huge flood of customers suddenly posting about it. Let me turn that back around on you… Why do you think it’s a problem with the software suddenly when there has not been a change in others having a similar issue? And in looking at the change notes, nothing in it would impact what you are reporting. You are blaming the software update because this happened afterwards but that can simply be causality. Just because something happened around that time does not mean it is what caused the situation. Also let’s think about this for a moment… if a spammer could just take over any account on your site, why would they not target important accounts? Why not target admin or moderators? They could mass change content and do significantly more “damage” that way. They would also be able to bypass any sort of restrictions such as post approval or content moderation. They dont have access to specific or exact members. They’ve either gotten a credential from somewhere else or they registered the account themselves a while back and working back to using it now.

This would require some sort of native app which IPS is not supporting. So don’t expect this sort of functionality anytime soon given they abandoned the idea of developing a native app in favor of PWA.

Ummm I hope you realize IPS does this already as part of its software release process. This includes dynamic and static code scanning. IPS also has its software reviewed on a regular basis by 3rd party security companies. In addition the software is used by MANY large corporate customers who do their own independent testing in order to use it in their environment. So sitting here stomping your feet and simply saying it’s some random problem “somewhere” in the software is simply shows that you are uninformed. There have been recommendations provided on how to improve blocking spam including using hCaptcha (where you can also increase its difficulty), requiring your users to use 2FA, and others. Spam is a problem EVERYWHERE on the internet and is a cat/mouse game. If someone has an account somewhere else compromised and uses the same credentials on your site, that is NOT a problem in the software. It’s a user problem for being stupid and using a credential in multiple places. That’s why it’s important to use things like 2FA to prevent a malicious actor from getting a password from somewhere else. By the way… did you know most large banks despite having FANTASTIC cyber security have on average over 3000 compromised accounts a month? Thats despite spending hundreds of millions of dollars a month on security tools that small site owners can only dream about. If this is a challenge for them with literally dozens to hundreds of dedicated cyber security experts and budgets in the millions of dollars… how realistic is it for “the rest of us”?

Yes, you want to make a completely separate installation. This means uploading a copy of the software files again and also using a different MySQL database so that you don’t risk impacting your live installation. I personally would suggest using a separate hostname like test.mydomain.com as well. That way if you need to delete/reinstall your test instance you won’t have issues with the license key saying it is already in use.

So you asked someone who literally knows nothing about the software, its security or configuration and you expect them to know what they’re talking about? That would be like going up to a random police officer and asking them who committed a crime in your country without them knowing anything about the circumstances. Based on my personal experience… I have seen numerous circumstances where accounts have been created by spammers that instead make a few “innocent” posts and several months later come back and start spamming. In researching the account IP that posted the “innocent” content was posted from a VPN where the spammer would attempt to mask their real IP. They would switch to a different VPN IP for spamming. If this was truly a situation where it was a software level exploit it would not happen with just a few accounts. A majority of the accounts would be used including admin/moderator accounts. It would also be impacting EVERY single board.

You don’t for a VPN. IPS would not control the Cloudflare site they are visiting to adjust the settings. They would have to tell their customers to turn off cloudflare for their site while troubleshooting. For what can you do as the site owner? Turn off all bot related protections. That will help you confirm it is a bot issue. Once confirmed, you could whitelist your server’s IP. If other third party servers are also accessing the IP, you might have to whitelist those IPs as well.

It will work itself out. I’ve seen this issue and while it may seem stuck it will eventually finish after a day or so.

There is no way to "undo" an account delete. You would need to restore from a backup. If this is important, you need to do it sooner than before so you don't keep losing data since your last backup. Regarding changing email, I just changed my email on this site and my personal forum and don't have that behavior occurring. Do you use some kind of 3rd party app or login system?

One suggestion if this is really bothering you is to change the language string for "Last Visited" to something like "Last Signed In".

In that case, if you have a dedicated IPB database and database user, just give it full permission and call it a day. It is no more/less secure and will avoid problems later down the road.

My suggestion would be to give it full permission. If IPB is kept in its own database with nothing else in it, there is no risk to it having full permission. It should not be interfering with other applications. Restricting permissions only can lead to problems later when it potentially can't do something it needs later and you think the software itself is broken when it's instead just a platform configuration on your side. A few months down the road, you're never going to remember this and it will be a big mess and waste of time figuring out how to fix the issue when it could be avoided in the first place. You're not really increasing the security of anything as long as you keep IPB in its own DB without other applications installed in it.

No. There is no “other admin confirmation”. They are either an admin or they’re not. If you want to review actions they’ve taken, there is both moderator and admin logs available to show what actions have been performed by others.

This is highly dependent on how exactly it was installed. You would want to delete any Wordpress files. If those files are in a specific folder, it would be a simple as deleting that folder. If you mixed it in with IPB files, you would have to sort out what is which and only delete the Wordpress files. If you don't know which is which, you can download a set of IPB files from your client area and look at what directories, files, etc are associated with IPB. If your Wordpress is installed in a separate database, you could simply delete that database. If it's shared with your IPB install, you would need to manually separate those as well. If you had any 3rd party integrations to tie your Wordpress to your IPB, you would want to remove those as well.

Awesome. Glad it worked. 🙂

Reach out to the account team. 🙂 https://invisioncommunity.com/contact-us

You need to remove the image from the bottom thumbnails in the attachment section at the bottom. If the image is still attached but not “placed” it will just show up at the end.

It’s a non-issue. Safari did this years ago already. Google is a long time late to the party.

You are looking at the wrong space. The error message tells you where is out of space: Disk full (/tmp/#sql-temptable-70e-3aef8-cea.MAI); waiting for someone to free some space... (errno: 28 "No space left on device") (1021) The /tmp/ partition is basically like a separate drive on a Linux server. It’s used for as you might expect from the name… TEMPORARY files. Restarting the server might temporarily clear some of those temp files but it does not necessarily solve why it’s filling up. This is a servet issue you would need to discuss with your hosting provider. Invision can’t help troubleshoot server/hosting issues.