Randy Calvert

Hi Deb, You would want to do the following: Make sure you save your FTP and a username/password for your forum in your Client Area. (This will save the IPS staff from needing to ask for it later.) If you have a problem, you would make a post here. (Just don’t include anything sensitive such as usernames/passwords in your post.) If it involves anything sensitive, you can make a post here and just ask for a staff member to create a ticket for you. They’ll take care of this for you and will trigger an email to you which you can use to interact privately with IPS staff. The good thing about posting here is that you can get official help from IPS staff here along with other customers who in in several cases have run into the same problem as you might have had and can provide help as well.

In that case, you’ll have to edit the email template to just hard code a message like “You have a new message on OURWEBSITE. Click here to read it.”

I would ask your host for more information about what they're saying is IPS traffic. They should be able to provide logs showing the traffic and it's source/destination. Let's figure out first if they're correct or not. It's highly unlikely that 300K+ hits is coming from IPS to your site, but let's dig into that more. Regarding the plugins... disabling ANY 3rd party plugin should not trigger an increase in traffic to your site. Most likely the disabling of the plugins simply coincided with that activity, but to make sure... re-enable plugins and disable them one by one. See if it happens again. If it DOES, you'll know specifically what plugin was problematic.

The email templates are going to be your best bet. It might take some work as there are multiple ones for each type of notification. If you only use one language it does not matter if you hard code language bits into the emails. But if you are a site that has multi language support, you would have to make sure you take language variables into consideration.

Just had to go and be a .... well ... spoil sport!

You should not need a directory path. Now... it's important to remember... this call cannot REMOVE a value that is disabled at the server level. For example.... If the server disables module1, module2, and module3... You cannot use a custom value of just module1, module2 so that module3 is enabled. module3 would remain disabled. The directive is designed to ADD additional modules to the deny list, not remove them from it. 🙂

You mentioned yourdomain.com/admin/install.... Did you try yourdomain.com/admin/upgrade? See if it will take care of catching you up to the correct table data?

I just checked my live board. That table DOES exist in the most recent version of IPB. You might want to post in the main support forum. This looks to be beyond community (meaning peer to peer) help. By the way... one idea that I had... Do a FRESH install into a DIFFERENT database. Then export/import that table into your restored table. You would have to reset a bunch of preference settings, but that might at least get you back up and running.

Also... to make the move easier... once you have community.xyz.com in place, you can create a redirect on your old server to redirect all requests to your new community.xyz.com domain. That way your old bookmarks don't stop working, and users don't get lost along the way. You can use something like the following on your old forum's .htaccess to redirect: Options +FollowSymLinks RewriteEngine On RewriteCond %{REQUEST_URI} ^/community/(.*)$ RewriteRule ^(.*) http://community.xyz.com/%1 [R=302,NC]

Try not quoting all functions here. php_value disable_functions exec,passthru,shell_exec,system

Another thing to check would be the use of mod_security. It sometimes will choke things up.

It’s typically a WAF blocking this. Are you using Cloudflare or another WAF in front of your site? If so, try temporarily disabling.

If it says the table does not exist… either: - You are pointing to the wrong database. Did you edit you conf_global.php to specify your database details manually? - You did not restore the database correctly. Do you see the table in phoMyAdmin? - Your backup is corrupt.

The only way that htaccess code will work is if your hosting provider has mod_rewrite enabled. Have you verified that module is installed and working correctly?

That would be a good course of action if you don’t have a lot of legitimate traffic from that country. Over 95% of my legitimate traffic is from the US so it’s safe for me to do that. Only you would know what your traffic is like. 🙂

There was a bot out of Sweden that appeared to be attempting to Pentest my site a few weeks ago. My firewall blocked a TON of attempted SQL injections, cross site scripting, and other malicious requests. I would block the IP because whatever they’re doing they should NOT be triggering all of those errors. So it’s most likely not a “good” bot.

Awesome! Glad you were able to square it away.

A 404 means the requested resource was not found. So if the files are in your FTP account, they most likely have an error in the httpd.conf file pointing your document root to the correct location.

A 403 error means the request was blocked as forbidden. Do you have some sort of WAF in place that could be denying requests? Are you using mod_security? If so, I would start by disabling it to narrow your troubleshooting.

Personally instead of doing Nginx, I would use a cloud based WAF to filter a request before it ever gets to my server/datacenter. The further away you can fight an attacker the better.

Have you checked to make sure the port is open in your firewall? Some firewalls will still block access from localhost if the port is not expressly open.

The question is what benefit are you looking to gain from it. Adding that layer in front is going to make things more difficult for you going forward. For example, if Nginx has something cached, and you make a change in the ACP to a theme or a setting... but it does not bust the Nginx cache, you could be stuck troubleshooting other issues you did not anticipate or need to potentially address. You're going to have to weigh if the benefit that comes from adding it is outweighed by the potential problems and the extra maintenance involved.

The ask you might need to make to your hosting provider is "can you make the /public_html/uploads folder AND all items under it have 777 permissions?". That 777 might need to be 755 if they're running suExec as Marc noted. If you have SSH access, you can also do this via SSH with the command I gave in my first post. (Just make sure the exact path is correct as I was trying to read really small letters and I did not have my glasses on.)

You need to give your uploads folder and all files under it read/write permissions. Something like "chmod -R 777 /kunden/home/forumdrone/public_html/uploads/". That should set permission on the uploads folder and recursively all files/folders under it. You might need 755 instead of 755 depending on your host setup. If you're having problems with the set_resources folder, you'll most likely also have problems with other folders under it as well when you upload attachments, or edit themes, etc.