Randy Calvert

Try not quoting all functions here. php_value disable_functions exec,passthru,shell_exec,system

Another thing to check would be the use of mod_security. It sometimes will choke things up.

It’s typically a WAF blocking this. Are you using Cloudflare or another WAF in front of your site? If so, try temporarily disabling.

If it says the table does not exist… either: - You are pointing to the wrong database. Did you edit you conf_global.php to specify your database details manually? - You did not restore the database correctly. Do you see the table in phoMyAdmin? - Your backup is corrupt.

The only way that htaccess code will work is if your hosting provider has mod_rewrite enabled. Have you verified that module is installed and working correctly?

That would be a good course of action if you don’t have a lot of legitimate traffic from that country. Over 95% of my legitimate traffic is from the US so it’s safe for me to do that. Only you would know what your traffic is like. 🙂

There was a bot out of Sweden that appeared to be attempting to Pentest my site a few weeks ago. My firewall blocked a TON of attempted SQL injections, cross site scripting, and other malicious requests. I would block the IP because whatever they’re doing they should NOT be triggering all of those errors. So it’s most likely not a “good” bot.

Awesome! Glad you were able to square it away.

A 404 means the requested resource was not found. So if the files are in your FTP account, they most likely have an error in the httpd.conf file pointing your document root to the correct location.

A 403 error means the request was blocked as forbidden. Do you have some sort of WAF in place that could be denying requests? Are you using mod_security? If so, I would start by disabling it to narrow your troubleshooting.

Personally instead of doing Nginx, I would use a cloud based WAF to filter a request before it ever gets to my server/datacenter. The further away you can fight an attacker the better.

Have you checked to make sure the port is open in your firewall? Some firewalls will still block access from localhost if the port is not expressly open.

The question is what benefit are you looking to gain from it. Adding that layer in front is going to make things more difficult for you going forward. For example, if Nginx has something cached, and you make a change in the ACP to a theme or a setting... but it does not bust the Nginx cache, you could be stuck troubleshooting other issues you did not anticipate or need to potentially address. You're going to have to weigh if the benefit that comes from adding it is outweighed by the potential problems and the extra maintenance involved.

The ask you might need to make to your hosting provider is "can you make the /public_html/uploads folder AND all items under it have 777 permissions?". That 777 might need to be 755 if they're running suExec as Marc noted. If you have SSH access, you can also do this via SSH with the command I gave in my first post. (Just make sure the exact path is correct as I was trying to read really small letters and I did not have my glasses on.)

You need to give your uploads folder and all files under it read/write permissions. Something like "chmod -R 777 /kunden/home/forumdrone/public_html/uploads/". That should set permission on the uploads folder and recursively all files/folders under it. You might need 755 instead of 755 depending on your host setup. If you're having problems with the set_resources folder, you'll most likely also have problems with other folders under it as well when you upload attachments, or edit themes, etc.

I saw something similar when experimenting with Auto Ads. I was able to work around this by placing a manual ad unit just below the header. Google won't place an auto ad in the spot it normally tries to at that point. However again, if Google cannot (or will not) serve an ad... it simply displays a blank spot. So think carefully about your ad placement and use manual ads to make sure auto ads don't ruin your page (or don't use it at all!)

How did you install Elasticsearch? Did you install it via RPM or via source code? Since I installed the RPM, I downloaded the latest version and stopped the Elasticsearch service. I then ran rpm --upgrade FILENAME.rpm.

I installed the latest RPM from the Elasticsearch website and did not have any problems. I did not have to rebuild my search index... it just worked.

Which is beyond the scope of support that IPS can provide. They don’t know what that user or group is or what settings are applied. If the user is truly worried about what others on the server might do, they should not be running in a shared environment and instead use a VPS or something else with an isolated container.

I can't speak to IPS' interest in supporting more automation integration platforms, but I would toss out a note of caution. Any organization that offers an "unlimited lifetime" option is most likely going to at some point change the model. ESPECIALLY in a situation where they have recurring costs related to continued use. At some point, they simply begin to lose money and cannot support it long term. I would be highly concerned about spending a great deal of time/effort building the integration and in a year or two have them come back and say they are moving to a new model because the old one no longer makes sense for them. At that point, you have to either pony up or make an even bigger effort to shift to something else. I don't say this to pick on any single company or service. Instead it's simply a word of caution to think about the sustainability of the technology you choose to deploy in your site. You would not want to wake up one day and find out you have XX days to either start paying a lot more or need to make a change to something else.

Take a look at https://engageinteractive.co.uk/blog/5-modern-snow-effects You can add the necessary code and CSS to your site’s theme.

The BEST way to do this would be with a Web Application Firewall that sits in front of your website such as Cloudflare. If you have root level access to your server, you could look at mod_evasive or mod_dosevasive which would give you controls that you could apply in https.conf or in .htaccess if enabled. You could also look at a software firewall for your server with CSF. (It makes it much easier to manage than using iptables manually.

I believe this would be in the theme's HTML settings: Forums > Front > Index > Index I believe you would want to remove: <div class='ipsPageHeader ipsClearfix ipsMargin_bottom cForumHeader ipsHeaderButtons ipsFlex ipsFlex-ai:center ipsFlex-jc:between'> <h1 class='ipsType_pageTitle ipsFlex-flex:11 ipsType_break'> {lang="forums"} </h1> {{if \IPS\forums\Forum::canOnAny( 'add' ) }} <ul class='ipsToolList ipsToolList_horizontal ipsClearfix sm:ipsPos_none sm:ipsMargin:none ipsFlex-flex:00'> <li class='ipsToolList_primaryAction ipsResponsive_hidePhone'> <a class="ipsButton ipsButton_medium ipsButton_important" href="{url="app=forums&module=forums&controller=forums&do=add" seoTemplate="topic_non_forum_add_button"}" data-ipsDialog data-ipsDialog-size='narrow' data-ipsDialog-title='{lang="select_forum"}'>{lang="start_new_topic"}</a> </li> {template="viewChange" group="global" app="forums" params=""} </ul> {{endif}} </div>

It technically takes a bit more resources to do as it’s a web call (meaning handled by Apache and any security tools you might use (WAF, mod_security, etc). It also means if the 3rd party has problems, your cron does not run while it’s down. At the end of the day… not a huge downside especially for smaller sites. If it’s working, roll with it! 🙂